我在裸机的 Linux 系统中运行 keycloak。当我在开发模式下运行它时,一切似乎都运行正常。我生成了证书并在生产模式下运行它,现在它卡在加载管理 UI 屏幕。
我使用以下命令生成了证书:
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
当我在生产模式下构建并运行 keycloak 时,我卡在加载屏幕上,日志中没有错误
这是我在日志中看到的内容:
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
2023-12-09 13:09:18,824 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: localhost, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: false
2023-12-09 13:09:19,608 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2023-12-09 13:09:19,955 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2023-12-09 13:09:19,990 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2023-12-09 13:09:20,051 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2023-12-09 13:09:20,100 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2023-12-09 13:09:20,101 INFO [org.jgroups.JChannel] (keycloak-cache-init) local_addr: 20ac39ac-8997-42ce-b9ee-1083a76238fc, name: kali-59571
2023-12-09 13:09:20,107 INFO [org.jgroups.protocols.FD_SOCK2] (keycloak-cache-init) server listening on *.40219
2023-12-09 13:09:22,139 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) kali-59571: no members discovered after 2002 ms: creating cluster as coordinator
2023-12-09 13:09:22,142 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [kali-59571|0] (1) [kali-59571]
2023-12-09 13:09:22,150 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `kali-59571`, physical addresses are `[192.168.0.111:55755]`
2023-12-09 13:09:22,154 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2023-12-09 13:09:22,327 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: kali-59571, Site name: null
2023-12-09 13:09:22,329 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2023-12-09 13:09:22,877 INFO [io.quarkus] (main) Keycloak 23.0.1 on JVM (powered by Quarkus 3.2.9.Final) started in 4.770s. Listening on: https://0.0.0.0:8443
2023-12-09 13:09:22,878 INFO [io.quarkus] (main) Profile prod activated.
2023-12-09 13:09:22,878 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, smallrye-health, vertx]
这是我的配置:
db=postgres
# The username of the database user.
db-username=admin
# The password of the database user.
db-password=password
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:postgresql://localhost:6432/keycloak
db-schema=keycloak
# Observability
# If the server should expose healthcheck endpoints.
health-enabled=true
# If the server should expose metrics endpoints.
metrics-enabled=true
# HTTP
# The file path to a server certificate or certificate chain in PEM format.
https-certificate-file=/home/mrrobot/Downloads/keycloak-23.0.1/conf/localhost.crt
# The file path to a private key in PEM format.
https-certificate-key-file=/home/mrrobot/Downloads/keycloak-23.0.1/conf/localhost.key
# The proxy address forwarding mode if the server is behind a reverse proxy.
# proxy=reencrypt
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false
# Hostname for the Keycloak server.
hostname=localhost
有人能告诉我我哪里错了吗?