我正在尝试通过 keycloak 保护 kibana,但登录后,keycloak-gatekeeper 抛出错误:
info issuing access token for user {"email": "[email protected]", "expires": "2019-03-23T00:18:30Z", "duration": "1m3.401805266s"}
error no session found in request, redirecting for authorization {"error": "authentication session not found"}
我的keycloak-gatekeeper配置文件是这样的:
skip-openid-provider-tls-verify: true
secure-cookie: false
discovery-url: https://keycloak.example.com/auth/realms/REALM
client-id: kibana
client-secret: xxx-xxx...
listen: 0.0.0.0:3000
enable-refresh-tokens: true
redirection-url: http://kibana.example.com/
encryption-key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
upstream-url: http://kibana:5601
我的 apache2 vhost 配置文件是这样的:
Define VHOST_KIBANA kibana.example.com
<VirtualHost ${VHOST_KIBANA}:80>
ServerName ${VHOST_KIBANA}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8180/
ProxyPassReverse / http://127.0.0.1:8180/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
什么原因导致该错误?谢谢
答案1
问题出在 apache 配置上,这样它就可以正常工作:
Define VHOST_KIBANA kibana.example.com
<VirtualHost ${VHOST_KIBANA}:80>
ServerName ${VHOST_KIBANA}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8180/
ProxyPassReverse / http://127.0.0.1:8180/
</VirtualHost>