WHY42

Keycloak:修订间差异

可视化wikitext
Riguz留言 | 贡献
行政员、​界面管理员、​管理员
1,744次编辑
创建页面,内容为“ Create realm: my-org Create users: whatever Create client: my-app Client ID: my-app Valid redirect URIs: http://localhost:5173/auth/callback Valid post logout redirect URIs : http://localhost:5173 Web origins: http://localhost:5173 (No slash at end!!!) Client authentication: off (for public clients) Authentication flow: Standard flow, Direct access grants Category:OAuth
 
Riguz留言 | 贡献
行政员、​界面管理员、​管理员
1,744次编辑
无编辑摘要
 
(未显示同一用户的6个中间版本)
第1行: 第1行:
== Install ==
<syntaxhighlight lang="bash">
docker network create dev-zone
docker stop yai-postgres && docker rm yai-postgres
docker run \
    --name yai-postgres \
    -p 5432:5432 \
    -e POSTGRES_USER=${POSTGRES_USER} \
    -e POSTGRES_DB=development-db \
    -e POSTGRES_PASSWORD=${POSTGRES_PASSWORD} \
    -v ./postgres-data:/var/lib/postgresql/18/docker \
    --network dev-zone \
    -d postgres:18


# create the schema manually


Create realm: my-org
docker run --name yai-keycloak \
Create users: whatever
  -p 8081:8080 -d \
Create client: my-app
  -e KC_BOOTSTRAP_ADMIN_USERNAME=${KC_BOOTSTRAP_ADMIN_USERNAME} \
  -e KC_BOOTSTRAP_ADMIN_PASSWORD=${KC_BOOTSTRAP_ADMIN_PASSWORD} \
  -e KC_DB=postgres \
  -e KC_DB_URL=jdbc:postgresql://yai-postgres:5432/development-db \
  -e KC_DB_SCHEMA=keycloak \
  -e KC_DB_USERNAME=${POSTGRES_USER} \
  -e KC_DB_PASSWORD=${POSTGRES_PASSWORD} \
  --network yai-zone \
  quay.io/keycloak/keycloak:26.3.2 start-dev \
  --hostname=https://auth.example.com
</syntaxhighlight>


Client ID: my-app
Reversed proxy<ref>https://medium.com/@asynchronouscal/keycloak-production-mode-with-docker-step-by-step-guide-b284927e72c0</ref> <ref>https://www.keycloak.org/server/reverseproxy</ref>:
Valid redirect URIs: http://localhost:5173/auth/callback
 
Valid post logout redirect URIs : http://localhost:5173
<syntaxhighlight lang="config">
Web origins: http://localhost:5173 (No slash at end!!!)
server {
Client authentication: off (for public clients)
 
Authentication flow: Standard flow, Direct access grants
    server_name oauth.example.com;
 
    location / {
        root  html;
        index  index.html index.htm;
        proxy_pass  http://localhost:8081;
 
      proxy_redirect off;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Port 443;
    }
    ...
}
</syntaxhighlight>
 
== Configure ==
* Create realm: my-org
* Create users: whatever
* Create client: my-app
 
* Client ID: my-app
* Valid redirect URIs: http://localhost:5173/auth/callback
* Valid post logout redirect URIs : http://localhost:5173
* Web origins: http://localhost:5173 (No slash at end!!!)
* Client authentication: off (for public clients)
* Authentication flow: Standard flow, Direct access grants




[[Category:OAuth]]
[[Category:OAuth]]

2025年10月8日 (三) 09:54的最新版本

Install

docker network create dev-zone
docker stop yai-postgres && docker rm yai-postgres
docker run \
    --name yai-postgres \
    -p 5432:5432 \
    -e POSTGRES_USER=${POSTGRES_USER} \
    -e POSTGRES_DB=development-db \
    -e POSTGRES_PASSWORD=${POSTGRES_PASSWORD} \
    -v ./postgres-data:/var/lib/postgresql/18/docker \
    --network dev-zone \
    -d postgres:18

# create the schema manually

docker run --name yai-keycloak \
  -p 8081:8080 -d \
  -e KC_BOOTSTRAP_ADMIN_USERNAME=${KC_BOOTSTRAP_ADMIN_USERNAME} \
  -e KC_BOOTSTRAP_ADMIN_PASSWORD=${KC_BOOTSTRAP_ADMIN_PASSWORD} \
  -e KC_DB=postgres \
  -e KC_DB_URL=jdbc:postgresql://yai-postgres:5432/development-db \
  -e KC_DB_SCHEMA=keycloak \
  -e KC_DB_USERNAME=${POSTGRES_USER} \
  -e KC_DB_PASSWORD=${POSTGRES_PASSWORD} \
  --network yai-zone \
  quay.io/keycloak/keycloak:26.3.2 start-dev \
  --hostname=https://auth.example.com

Reversed proxy[1] [2]: 

server {

    server_name oauth.example.com;

    location / {
        root   html;
        index  index.html index.htm;
        proxy_pass  http://localhost:8081;

	       proxy_redirect off;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header X-Forwarded-Port 443;
    }
    ...
}

Configure

  • Create realm: my-org
  • Create users: whatever
  • Create client: my-app
  1. https://medium.com/@asynchronouscal/keycloak-production-mode-with-docker-step-by-step-guide-b284927e72c0
  2. https://www.keycloak.org/server/reverseproxy
检索自“https://wiki.riguz.com/index.php?title=Keycloak&oldid=5145