英文:
How to set tls certificates via environemnt variables to start edgedb using docker-compose?
问题
我需要帮忙启动一个使用 docker-compose.yml 的 edgedb 实例。
运行 docker-compose up 时,我总是收到一个错误,指出 CRITICAL 42 2023-03-31T10:21:13.528 edb.server: Cannot load TLS certificates - please double check if the specified certificate files are valid。
我使用以下命令生成证书和密钥:
openssl genrsa -out server.key 2048openssl req -new -key server.key -out server.csropenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
我是否漏掉了什么?我正在遵循 https://www.edgedb.com/docs/guides/deployment/docker 上的文档。如何使其工作?
英文:
I need help in starting an edgedb instance using docker-compose.yml
version: "3.3"
services:
edgedb:
image: edgedb/edgedb:2.9
environment:
- EDGEDB_SERVER_DATABASE=smartdb
- EDGEDB_SERVER_PASSWORD=smartPassword
- EDGEDB_SERVER_USER=smartadmin
- EDGEDB_SERVER_TLS_CERT_MODE=default
- EDGEDB_SERVER_TLS_KEY=-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEArBR+NNuuC1wl+zbyv1SMxio6dGWGkyfDgsx22EzSF3QWWHWlFd0kFQSNZolEV1OUAsZri4N9UMKyCuoRsjnfBZJvwvg/4ZEuIsy6Auhn6qT8SlGaUc0PUKfao7dlxC2MjSWE4X7L9faOiLRua/xye7LZLKlQLnAvpk/8YYsAl9uh8OP1kfR8mQg9vz+nQtv4aMBDIZQj6Jo10tJ8FJDsOYBkHyNE6OffvtMpJ4QS0XxQ7k0j0hBH7PEOt9Kq1ShwypF/yWAv6IuKBMic+zhHVCkPJR9tGW25Djz56QVlVqjOGOmNMgXkYY9xUqX77tj7mOlhyFGndLP6+yaQgzWNcQIDAQABAoIBAEYj4EF5XZrBx7V68z0roGnRopv5Gf53UcjJwJNv1J68sbMC2PRtfByZC23E+7dAmO78o69tPDIj+eBbAjWMQyyJQMbO23L88zo6CoPO6TSKZU+BrY40ME7m7EaZJYDuNAEATwZ+4XHzOqvcJ7oaXyuufbknlkgncDSxG6VCvE4pC67mJ7xOxLhyHMoKScwhDu4rdANyGpo1E0sV5zZluNAbZl+MiUQdvghjEVux0dLuh01dEpphS0GY8OvfSdoX5Yq7zZsTk0cYNVtrKG1PvdlfxF0oQme95cKSnvKrnXwtE6iX39TDn2jEbDbHyLqGlNvO3pcwihbgnPhhHSdvz/ECgYEA3D43bjROoQf2QQfWtMuTVHAW5oDTRi/0Y7GySnssiXMJ6uK/W8sdX0AdKjMzixZHwRNjo1Qm48hciaB6L6gL9FWVnSSXC8r/zwr422g/rvV/9+B9N3vwf2zky6uv4Wwv9FtfuoR4Y+oNdSHeMmnwQfRZIoI+QIPcvW8mLoY2P00CgYEAyASEbQul3fNs/3wMyR6P/2AIkhW3j2mqNIeZP2zSEyiOT/X96rNxzAoNRh9hZFUv692rJLUwflhFVlhslIBYVnGAei+0RlTFHuesx0WOH2XmTWBco3WjgXtQZ04+RjEJ2SPJn/Ts2EtjO3ofLrTwF1D65/Cq8OEn22TwX5s3/LUCgYBcFxvAVdjG1nhuSqPJJxIsjU3WBenRgD207dk58XT26AYuk68l57EZYcqQGaaksqVAIyZXZdl5Bw9CcLqGcMLG4H5VnbYWtUPvQ4w42cc/FeHzOIfDCmzOKy8jxl8dZ8pJZ2eIqtlYFcaYwpeRBuDyAwS+PC1hdoF3KCGT9IR8RQKBgQCG3rzoxqTmf4Ds2RnJ96jDW18MGka3Flnlp9WG9frFXmBvvICl5LAEFHcU5I4IWITCt6rySpbTavP+IAu/KrfmOgyW11no3ro4d6GCkP0fYNelLyfoNKe25I63ygOl0uVAHKiVClM2Gcdk0Jj8JpeKMVmuUhMB7+CvSGXpIcHjzQKBgQCsN/SGSxtRm93URmDC0Kd5N91ThDJjsLlq9xNUhIid8OabhU+SiBRj5ubLFQXWdglFnj+kzwZjjtwZHdCNdC+ItqRHwiGsQE01vwuhLAixQ5X0KnotWXh+1buIwLfzJKpkARdGpR9vmy2rhISb4+XCNP0Khjx+rey8ZrDJLs3ZAw==-----END RSA PRIVATE KEY-----
- EDGEDB_SERVER_TLS_CERT=-----BEGIN CERTIFICATE-----MIICyzCCAbMCFAC77Es2q/U3ad3LLTM9dFlV4UqPMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgkqhkiG9w0BCQEWEWFiYmFzQGNhZG9uaXguY29tMB4XDTIzMDMzMTEwMTAzNVoXDTI0MDMzMDEwMTAzNVowIjEgMB4GCSqGSIb3DQEJARYRYWJiYXNAY2Fkb25peC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsFH40264LXCX7NvK/VIzGKjp0ZYaTJ8OCzHbYTNIXdBZYdaUV3SQVBI1miURXU5QCxmuLg31QwrIK6hGyOd8Fkm/C+D/hkS4izLoC6GfqpPxKUZpRzQ9Qp9qjt2XELYyNJYThfsv19o6ItG5r/HJ7stksqVAucC+mT/xhiwCX26Hw4/WR9HyZCD2/P6dC2/howEMhlCPomjXS0nwUkOw5gGQfI0To59++0yknhBLRfFDuTSPSEEfs8Q630qrVKHDKkX/JYC/oi4oEyJz7OEdUKQ8lH20ZbbkOPPnpBWVWqM4Y6Y0yBeRhj3FSpfvu2PuY6WHIUad0s/r7JpCDNY1xAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFKZbgRjqNNFibF7Nq4vv4iU1M/xEw1E0klY/+A/ucjTkkKL0AYXr20Lte4VMfyOlNMcuJYSLsTbyTo54e3tFWd0V9F4G4mEUOstBeWzqqdNWIGwzaZkvnRY/hg98rMral4CDPw/QrtWA4+wiPHXX5k+EeDh5oiLCr5L/5LhGYLoWZn4jmtH8PfbQ6aOqkZorCnPKHoYqg8gY7Crf4OuN222M+IamIGBr+4SYJS3juc9YRWney4AJ6F5hnsB0y6EmMmyMR7a5j+N00hq/WKaw/9Vb2fILomxwdmb6tudSNfXaVY6sGFdmvk9UMDnpERh12gII2eXiqWZTLYJNbWGIeQ=-----END CERTIFICATE-----
- EDGEDB_SERVER_ADMIN_UI=enabled
ports:
- "5656:5656"
Running docker-compose up I always get an error stating CRITICAL 42 2023-03-31T10:21:13.528 edb.server: Cannot load TLS certificates - please double check if the specified certificate files are valid.
I generate the certificate and key using the following commands:
openssl genrsa -out server.key 2048openssl req -new -key server.key -out server.csropenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Is there anyting I'm missing? I'm following the documentation at https://www.edgedb.com/docs/guides/deployment/docker
How can I get it working?
答案1
得分: 1
文档描述了通过两个环境变量来定义系统上证书文件路径的方式,分别是 EDGEDB_SERVER_TLS_CERT_FILE 和 EDGEDB_SERVER_TLS_KEY_FILE。
你的 docker-compose.yml 文件会类似于:
version: "3.3"
services:
edgedb:
image: edgedb/edgedb:2.9
environment:
- EDGEDB_SERVER_DATABASE=smartdb
- EDGEDB_SERVER_PASSWORD=smartPassword
- EDGEDB_SERVER_USER=smartadmin
- EDGEDB_SERVER_TLS_CERT_MODE=default
- EDGEDB_SERVER_TLS_CERT_FILE=/path/to/cert/file
- EDGEDB_SERVER_TLS_KEY_FILE=/path/to/key/file
- EDGEDB_SERVER_ADMIN_UI=enabled
ports:
- "5656:5656"
也确保绑定包含证书文件的路径,以便它们可以在 Docker 容器内访问(假设你在主机上生成了这些文件):
edgedb:
...
volumes:
- /local/cert/path:/path/to/cert/file
- /local/key/path:/path/to/key/file
...
[1]: https://www.edgedb.com/docs/reference/environment#edgedb-server-tls-cert-file-edgedb-server-tls-key-file
英文:
The documentation describes two environment variables through which you are supposed to define the paths to the certificate files on the system, namely EDGEDB_SERVER_TLS_CERT_FILE and EDGEDB_SERVER_TLS_KEY_FILE.
Your docker-compose.yml file would look something like:
version: "3.3"
services:
edgedb:
image: edgedb/edgedb:2.9
environment:
- EDGEDB_SERVER_DATABASE=smartdb
- EDGEDB_SERVER_PASSWORD=smartPassword
- EDGEDB_SERVER_USER=smartadmin
- EDGEDB_SERVER_TLS_CERT_MODE=default
- EDGEDB_SERVER_TLS_CERT_FILE=/path/to/cert/file
- EDGEDB_SERVER_TLS_KEY_FILE=/path/to/key/file
- EDGEDB_SERVER_ADMIN_UI=enabled
ports:
- "5656:5656"
Also make sure that you bind the paths containing the certificate files so that they are accessible from within the docker container (assuming you generate them on the host):
edgedb:
...
volumes:
- /local/cert/path:/path/to/cert/file
- /local/key/path:/path/to/key/file
...
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论