一.搭建kyecloak
1.安装docker compose
curl -L "https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
2.使用docker-compose安装keycloak
创建 keycloak.yaml
version: '3.7'
services:
postgres:
image: postgres:12.2
container_name: postgres
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: bscy_postgres
ports:
- 5431:5432
networks:
apisix:
keycloak:
image: jboss/keycloak:12.0.4
container_name: keycloak
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: bscy_postgres
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: bscy_keycloak
PROXY_ADDRESS_FORWARDING: "true"
ports:
- 8080:8080
networks:
apisix:
depends_on:
- postgres
networks:
apisix:
driver: bridge
安装
docker-compose -f keycloak.yaml up -d
进行配置,参考:如何在 Apache APISIX 中集成 Keycloak 实现身份认证
3.安装APISIX
4.创建路由
选择身份验证,选openid-connect(之前选authz-keycloak,一直调不通,不清楚原因)
配置如下
"openid-connect": {
"bearer_only": true,
"client_id": "apisix",
"client_secret": "**********",
"discovery": "http://********:8080/auth/realms/apisix_test_realm/.well-known/openid-configuration",
"realm": "apisix_test_realm",
"scope": "openid profile"
}
5.测试
请求headers要添加Authorization,值为 Bearer access_token