準備工作:
1、申請域名,解析二級域名,開通443端口
2、安裝MySQL,創建docker網絡( docker network creat cloud)
開始:
1、keycloak 安裝
docker run --name keycloak \
--restart=always \
--network cloud \
-p 8443:8443 \
-e DB_VENDOR=mysql \
-e DB_ADDR=mysql \
-e DB_PORT=3306 \
-e DB_DATABASE=keycloak \
-e DB_USER=keycloak \
-e DB_PASSWORD=keycloak \
-e JDBC_PARAMS='connectTimeout=90&useSSL=false' \
-d jboss/keycloak:9.0.2
2、NGINX 安裝
mkdir -p /opt/docker-nginx/conf.d
mkdir -p /opt/docker-nginx/pki
cd /opt/docker-nginx/conf.d
==============================================
docker inspect keycloak|grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.20.0.5",
==============================================
touche keycloak.conf
vi keycloak.conf
==============================================
server {
listen 443;
server_name auth.example.com;
return 301 https://$server_name$request_uri;
}
server {
# 服務器端口使用443,開啓ssl, 這裏ssl就是上面安裝的ssl模塊
listen 443 ssl;
# 域名,多個以空格分開
server_name auth.example.com;
# ssl證書地址
ssl_certificate /etc/pki/nginx/***.crt; # pem文件的路徑
ssl_certificate_key /etc/pki/nginx/private/***.key; # key文件的路徑
# ssl驗證相關配置
ssl_session_timeout 5m; #緩存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全鏈接可選的加密協議
ssl_prefer_server_ciphers on; #使用服務器端的首選算法
location /auth {
proxy_pass https://172.20.0.5:8443;
index index.html;
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
proxy_redirect off;
}
}
==============================================
docker run --name nginx \
--restart=always \
--network cloud \
-p 80:80 \
-p 443:443 \
-v /opt/docker-nginx/conf.d:/etc/nginx/conf.d/ \
-v /opt/docker-nginx/pki:/etc/pki \
-d nginx:1.17.6
3、訪問