Я сейчас строю микросервисный проект. Zuul в качестве API-шлюза, Keycloak в качестве Auth Server, Consul в качестве службы Discovery и некоторые службы в PHP. Я использую docker с docker-compose для разработки. Я хочу получить ресурсы сервиса через Zuul в качестве обратного прокси и авторизовать каждый запрос Keycloak.
Когда я выполняю процесс аутентификации через Zuul для Keycloak, чтобы получить авторизованный токен, у него не возникает проблем. Но когда я запрашиваю ресурсы, использующие токен через Zuul, происходит ошибка.
Вот некоторый график для большего понимания:
График (Извините зане вставлять изображение напрямую, мне не хватает репутации)
Ответ, который я получаю от почтальона:
{
"timestamp": "2019-10-01T06:55:07.426+0000",
"status": 500,
"error": "Internal Server Error",
"message": "No message available",
"path": "/inventory/saras-php-poc/inventory/api/1.0.0/category"
}
Ошибка отображается следующим образом:
Ошибка
Это журнал отладки для Apache Tomcat:
Log Debug Tomcat
Вот свойства моего приложения Zuul:
server:
port: 8080
logging:
level:
org:
apache: DEBUG
spring:
application:
name: saras-gateway
cloud:
consul:
discovery:
instance-id: ${spring.application.name}:${server.port}
serviceName: ${spring.application.name}
host: consul
port: 8500
hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds: 127000
ribbon:
eureka:
enabled: false
ConnectTimeout: 3000
SocketTimeout: 60000
ReadTimeout: 60000
zuul:
ignored-services: '*'
routes:
inventory:
path: /inventory/**
serviceId: inventory
user:
path: /user/**
serviceId: user
order:
path: /order/**
serviceId: order
api-service:
path: /api/**
serviceId: api-service
keycloak:
sensitiveHeaders:
path: /keycloak/**
serviceId: keycloak
ratelimit:
enabled: true
repository: JPA
policy-list:
rest:
- limit: 5
refresh-interval: 60
type:
- origin
keycloak:
auth-server-url: keycloak/auth
realm: develop
resource: gateway
bearer-only: true
securityConstraints:
- authRoles:
- admin
securityCollections:
- name: admin
patterns:
- /user/*
- authRoles:
- user
securityCollections:
- name: user
patterns:
- /inventory/*
- /order/*
public-client: true
Здесь мой docker-compose.yml :
version: "3.1"
services:
rabbitmq:
image: rabbitmq:management
container_name: rabbitmq
ports:
- "15672:15672"
- "5672:5672"
networks:
- default
www_inventory:
build: .
container_name: www_inventory
ports:
- "8081:80"
volumes:
- ./inventory:/var/www/html/saras-php-poc/inventory
links:
- db_inventory
networks:
- default
working_dir: /var/www/html/saras-php-poc/inventory
expose:
- 80
db_inventory:
image: mysql:8.0
container_name: db_inventory
ports:
- "3307:3306"
command: --default-authentication-plugin=mysql_native_password
environment:
MYSQL_USER: user
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
volumes:
- ./dump_inventory:/docker-entrypoint-initdb.d
- ./conf_inventory:/etc/mysql/conf.d
- mysql_inventory:/var/lib/mysql
networks:
- default
phpmyadmin_inventory:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin_inventory
links:
- db_inventory:db_inventory
ports:
- 8084:80
environment:
MYSQL_USER: user
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
PMA_HOST: db_inventory
PMA_PORT: 3306
www_order:
build: .
container_name: www_order
ports:
- "8082:80"
volumes:
- ./order:/var/www/html/saras-php-poc/order
links:
- db_order
networks:
- default
working_dir: /var/www/html/saras-php-poc/order
expose:
- 80
db_order:
image: mysql:8.0
container_name: db_order
ports:
- "3308:3306"
command: --default-authentication-plugin=mysql_native_password
environment:
MYSQL_USER: user
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
volumes:
- ./dump_order:/docker-entrypoint-initdb.d
- ./conf_order:/etc/mysql/conf.d
- mysql_order:/var/lib/mysql
networks:
- default
phpmyadmin_order:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin_order
links:
- db_order:db_order
ports:
- 8085:80
environment:
MYSQL_USER: user
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
PMA_HOST: db_order
PMA_PORT: 3306
www_user:
build: .
container_name: www_user
ports:
- "8083:80"
volumes:
- ./user:/var/www/html/saras-php-poc/user
links:
- db_user
networks:
- default
working_dir: /var/www/html/saras-php-poc/user
expose:
- 80
db_user:
image: mysql:5.7
container_name: db_user
ports:
- "3309:3306"
command:
- --default-authentication-plugin=mysql_native_password
- --disable-partition-engine-check
environment:
MYSQL_USER: user
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
volumes:
- ./dump_user:/docker-entrypoint-initdb.d
- ./conf_user:/etc/mysql/conf.d
- mysql_user:/var/lib/mysql
networks:
- default
phpmyadmin_user:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin_user
links:
- db_user:db_user
ports:
- 8086:80
environment:
MYSQL_USER: user
MYSQL_PASSWORD: test
MYSQL_ROOT_PASSWORD: test
PMA_HOST: db_user
PMA_PORT: 3306
consul:
image: bitnami/consul:latest
networks:
- default
ports:
- '8300:8300'
- '8301:8301'
- '8301:8301/udp'
- '8500:8500'
- '8600:8600'
- '8600:8600/udp'
gateway:
build:
context: gateway
container_name: api_gateway
ports:
- 8080:8080
networks:
- default
working_dir: /user/app
volumes:
mysql_inventory:
mysql_order:
mysql_user:
Вот мой Zuul (шлюз) Dockerfile
FROM maven:3.5-jdk-8 AS build
COPY src /user/app/src
COPY pom.xml /user/app
RUN mvn -f /user/app/pom.xml clean package -Dmaven.test.skip=true -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
FROM openjdk:8-jre-slim
COPY --from=build /user/app/target/gateway-0.0.1-SNAPSHOT.jar /user/app/gateway-0.0.1-SNAPSHOT.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","/user/app/gateway-0.0.1-SNAPSHOT.jar"]
Я создаю отдельный docker-compose для Keycloak, потому что он не запустится, если я соберу его вместе.
Keycloak docker-compose.yml :
version: '3'
services:
keycloak:
image: jboss/keycloak
container_name: keycloak
environment:
DB_VENDOR: MYSQL
DB_ADDR: db_user
DB_DATABASE: saras
DB_USER: root
DB_PASSWORD: test
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
# PROXY_ADDRESS_FORWARDING: 'true'
networks:
- default
ports:
- 8087:8080
expose:
- 8080
networks:
default:
external:
name: saras-php-poc_default
И это зарегистрированный сервис в консуле:
{
"api-service": {
"ID": "api-service",
"Service": "api-service",
"Tags": [],
"Meta": {},
"Port": 8181,
"Address": "127.0.0.1",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
},
"inventory": {
"ID": "inventory",
"Service": "inventory",
"Tags": [],
"Meta": {},
"Port": 80,
"Address": "www_inventory",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
},
"keycloak": {
"ID": "keycloak",
"Service": "keycloak",
"Tags": [],
"Meta": {},
"Port": 8080,
"Address": "keycloak",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
},
"order": {
"ID": "order",
"Service": "order",
"Tags": [],
"Meta": {},
"Port": 80,
"Address": "www_order",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
},
"saras-gateway-8080": {
"ID": "saras-gateway-8080",
"Service": "saras-gateway",
"Tags": [
"secure=false"
],
"Meta": {},
"Port": 8080,
"Address": "e2f5518828f7",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
},
"user": {
"ID": "user",
"Service": "user",
"Tags": [],
"Meta": {},
"Port": 80,
"Address": "www_user",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false
}
}
Я что-то пропустил? Пожалуйста, дайте мне знать.
Спасибо ?