如何通过环境变量设置 TLS 证书以通过 Docker Compose 启动 edgedb?

huangapple go评论101阅读模式
英文:

How to set tls certificates via environemnt variables to start edgedb using docker-compose?

问题

我需要帮忙启动一个使用 docker-compose.yml 的 edgedb 实例。

运行 docker-compose up 时,我总是收到一个错误,指出 CRITICAL 42 2023-03-31T10:21:13.528 edb.server: Cannot load TLS certificates - please double check if the specified certificate files are valid

我使用以下命令生成证书和密钥:

  1. openssl genrsa -out server.key 2048
  2. openssl req -new -key server.key -out server.csr
  3. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

我是否漏掉了什么?我正在遵循 https://www.edgedb.com/docs/guides/deployment/docker 上的文档。如何使其工作?

英文:

I need help in starting an edgedb instance using docker-compose.yml

version: "3.3"
services:
  edgedb:
    image: edgedb/edgedb:2.9
    environment:
      - EDGEDB_SERVER_DATABASE=smartdb
      - EDGEDB_SERVER_PASSWORD=smartPassword
      - EDGEDB_SERVER_USER=smartadmin
      - EDGEDB_SERVER_TLS_CERT_MODE=default
      - EDGEDB_SERVER_TLS_KEY=-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEArBR+NNuuC1wl+zbyv1SMxio6dGWGkyfDgsx22EzSF3QWWHWlFd0kFQSNZolEV1OUAsZri4N9UMKyCuoRsjnfBZJvwvg/4ZEuIsy6Auhn6qT8SlGaUc0PUKfao7dlxC2MjSWE4X7L9faOiLRua/xye7LZLKlQLnAvpk/8YYsAl9uh8OP1kfR8mQg9vz+nQtv4aMBDIZQj6Jo10tJ8FJDsOYBkHyNE6OffvtMpJ4QS0XxQ7k0j0hBH7PEOt9Kq1ShwypF/yWAv6IuKBMic+zhHVCkPJR9tGW25Djz56QVlVqjOGOmNMgXkYY9xUqX77tj7mOlhyFGndLP6+yaQgzWNcQIDAQABAoIBAEYj4EF5XZrBx7V68z0roGnRopv5Gf53UcjJwJNv1J68sbMC2PRtfByZC23E+7dAmO78o69tPDIj+eBbAjWMQyyJQMbO23L88zo6CoPO6TSKZU+BrY40ME7m7EaZJYDuNAEATwZ+4XHzOqvcJ7oaXyuufbknlkgncDSxG6VCvE4pC67mJ7xOxLhyHMoKScwhDu4rdANyGpo1E0sV5zZluNAbZl+MiUQdvghjEVux0dLuh01dEpphS0GY8OvfSdoX5Yq7zZsTk0cYNVtrKG1PvdlfxF0oQme95cKSnvKrnXwtE6iX39TDn2jEbDbHyLqGlNvO3pcwihbgnPhhHSdvz/ECgYEA3D43bjROoQf2QQfWtMuTVHAW5oDTRi/0Y7GySnssiXMJ6uK/W8sdX0AdKjMzixZHwRNjo1Qm48hciaB6L6gL9FWVnSSXC8r/zwr422g/rvV/9+B9N3vwf2zky6uv4Wwv9FtfuoR4Y+oNdSHeMmnwQfRZIoI+QIPcvW8mLoY2P00CgYEAyASEbQul3fNs/3wMyR6P/2AIkhW3j2mqNIeZP2zSEyiOT/X96rNxzAoNRh9hZFUv692rJLUwflhFVlhslIBYVnGAei+0RlTFHuesx0WOH2XmTWBco3WjgXtQZ04+RjEJ2SPJn/Ts2EtjO3ofLrTwF1D65/Cq8OEn22TwX5s3/LUCgYBcFxvAVdjG1nhuSqPJJxIsjU3WBenRgD207dk58XT26AYuk68l57EZYcqQGaaksqVAIyZXZdl5Bw9CcLqGcMLG4H5VnbYWtUPvQ4w42cc/FeHzOIfDCmzOKy8jxl8dZ8pJZ2eIqtlYFcaYwpeRBuDyAwS+PC1hdoF3KCGT9IR8RQKBgQCG3rzoxqTmf4Ds2RnJ96jDW18MGka3Flnlp9WG9frFXmBvvICl5LAEFHcU5I4IWITCt6rySpbTavP+IAu/KrfmOgyW11no3ro4d6GCkP0fYNelLyfoNKe25I63ygOl0uVAHKiVClM2Gcdk0Jj8JpeKMVmuUhMB7+CvSGXpIcHjzQKBgQCsN/SGSxtRm93URmDC0Kd5N91ThDJjsLlq9xNUhIid8OabhU+SiBRj5ubLFQXWdglFnj+kzwZjjtwZHdCNdC+ItqRHwiGsQE01vwuhLAixQ5X0KnotWXh+1buIwLfzJKpkARdGpR9vmy2rhISb4+XCNP0Khjx+rey8ZrDJLs3ZAw==-----END RSA PRIVATE KEY-----
      - EDGEDB_SERVER_TLS_CERT=-----BEGIN CERTIFICATE-----MIICyzCCAbMCFAC77Es2q/U3ad3LLTM9dFlV4UqPMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgkqhkiG9w0BCQEWEWFiYmFzQGNhZG9uaXguY29tMB4XDTIzMDMzMTEwMTAzNVoXDTI0MDMzMDEwMTAzNVowIjEgMB4GCSqGSIb3DQEJARYRYWJiYXNAY2Fkb25peC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsFH40264LXCX7NvK/VIzGKjp0ZYaTJ8OCzHbYTNIXdBZYdaUV3SQVBI1miURXU5QCxmuLg31QwrIK6hGyOd8Fkm/C+D/hkS4izLoC6GfqpPxKUZpRzQ9Qp9qjt2XELYyNJYThfsv19o6ItG5r/HJ7stksqVAucC+mT/xhiwCX26Hw4/WR9HyZCD2/P6dC2/howEMhlCPomjXS0nwUkOw5gGQfI0To59++0yknhBLRfFDuTSPSEEfs8Q630qrVKHDKkX/JYC/oi4oEyJz7OEdUKQ8lH20ZbbkOPPnpBWVWqM4Y6Y0yBeRhj3FSpfvu2PuY6WHIUad0s/r7JpCDNY1xAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFKZbgRjqNNFibF7Nq4vv4iU1M/xEw1E0klY/+A/ucjTkkKL0AYXr20Lte4VMfyOlNMcuJYSLsTbyTo54e3tFWd0V9F4G4mEUOstBeWzqqdNWIGwzaZkvnRY/hg98rMral4CDPw/QrtWA4+wiPHXX5k+EeDh5oiLCr5L/5LhGYLoWZn4jmtH8PfbQ6aOqkZorCnPKHoYqg8gY7Crf4OuN222M+IamIGBr+4SYJS3juc9YRWney4AJ6F5hnsB0y6EmMmyMR7a5j+N00hq/WKaw/9Vb2fILomxwdmb6tudSNfXaVY6sGFdmvk9UMDnpERh12gII2eXiqWZTLYJNbWGIeQ=-----END CERTIFICATE-----
      - EDGEDB_SERVER_ADMIN_UI=enabled
    ports:
      - "5656:5656"

Running docker-compose up I always get an error stating CRITICAL 42 2023-03-31T10:21:13.528 edb.server: Cannot load TLS certificates - please double check if the specified certificate files are valid.

I generate the certificate and key using the following commands:

  1. openssl genrsa -out server.key 2048
  2. openssl req -new -key server.key -out server.csr
  3. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Is there anyting I'm missing? I'm following the documentation at https://www.edgedb.com/docs/guides/deployment/docker

How can I get it working?

答案1

得分: 1

文档描述了通过两个环境变量来定义系统上证书文件路径的方式,分别是 EDGEDB_SERVER_TLS_CERT_FILEEDGEDB_SERVER_TLS_KEY_FILE

你的 docker-compose.yml 文件会类似于:

version: "3.3"
services:
  edgedb:
    image: edgedb/edgedb:2.9
    environment:
      - EDGEDB_SERVER_DATABASE=smartdb
      - EDGEDB_SERVER_PASSWORD=smartPassword
      - EDGEDB_SERVER_USER=smartadmin
      - EDGEDB_SERVER_TLS_CERT_MODE=default
      - EDGEDB_SERVER_TLS_CERT_FILE=/path/to/cert/file
      - EDGEDB_SERVER_TLS_KEY_FILE=/path/to/key/file
      - EDGEDB_SERVER_ADMIN_UI=enabled
    ports:
      - "5656:5656"

也确保绑定包含证书文件的路径,以便它们可以在 Docker 容器内访问(假设你在主机上生成了这些文件):

    edgedb:
      ...
      volumes:
        - /local/cert/path:/path/to/cert/file
        - /local/key/path:/path/to/key/file
      ...

[1]: https://www.edgedb.com/docs/reference/environment#edgedb-server-tls-cert-file-edgedb-server-tls-key-file
英文:

The documentation describes two environment variables through which you are supposed to define the paths to the certificate files on the system, namely EDGEDB_SERVER_TLS_CERT_FILE and EDGEDB_SERVER_TLS_KEY_FILE.

Your docker-compose.yml file would look something like:

version: "3.3"
services:
  edgedb:
    image: edgedb/edgedb:2.9
    environment:
      - EDGEDB_SERVER_DATABASE=smartdb
      - EDGEDB_SERVER_PASSWORD=smartPassword
      - EDGEDB_SERVER_USER=smartadmin
      - EDGEDB_SERVER_TLS_CERT_MODE=default
      - EDGEDB_SERVER_TLS_CERT_FILE=/path/to/cert/file
      - EDGEDB_SERVER_TLS_KEY_FILE=/path/to/key/file
      - EDGEDB_SERVER_ADMIN_UI=enabled
    ports:
      - "5656:5656"

Also make sure that you bind the paths containing the certificate files so that they are accessible from within the docker container (assuming you generate them on the host):

edgedb:
  ...
  volumes:
    - /local/cert/path:/path/to/cert/file
    - /local/key/path:/path/to/key/file
  ...

huangapple
  • 本文由 发表于 2023年3月31日 20:28:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/75898529.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定