Problem with package in a Docker Stack

Question

Problem with package in a Docker Stack

Closed this issue 3 years ago · 5 comments

Hey Guys,

i have an Problem with the Guard :(

I use a docker stack with keycloak and traefik. My Laravel App call's the getOpenIdConfiguration() and throws the error, that the Keycloak Server with the Connection is refused over Port 443 is. When i set the KEYCLOAK_BASE_URL to the Container Name with the Port 8443 then it works, but not for the redirect URL, beycause in the URL is the Port 8443 included.

This is my Docker Keycloak Part:

  keycloak:
    container_name: ${KEYCLOAK}
    depends_on:
      - ${DATABASE_SERVICES}
    environment:
      - DB_VENDOR=mysql
      - DB_ADDR=${DATABASE_SERVICES}
      - DB_DATABASE=${KEYCLOAK_DB}
      - DB_USER=${MYSQL_USER}
      - DB_PASSWORD=${MYSQL_PASSWORD}
      - PROXY_ADDRESS_FORWARDING=true
      - KEYCLOAK_USER=${KEYCLOAK_USER}
      - KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}
      - JDBC_PARAMS=connectTimeout=3000&useSSL=false&serverTimezone=Europe/Berlin
      - KEYCLOAK_HOSTNAME=${KEYCLOAK_URL}
      - HOSTNAME=${KEYCLOAK}
    image: jboss/keycloak:latest
    labels:
      - traefik.enable=true
      - traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_URL}`)
      - traefik.http.routers.keycloak.tls=true
      - traefik.http.routers.keycloak.tls.certresolver=${CERT_RESOLVER}
    networks:
      unitfactory:
        aliases:
          - ${KEYCLOAK_URL}
      internal:
        aliases:
          - ${KEYCLOAK_URL}    
    restart: always

What do i wrong?

Cheers
Ralf

Answer 1 · 2021-04-08T13:05:54.000Z

Hi!

Docker is very tricky (at least for me hahaha).
Here I have a working example with docker-compose and network to allow both communicate.

https://github.com/mariovalney/laravel-keycloak-web-guard-example

Answer 2 · 2021-04-08T13:07:52.000Z

Hm, as i see, your keycloak Part and mine are simular

Answer 3 · 2021-04-09T13:46:43.000Z

I refactor this for my case, that i use the "intern" host to get the OpenId Config, and parse it like this:

protected function parseOpenidConfiguration(array &$configuration): void
    {
        $blackList = ['token_endpoint', 'userinfo_endpoint'];

        foreach ($configuration as $key => $item) {
            if (filter_var($item, FILTER_VALIDATE_URL) && !in_array($key, $blackList)) {
                $parsedUrl = parse_url($item);
                $configuration[$key] = sprintf(
                    '%s://%s%s',
                    $parsedUrl['scheme'],
                    $parsedUrl['host'],
                    $parsedUrl['path']
                );
            }
        }
    }

This works, but in the getUserProfile() Method, the Token is not valid. I check this with an curl command and got the same error. Is there an different in the token because of the URL?

Answer 4 · 2021-05-31T14:08:19.000Z

In getUserProfile we request userdata to the Keycloak endpoint.
Maybe this request is failing?

Answer 5 · 2021-07-30T14:21:28.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.