I am trying to implement a simple microservice infrastructure Jhipster. When I create microservice and and gateway I selected Oauth2 as security. The projects are created. I started Keyclok using following keycloak.yml. It seems it is started successfully. Realms, clients and users are created
docker-compose -f src/main/docker/keycloak.yml up
This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
keycloak:
image: jboss/keycloak:16.1.0
command:
[
'-b',
'0.0.0.0',
'-Dkeycloak.migration.action=import',
'-Dkeycloak.migration.provider=dir',
'-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
'-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
'-Djboss.socket.binding.port-offset=1000',
'-Dkeycloak.profile.feature.upload_scripts=enabled',
]
volumes:
- ./realm-config:/opt/jboss/keycloak/realm-config
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- DB_VENDOR=h2
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
- 127.0.0.1:9080:9080
- 127.0.0.1:9443:9443
- 127.0.0.1:10990:10990
Then I tried to run jhipster registry with following command.
docker-compose -f src/main/docker/jhipster-registry.yml up
jhipster-registry.yml
# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
jhipster-registry:
image: jhipster/jhipster-registry:v7.3.0
volumes:
- ./central-server-config:/central-config
# When run with the "dev" Spring profile, the JHipster Registry will
# read the config from the local filesystem (central-server-config directory)
# When run with the "prod" Spring profile, it will read the configuration from a Git repository
# See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=dev,api-docs,oauth2
- SPRING_SECURITY_USER_PASSWORD=admin
- JHIPSTER_REGISTRY_PASSWORD=admin
- SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
- SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config
# For keycloak to work, you need to add '127.0.0.1 keycloak' to your hosts file
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://keycloak:9080/auth/realms/jhipster
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=jhipster-registry
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=jhipster-registry
# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
- 127.0.0.1:8761:8761
I added following lines to etc/hosts
127.0.0.1 keycloak
127.0.0.1 jhipster-registry
When I check jhipster registry log, there are some exceptions regarding to euroka.
INFO 1 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient : DiscoveryClient_JHIPSTER-REGISTRY/jhipsterReg
istry:8e0fa8188498e671983ba4002054c82d: registering service...
0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:06:33.350 INFO 1 --- [nfoReplicator-0] c.n.d.s.t.d.RedirectingEurekaHttpClient : Request execution error. endpoint=DefaultEndp
oint{ serviceUrl='http://admin:admin@localhost:8761/eureka/}, exception=java.net.ConnectException: Connection refused (Connection refused) stacktrace=com.sun.jersey.api.client.ClientHa
ndlerException: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.Client.handle(Client.java:652)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.register(AbstractJerseyEurekaHttpClient.java:57)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:121)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:80)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:120)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.DiscoveryClient.register(DiscoveryClient.java:876)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.InstanceInfoReplicator.run(InstanceInfoReplicator.java:121)
0416b4df1858_docker_jhipster-registry_1 | at com.netflix.discovery.InstanceInfoReplicator$1.run(InstanceInfoReplicator.java:101)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.lang.Thread.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | Caused by: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at java.base/java.net.Socket.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:118)
0416b4df1858_docker_jhipster-registry_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
0416b4df1858_docker_jhipster-registry_1 | at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:173)
0416b4df1858_docker_jhipster-registry_1 | ... 29 more
0416b4df1858_docker_jhipster-registry_1 |
If I try to access jhipster registry console with 127.0.0.1:8761 I get exception regarding to authorization
0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:10:08.796 WARN 1 --- [ XNIO-1 task-2] o.z.problem.spring.common.AdviceTraits : Unauthorized: Full authentication is required
to access this resource
Can you help to realize problem. I think there are 2 problems. One of them is related to connecting Euroka. But I did not get reason. Jhipster Registry already contains Euroka. Other problem is related to communication between keycloak and jhipster registry
CodePudding user response:
127.0.0.1
is localhost
, but each container is running in own network namespace, so each container has own 127.0.0.1/localhost
your OS has also own 127.0.0.1/localhost
.
Your setup will be "sharing" one OS's 127.0.0.1/localhost
with containers if you use host network for your container = set the network_mode
key to host
: https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode
CodePudding user response:
If you combine both docker compose files, JHipster will be able to communicate with Keycloak on host keyckoak. This has an additional benefit. You will only need to run a single command to start both services. You will also be able to stop them with a single command.
You will still need to keep your /etc/hosts entry for keycloak so that you can access keycloak login page in your browser.