следующая аутентификация ECONNREFUSED 127.0.0.1:80
Я использую Next-auth с keycloak и docker-compose и получаю эту ошибку:
[next-auth][error][GET_AUTHORIZATION_URL_ERROR]
arcade-iori | https://next-auth.js.org/errors#get_authorization_url_error connect ECONNREFUSED 127.0.0.1:80 {
arcade-iori | message: 'connect ECONNREFUSED 127.0.0.1:80',
arcade-iori | stack: 'Error: connect ECONNREFUSED 127.0.0.1:80\n' +
arcade-iori | ' at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)',
arcade-iori | name: 'Error'
arcade-iori | }
arcade-iori | [next-auth][error][SIGNIN_OAUTH_ERROR]
arcade-iori | https://next-auth.js.org/errors#signin_oauth_error connect ECONNREFUSED 127.0.0.1:80 {
arcade-iori | error: {
arcade-iori | message: 'connect ECONNREFUSED 127.0.0.1:80',
arcade-iori | stack: 'Error: connect ECONNREFUSED 127.0.0.1:80\n' +
arcade-iori | ' at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)',
arcade-iori | name: 'Error'
arcade-iori | },
arcade-iori | provider: {
arcade-iori | id: 'keycloak',
arcade-proxy | 172.30.0.1 - - [02/Feb/2022:04:52:58 +0000] "POST /api/auth/signin/keycloak HTTP/1.1" 302 5 "http://localhost/api/auth/signin?callbackUrl=http%3A%2F%2Flocalhost%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"
arcade-iori | name: 'Keycloak',
arcade-iori | wellKnown: 'http://localhost/auth/realms/myrealm/.well-known/openid-configuration',
arcade-iori | type: 'oauth',
arcade-iori | authorization: { params: [Object] },
arcade-iori | checks: [ 'pkce', 'state' ],
arcade-iori | idToken: true,
arcade-iori | profile: [Function: profile],
arcade-iori | clientId: 'myclientnext',
arcade-iori | clientSecret: 'a2D7ZgIFMeijlfbKOi6vZ30dhNUZhrT3',
arcade-iori | issuer: 'http://localhost/auth/realms/myrealm',
arcade-iori | signinUrl: 'http://localhost/api/auth/signin/keycloak',
arcade-iori | callbackUrl: 'http://localhost/api/auth/callback/keycloak'
arcade-iori | },
arcade-iori | message: 'connect ECONNREFUSED 127.0.0.1:80'
arcade-iori | }
Это конфигурация Next-auth:
импортировать NextAuth из «next-auth» импортировать KeycloakProvider из «next-auth/providers/keycloak»;
export default NextAuth({
secret: process.env.SECRET,
site: process.env.NEXTAUTH_URL,
providers: [
KeycloakProvider({
clientId: 'myclientnext',
clientSecret: 'a2D7ZgIFMeijlfbKOi6vZ30dhNUZhrT3',
issuer: 'http://localhost/auth/realms/myrealm',
})
],
})
Это мой docker-compose.yml:
version: '3.7'
volumes:
keycloak_db_data:
driver: local
networks:
arcadenet:
driver: bridge
services:
keycloak-db:
image: postgres:11.2
container_name: arcade-keycloak-db
volumes:
- keycloak_db_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: arcadecloack
POSTGRES_USER: arcade
POSTGRES_PASSWORD: arcade
networks:
- arcadenet
keycloak:
image: quay.io/keycloak/keycloak:16.1.0
container_name: arcade-keycloak
environment:
DB_VENDOR: POSTGRES
DB_ADDR: arcade-keycloak-db
DB_DATABASE: arcadecloack
DB_USER: arcade
DB_SCHEMA: public
DB_PASSWORD: arcade
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: true
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- keycloak-db
networks:
- arcadenet
iori:
stdin_open: true # docker run -i
tty: true # docker run -t
build:
context: ../iori/
dockerfile: Dockerfile
image: iori
container_name: arcade-iori
ports:
- 3000:3000
volumes:
- '../iori/:/app'
- '/app/node_modules'
networks:
- arcadenet
proxy:
image: nginx
container_name: arcade-proxy
restart: unless-stopped
ports:
- 80:80
volumes:
- ./default-proxy.conf:/etc/nginx/conf.d/default.conf:ro
networks:
- arcadenet
Это файл proxy.conf по умолчанию:
server {
listen 80;
listen [::]:80;
server_name localhost;
location /keycloak/ {
proxy_pass http://arcade-keycloak:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth/ {
proxy_pass http://arcade-keycloak:8080/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://arcade-iori:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}