来自Docker Letsencrypt证书和ERR_SSL_VERSION_OR_CIPHER_MISMATCH的密钥斗篷 [英] Keycloak from docker Letsencrypt cert and ERR_SSL_VERSION_OR_CIPHER_MISMATCH
问题描述
我正在尝试从以下位置提供的Docker映像运行Keycloak:此处的Docker Hub .如果我使用以下命令运行容器:
I'm trying to run Keycloak from a Docker image available on: Docker Hub here. If I run my container using the command:
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=test -v /opt/mountedcertificate:/etc/x509/https -p 8443:8443 jboss/keycloak
根据前面提到的网站上有关此图像的说明设置音量:
Setting the volume according to the instruction from previously mentioned website for this image:
设置TLS(SSL)Keycloak映像可让您同时指定 私钥和用于服务HTTPS的证书.在这种情况下,您需要 提供两个文件:
Setting up TLS(SSL) Keycloak image allows you to specify both a private key and a certificate for serving HTTPS. In that case you need to provide two files:
tls.crt-证书
tls.crt - a certificate
tls.key-私钥
tls.key - a private key
这些文件需要 安装在/etc/x509/https目录中.图像将自动 将它们转换为Java密钥库,然后重新配置Wildfly以使用它.
Those files need to be mounted in /etc/x509/https directory. The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it.
在/opt/mountcertificate中,我具有根据本主题中给出的指示生成的.key和.crt文件:
in /opt/mountedcertificate I have .key and .crt file generated according to the instructions given in this topic:
证书是由certbot从letsencrypt颁发的,这些文件是我稍后提到的主题进行转换的起点.我知道这是同一个问题,但也许对于这个问题有任何解决方案.
The certificate has been issued by certbot from letsencrypt and those files were my starting point for later conversion as stated in the mentioned topic. I know it's the same issue but maybe there turned out to be any solution for this problem.
尝试了许多不同的方法并在网络上寻找可行的方法后,我真的很绝望.
I'm really desperate after trying a lot of different approaches and searching the Web looking for a working one.
推荐答案
您需要确保Docker内部的jboss用户可以读取密钥文件.这是我的解决方案中的一些关键步骤:
You will need to make sure the key file is readable by jboss user inside the docker. Here are some key steps in my solution:
1. get cert/key from let's encrypt.
2. change file mode to 655
3. mount them to keycloak:
- /opt/www/sso/cert/fullchain.pem:/etc/x509/https/tls.crt
- /opt/www/sso/cert/privkey.pem:/etc/x509/https/tls.key
4. launch docker image
5. change file mode back to 600 for the key file.
这篇关于来自Docker Letsencrypt证书和ERR_SSL_VERSION_OR_CIPHER_MISMATCH的密钥斗篷的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
