准备工作:
1、申请域名,解析二级域名,开通443端口
2、安装MySQL,创建docker网络( docker network creat cloud)
开始:
1、keycloak 安装
docker run --name keycloak \
--restart=always \
--network cloud \
-p 8443:8443 \
-e DB_VENDOR=mysql \
-e DB_ADDR=mysql \
-e DB_PORT=3306 \
-e DB_DATABASE=keycloak \
-e DB_USER=keycloak \
-e DB_PASSWORD=keycloak \
-e JDBC_PARAMS='connectTimeout=90&useSSL=false' \
-d jboss/keycloak:9.0.2
2、NGINX 安装
mkdir -p /opt/docker-nginx/conf.d
mkdir -p /opt/docker-nginx/pki
cd /opt/docker-nginx/conf.d
==============================================
docker inspect keycloak|grep "IPAddress"
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.20.0.5",
==============================================
touche keycloak.conf
vi keycloak.conf
==============================================
server {
listen 443;
server_name auth.example.com;
return 301 https://$server_name$request_uri;
}
server {
# 服务器端口使用443,开启ssl, 这里ssl就是上面安装的ssl模块
listen 443 ssl;
# 域名,多个以空格分开
server_name auth.example.com;
# ssl证书地址
ssl_certificate /etc/pki/nginx/***.crt; # pem文件的路径
ssl_certificate_key /etc/pki/nginx/private/***.key; # key文件的路径
# ssl验证相关配置
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location /auth {
proxy_pass https://172.20.0.5:8443;
index index.html;
proxy_buffer_size 1024k;
proxy_buffers 16 1024k;
proxy_busy_buffers_size 2048k;
proxy_temp_file_write_size 2048k;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
proxy_redirect off;
}
}
==============================================
docker run --name nginx \
--restart=always \
--network cloud \
-p 80:80 \
-p 443:443 \
-v /opt/docker-nginx/conf.d:/etc/nginx/conf.d/ \
-v /opt/docker-nginx/pki:/etc/pki \
-d nginx:1.17.6
3、访问