带有Node.js API的Keycloak通过Docker失败 [英] Keycloak with Node.js API fails through Docker

问题描述

我有一个与Keycloak集成的Node.js Rest API。当我在没有docker的情况下在本地运行API时，一切正常。但是每当我通过docker映像运行API时，都会收到错误403（禁止）。我已经确保我的容器可以连接（ping / telnet）我的Keycloak服务器。任何想法可能导致问题的原因？

I've got a Node.js Rest API that's integrated with Keycloak. When I run the API locally with no docker everything works fine. But whenever I run the API through my docker image I get an error 403 (forbidden). I've already made sure that my container can connect (ping/telnet) my Keycloak server. Any ideas what might be causing the problem?

我正在使用以下lib与Keycloak集成： https://github.com/keycloak/keycloak-nodejs-connect

I'm using the following lib to integrate with Keycloak: https://github.com/keycloak/keycloak-nodejs-connect

Keycloak中间件：

Keycloak middleware:

const session = require("express-session");
const Keycloak = require("keycloak-connect");

function configureKeycloack(app) {
  // session
  const memoryStore = new session.MemoryStore();
  app.use(
    session({
      secret: "secret-here",
      resave: false,
      saveUninitialized: true,
      store: memoryStore
    })
  );
  const keycloak = new Keycloak({
    store: memoryStore
  });
  app.use(
    keycloak.middleware({
      logout: "/logout",
      admin: "/"
    })
  );
  // Middleware
  app.use("/api/**", keycloak.protect());
}

module.exports = configureKeycloack;

keycloak.json

keycloak.json

{
    "realm": "my-realm",
    "bearer-only": true,
    "auth-server-url": "http://172.18.0.3:8080/auth",
    "ssl-required": "external",
    "resource": "communication-plan",
    "verify-token-audience": true,
    "credentials": {
        "secret": "secret-goes-here...."
    },
    "confidential-port": 0,
    "policy-enforcer": {}
}

Dockerfile

Dockerfile

FROM node:10.16.3
WORKDIR /usr/src/app
COPY package*.json ./
COPY .npmrc ./
RUN npm install
COPY . .
EXPOSE 3001
CMD npx sequelize db:migrate && node src/index.js

推荐答案

我成功找到了一个解决方法，方法是使用容器中的主机联网功能。如此帖子所述，与类似问题有关使用POSTMAN，我将-网络主机传递给docker run命令，它可以正常工作

I succeeded to find a workaround by using the host networking functionality in the container. As described in this post related to a similar issue with POSTMAN, I pass --network host to the docker run command and it works

这篇关于带有Node.js API的Keycloak通过Docker失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！