本文介绍了来自Docker Letsencrypt证书和ERR_SSL_VERSION_OR_CIPHER_MISMATCH的密钥斗篷的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试从以下位置提供的Docker映像运行Keycloak:此处的Docker Hub .如果我使用以下命令运行容器:

I'm trying to run Keycloak from a Docker image available on: Docker Hub here. If I run my container using the command:

docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=test -v /opt/mountedcertificate:/etc/x509/https -p 8443:8443 jboss/keycloak

根据前面提到的网站上有关此图像的说明设置音量:

Setting the volume according to the instruction from previously mentioned website for this image:

tls.crt-证书

tls.crt - a certificate

tls.key-私钥

tls.key - a private key

这些文件需要 安装在/etc/x509/https目录中.图像将自动 将它们转换为Java密钥库,然后重新配置Wildfly以使用它.

Those files need to be mounted in /etc/x509/https directory. The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it.

在/opt/mountcertificate中,我具有根据本主题中给出的指示生成的.key和.crt文件:

in /opt/mountedcertificate I have .key and .crt file generated according to the instructions given in this topic:

使用docker镜像设置Keycloak SSL

证书是由certbot从letsencrypt颁发的,这些文件是我稍后提到的主题进行转换的起点.我知道这是同一个问题,但也许对于这个问题有任何解决方案.

The certificate has been issued by certbot from letsencrypt and those files were my starting point for later conversion as stated in the mentioned topic. I know it's the same issue but maybe there turned out to be any solution for this problem.

尝试了许多不同的方法并在网络上寻找可行的方法后,我真的很绝望.

I'm really desperate after trying a lot of different approaches and searching the Web looking for a working one.

推荐答案

您需要确保Docker内部的jboss用户可以读取密钥文件.这是我的解决方案中的一些关键步骤:

You will need to make sure the key file is readable by jboss user inside the docker. Here are some key steps in my solution:

1. get cert/key from let's encrypt.
2. change file mode to 655
3. mount them to keycloak:
      - /opt/www/sso/cert/fullchain.pem:/etc/x509/https/tls.crt
      - /opt/www/sso/cert/privkey.pem:/etc/x509/https/tls.key
4. launch docker image
5. change file mode back to 600 for the key file.

这篇关于来自Docker Letsencrypt证书和ERR_SSL_VERSION_OR_CIPHER_MISMATCH的密钥斗篷的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 22:06