方式一、源码包下载
wget https://github.com/dexidp/dex/archive/refs/tags/v2.42.1.tar.gz
方式二、git方式拉取源码编译:
$ git clone https://github.com/dexidp/dex.git
编译
$ cd dex/
$ make build
配置
放开https的注释;将合法的证书放置到对应的目录下,放置web访问时,由于证书不合法无法访问;
修改client id和跳转回调的URL地址;这个回调url可以用于web客户端访问,访问时,需要在客户端和服务器两端配置hosts的IP和域名的映射关系;
修改username和对应的hash值,hash使用注释中的命令生成:
启动
./bin/dex serve examples/config-dev.yaml
后端启动可以使用
nohup ./bin/dex serve examples/config-dev.yaml &
问题1:证书生成时域名鉴权失败失败
(base) root@server-4090-85:/tmp/dex# sudo certbot certonly --standalone -d daytona.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for daytona.com
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: daytona.com
Type: unauthorized
Detail: 2606:4700:3035::6815:7b8: Invalid response from http://daytona.com/.well-known/acme-challenge/S4W15MXGjvL2Uh4wxlvbDMFgtmLAgQoDH2FP7zaKHCE: 403
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
根因根系:这个错误表明 Let's Encrypt 无法验证你对域名 daytona.com 的所有权。
1、# 检查域名解析
(base) root@server-4090-85:/tmp/dex# dig daytona.com
; <<>> DiG 9.18.30-0ubuntu0.22.04.2-Ubuntu <<>> daytona.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3667
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;daytona.com. IN A
;; ANSWER SECTION:
daytona.com. 300 IN A 104.21.7.184
daytona.com. 300 IN A 172.67.137.42
;; Query time: 163 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 08 11:20:09 UTC 2025
;; MSG SIZE rcvd: 72
根因定位:域名 daytona.com 解析到了 Cloudflare 的 IP 地址(104.21.7.184 和 172.67.137.42)。这就是为什么 Let's Encrypt 无法验证域名所有权的原因,因为请求被 Cloudflare 代理了。
解决方法:
1、通过在服务器端的/etc/hosts中添加IP和域名的映射关系,设置2个局域网内的域名;
一个用于前端web访问,一个用于后端访问;
客户端如果需要访问,可以也在hosts中设置,并使用dev-开头的域名,该域名的访问由配置章节回调url指定;
可能还会出现的web访问错误:
1、添加访问控制允许策略:
2、可能还遇到token鉴权错误,可以通过屏蔽代码先绕过;
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
