问题
I'm trying to run Keycloak from a Docker image available on: Docker Hub here. If I run my container using the command:
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=test -v /opt/mountedcertificate:/etc/x509/https -p 8443:8443 jboss/keycloak
Setting the volume according to the instruction from previously mentioned website for this image:
Setting up TLS(SSL) Keycloak image allows you to specify both a private key and a certificate for serving HTTPS. In that case you need to provide two files:
tls.crt - a certificate
tls.key - a private key
Those files need to be mounted in /etc/x509/https directory. The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it.
in /opt/mountedcertificate I have .key and .crt file generated according to the instructions given in this topic:
Keycloak SSL setup using docker image
The certificate has been issued by certbot from letsencrypt and those files were my starting point for later conversion as stated in the mentioned topic. I know it's the same issue but maybe there turned out to be any solution for this problem.
I'm really desperate after trying a lot of different approaches and searching the Web looking for a working one.
回答1:
You will need to make sure the key file is readable by jboss user inside the docker. Here are some key steps in my solution:
1. get cert/key from let's encrypt.
2. change file mode to 655
3. mount them to keycloak:
- /opt/www/sso/cert/fullchain.pem:/etc/x509/https/tls.crt
- /opt/www/sso/cert/privkey.pem:/etc/x509/https/tls.key
4. launch docker image
5. change file mode back to 600 for the key file.
来源:https://stackoverflow.com/questions/58137934/keycloak-from-docker-letsencrypt-cert-and-err-ssl-version-or-cipher-mismatch