Skip to content

Instantly share code, notes, and snippets.

@rockxsj

rockxsj/keycloak认证的ELK搭建.md

Last active May 22, 2020 11:01
Show Gist options
  • Save rockxsj/0671124e6150a70fde3334b36c2574e3 to your computer and use it in GitHub Desktop.
Save rockxsj/0671124e6150a70fde3334b36c2574e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
keycloak认证的ELK搭建.md

搭建基于keycloak认证的ELK日志中心

所有服务使用docker搭建部署,其中keycloak服务已经有,所以在本文中就没有列出。

docker-compose.yml

version: '3'
services:
  elasticsearch:
    image: elasticsearch:7.6.2
    container_name: elasticsearch
    environment:
      - "cluster.name=elasticsearch"
      - "discovery.type=single-node"
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    volumes:
      - /data/www/elk/plugins:/usr/share/elasticsearch/plugins
      - /data/www/elk/data:/usr/share/elasticsearch/data

  kibana:
    image: kibana:7.6.2
    container_name: kibana
    links:
      - elasticsearch:es
    depends_on:
      - elasticsearch
    environment:
      - "elasticsearch.hosts=http://es:9200"

  logstash:
    image: logstash:7.6.2
    container_name: logstash
    volumes:
      - /data/www/elk/logstash-springboot.conf:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch
    links:
      - elasticsearch:es
    ports:
      - 4560:4560

  keycloak-gatekeeper:
    image: keycloak/keycloak-gatekeeper:7.0.0
    container_name: keycloak-gatekeeper
    command:
      - --config=/etc/proxy.yml
    volumes:
      - /data/www/elk/proxy.yml:/etc/proxy.yml
    ports:
      - 5602:5602

logstash-springboot.conf

input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4560
    codec => json_lines
    type => "logback"
  }
}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "springboot-logstash-%{[app]}-%{+YYYY.MM.dd}"
  }
}

proxy.yml

client-id: kibana
client-secret: xxxxxx-xxx-xxxxxx-xxx-xxxxx
discovery-url: https://${domain}/auth/realms/${realm}   # 把domain和realm替换为自己的
enable-default-deny: true
encryption-key: rewf7VYkQ2QkaSXVRJoxvX1mDTnLpk2X    # 随机生成一个字符串
secure-cookie: false
listen: :5602
redirection-url: http://${host}:5602    # 认证网关地址,这个地址反向代理到upstream-url
upstream-url: http://kibana:5601
enable-refresh-tokens: true
enable-logging: true
resources:
- uri: /*
  roles:
  - ${whatever} # 配置的允许访问指定uri的role

启动服务&安装logstash插件

docker-compose up -d
docker exec -it logstash /bin/bash
cd /bin/
logstash-plugin install logstash-codec-json_lines
exit
docker restart logstash

Q&A

如果遇到403了怎么办

如果要使用某个client中的role作为认证所需role,则该role在proxy.yml配置文件中的格式为:${client}:${role},如kibana:user;如果使用realm的role,则直接配置role的名字即可。

如果遇到了400怎么办

由于认证过程中会带着全部的roles生成的token去访问,在用户的roles过多的情况下,可能会出现http header过大,这时候就需要修改es和kibana的启动配置文件,调大允许的header size,修改方式为docker cp出以下文件,修改后再copy回去,然后重启(更好的方式是在Dockerfile中进行或者挂载本地配置文件)。

/usr/share/elasticsearch/config/elasticsearch.yml,增加如下行

http.max_header_size: 1024kb

/usr/share/kibana/bin/kibana,修改该项启动值

--max-http-header-size=10240000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment