Help! Next.js + next-auth + keycloak + docker-compose
source link: https://dev.to/crisgarlez/help-nextjs-next-auth-keycloak-docker-compose-220b
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Help! Next.js + next-auth + keycloak + docker-compose
I am using Next.js + next-auth + keycloak with docker-compose.
Everything works fine when I run the Next.js project on my local computer (http://localhost:3000/), but when I use docker-compose to run the project in a container I get this error:
arcade-iori | [next-auth][error][GET_AUTHORIZATION_URL_ERROR]
arcade-iori | https://next-auth.js.org/errors#get_authorization_url_error connect ECONNREFUSED 127.0.0.1:80 {
arcade-iori | message: 'connect ECONNREFUSED 127.0.0.1:80',
arcade-iori | stack: 'Error: connect ECONNREFUSED 127.0.0.1:80\n' +
arcade-iori | ' at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1157:16)',
arcade-iori | name: 'Error'
arcade-iori | }
arcade-proxy | 172.23.0.1 - - [17/Feb/2022:03:51:02 +0000] "POST /api/auth/signin/keycloak HTTP/1.1" 302 5 "http://project.test/api/auth/signin?callbackUrl=http%3A%2F%2Fproject.test%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36" "-"
arcade-iori | [next-auth][error][SIGNIN_OAUTH_ERROR]
arcade-iori | https://next-auth.js.org/errors#signin_oauth_error connect ECONNREFUSED 127.0.0.1:80 {
arcade-iori | error: {
arcade-iori | message: 'connect ECONNREFUSED 127.0.0.1:80',
arcade-iori | stack: 'Error: connect ECONNREFUSED 127.0.0.1:80\n' +
arcade-iori | ' at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1157:16)',
arcade-iori | name: 'Error'
arcade-iori | },
arcade-iori | provider: {
arcade-iori | id: 'keycloak',
arcade-iori | name: 'Keycloak',
arcade-iori | wellKnown: 'http://project.test/auth/realms/myrealm/.well-known/openid-configuration',
arcade-iori | type: 'oauth',
arcade-iori | authorization: { params: [Object] },
arcade-iori | checks: [ 'pkce', 'state' ],
arcade-iori | idToken: true,
arcade-iori | profile: [Function: profile],
arcade-iori | clientId: 'myclientnext',
arcade-iori | clientSecret: 'Pw6ffETQgR5VLeXKL3v5jIsTjkNyvvCA',
arcade-iori | issuer: 'http://project.test/auth/realms/myrealm',
arcade-iori | authorizationUrl: 'http://project.test/auth/realms/myrealm/protocol/openid-connect/auth',
arcade-iori | accessTokenUrl: 'http://project.test/auth/realms/myrealm/protocol/openid-connect/token',
arcade-iori | profileUrl: 'http://project.test/auth/realms/myrealm/protocol/openid-connect/userinfo',
arcade-iori | signinUrl: 'http://project.test/api/auth/signin/keycloak',
arcade-iori | callbackUrl: 'http://project.test/api/auth/callback/keycloak'
arcade-iori | },
arcade-iori | message: 'connect ECONNREFUSED 127.0.0.1:80'
arcade-iori | }
arcade-proxy | 172.23.0.1 - - [17/Feb/2022:03:51:02 +0000] "GET /api/auth/error?error=OAuthSignin HTTP/1.1" 302 5 "http://project.test/api/auth/signin?callbackUrl=http%3A%2F%2Fproject.test%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36" "-"
Enter fullscreen mode
Exit fullscreen mode
This is the Next-auth config:
import NextAuth from "next-auth"
import KeycloakProvider from "next-auth/providers/keycloak";
export default NextAuth({
debug: true,
secret: process.env.SECRET,
site: process.env.NEXTAUTH_URL,
providers: [
KeycloakProvider({
clientId: 'myclientnext',
clientSecret: 'Pw6ffETQgR5VLeXKL3v5jIsTjkNyvvCA...',
issuer: 'http://project.test/auth/realms/myrealm',
authorizationUrl: "http://project.test/auth/realms/myrealm/protocol/openid-connect/auth",
accessTokenUrl: "http://project.test/auth/realms/myrealm/protocol/openid-connect/token",
profileUrl: "http://project.test/auth/realms/myrealm/protocol/openid-connect/userinfo",
})
],
})
Enter fullscreen mode
Exit fullscreen mode
This is my docker-compose.yml:
version: '3.7'
volumes:
keycloak_db_data:
driver: local
networks:
arcadenet:
driver: bridge
services:
keycloak-db:
image: postgres:11.2
container_name: arcade-keycloak-db
volumes:
- keycloak_db_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: arcadecloack
POSTGRES_USER: arcade
POSTGRES_PASSWORD: arcade
networks:
- arcadenet
keycloak:
image: quay.io/keycloak/keycloak:16.1.0
container_name: arcade-keycloak
environment:
DB_VENDOR: POSTGRES
DB_ADDR: arcade-keycloak-db
DB_DATABASE: arcadecloack
DB_USER: arcade
DB_SCHEMA: public
DB_PASSWORD: arcade
KEYCLOAK_USER: admin4
KEYCLOAK_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: true
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- keycloak-db
networks:
- arcadenet
iori:
stdin_open: true # docker run -i
tty: true # docker run -t
build:
context: ../iori/
dockerfile: Dockerfile
image: iori
container_name: arcade-iori
restart: always
ports:
- 3000:3000
volumes:
- '../iori/:/app'
- '/app/node_modules'
- '/app/.next'
environment:
- CHOKIDAR_USEPOLLING=true
networks:
- arcadenet
proxy:
image: nginx
container_name: arcade-proxy
restart: unless-stopped
ports:
- 80:80
volumes:
- ./default-proxy.conf:/etc/nginx/conf.d/default.conf:ro
networks:
- arcadenet
depends_on:
- keycloak
- iori
Enter fullscreen mode
Exit fullscreen mode
This is the default-proxy.conf:
server {
listen 80;
listen [::]:80;
server_name project.test;
location /keycloak/ {
proxy_pass http://arcade-keycloak:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth/ {
proxy_pass http://arcade-keycloak:8080/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://arcade-iori:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# requests without trailing slash will be forwarded to include slash
location = /backend {
return 301 $scheme://$http_host$uri/$is_args$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Enter fullscreen mode
Exit fullscreen mode
host file:
127.0.0.1 project.test
I think the problem is that if it's running in a Docker container then http://127.0.0.1:80 from the perspective of the Docker container is diferebt on each container, but I don't have "localhost/127.0.0.1" configured anywhere.
Recommend
-
28
-
65
No Comments Kubernetes does not have its own user management and relies on external providers like Key...
-
56
README.md Keycloak Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. This repository cont...
-
30
README.md Keycloak Documentation Open Source Identity and Access Management for modern Applications and Services. For more information...
-
10
NextAuth.js Authentication for Next.js Open Source. Full Stack. Own Your Data. Overview NextAuth.js is a complete open source authentication solution for Next.js
-
4
Knoldus Blog Audio Reading Time: 6 minutes Hey folks ! In last blog we discussed about keycloak service and its features...
-
5
使用自定义证书 需要先生成一对证书,其中.crt文件是公钥,也叫证书,在浏览器上可以看到;.key文件是私钥,由网站服务器自己保留。 keycloak ssl keycloak的ssl默认有自己的自签名证书,这个如果涉及到你的程序调用kc的接口,kc...
-
4
In user’s based application, there is a need for user authentication and management to be able to provide services to different users. Rather than setting up complex login systems, NextJs provides us with the option to setup different modes...
-
31
Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. Docker Images for Keycloak are available on the quay.io Docker repository. In this tut...
-
3
Multiplatform Help Us Improve the Performance of Your Compose Multiplatform Apps ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK