Keycloak from docker Letsencrypt cert and ERR_SSL_VERSION_OR_CIPHER_MISMATCH

可紊 提交于 2021-02-08 03:26:19

问题


I'm trying to run Keycloak from a Docker image available on: Docker Hub here. If I run my container using the command:

docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=test -v /opt/mountedcertificate:/etc/x509/https -p 8443:8443 jboss/keycloak

Setting the volume according to the instruction from previously mentioned website for this image:

Setting up TLS(SSL) Keycloak image allows you to specify both a private key and a certificate for serving HTTPS. In that case you need to provide two files:

tls.crt - a certificate

tls.key - a private key

Those files need to be mounted in /etc/x509/https directory. The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it.

in /opt/mountedcertificate I have .key and .crt file generated according to the instructions given in this topic:

Keycloak SSL setup using docker image

The certificate has been issued by certbot from letsencrypt and those files were my starting point for later conversion as stated in the mentioned topic. I know it's the same issue but maybe there turned out to be any solution for this problem.

I'm really desperate after trying a lot of different approaches and searching the Web looking for a working one.


回答1:


You will need to make sure the key file is readable by jboss user inside the docker. Here are some key steps in my solution:

1. get cert/key from let's encrypt.
2. change file mode to 655
3. mount them to keycloak:
      - /opt/www/sso/cert/fullchain.pem:/etc/x509/https/tls.crt
      - /opt/www/sso/cert/privkey.pem:/etc/x509/https/tls.key
4. launch docker image
5. change file mode back to 600 for the key file.


来源:https://stackoverflow.com/questions/58137934/keycloak-from-docker-letsencrypt-cert-and-err-ssl-version-or-cipher-mismatch

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!