“After moving docker-compose.yml file, I get ‘The server does not support SSL connections.'”

huangapple go评论89阅读模式
英文:

After moving docker-compose.yml file, I get "The server does not support SSL connections"

问题

这很可能是因为我对Docker的知识不足,所以我可能只需要一个理论性的答案,但如果需要,我可以发布一些代码。

因此,我有一个容器化项目,通过公共网络连接连接到Digital Ocean上的托管数据库,需要SSL,所以我已经配置好了。当我在本地运行它时:

docker compose build
docker compose up

一切看起来都很正常,我可以看到它连接到了数据库。然后我使用以下命令将新的镜像推送到Docker Hub:

docker compose push

并在我的docker-compose.yml文件中引用这些镜像:

image: <myDockerID>/<imagename>

我已经检查了Docker Hub,确认在推送时镜像已更新,并删除它们以确保上传的是正确的镜像。

在我的根目录下,我有以下关键文件:

  • docker-compose.yml
  • Dockerfile
  • ca-certificate.crt
  • .env
  • ..

从我所了解的情况来看,一切看起来都很好。
根据我的理解,现在我应该能够将docker-compose文件复制/粘贴到任何机器上的任何目录中,并运行 docker compose up(这可能是我误解的地方)。但是,当我尝试这样做时,我收到了SSL错误。
例如,在一个只包含docker-compose.yml的新目录中,我会清除旧内容然后运行:

docker compose down -v --rmi all --remove-orphans
docker compose up

它会获取新的镜像,一切看起来都很好,除了现在我得到了以下错误:

[TypeOrmModule] 无法连接到数据库。重试(2)...
worker | 错误:服务器不支持SSL连接
worker |     at Socket.<anonymous> (/usr/src/app/node_modules/pg/lib/connection.js:77:37)
worker |     at Object.onceWrapper (node:events:628:26)
worker |     at Socket.emit (node:events:513:28)
worker |     at addChunk (node:internal/streams/readable:324:12)
worker |     at readableAddChunk (node:internal/streams/readable:297:9)
worker |     at Readable.push (node:internal/streams/readable:234:10)
worker |     at TCP.onStreamRead (node:internal/stream_base_commons:190:23)

因此,我的问题是为什么这个错误不会在项目目录中出现?这个错误是指数据库不支持SSL连接吗(它支持)?Docker需要除了docker-compose.yml文件之外的其他内容才能正确运行吗?

以下是我的Dockerfile:

FROM node:18.16.0-alpine

WORKDIR /usr/src/app

COPY package.json ./
COPY yarn.lock ./
RUN yarn --production
COPY . .
RUN yarn build

以下是我的docker-compose.yml文件:

version: "3.8"

networks:
  app-net:
    driver: bridge

volumes:
  server_data: {}
  worker_data: {}
  postgres_data: {}

services:
  ######################################################################################
  server:
    container_name: server
    build:
      context: .
      dockerfile: Dockerfile
    image: <dockhubID>/backend2-server
    ports:
      - 3001:3001
    command: ["yarn", "start:server"]
    volumes:
      - server_data:/usr/src/app
    networks:
      - app-net
    environment:
      DB_HOST: ${DB_HOST}
      DB_PORT: ${DB_PORT}
      DB_NAME: ${DB_NAME}
      DB_USERNAME: ${DB_USERNAME}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_CA_CERT_PATH: ${DB_CA_CERT_PATH}
  worker:
    container_name: worker
    build:
      context: .
      dockerfile: Dockerfile
    image: <dockerhubID>/backend2-worker
    command: ["yarn", "start:worker"]
    volumes:
      - worker_data:/usr/src/app
    expose:
      - 4000
    networks:
      - app-net
    environment:
      DB_HOST: ${DB_HOST}
      DB_PORT: ${DB_PORT}
      DB_NAME: ${DB_NAME}
      DB_USERNAME: ${DB_USERNAME}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_CA_CERT_PATH: ${DB_CA_CERT_PATH}

非常感谢您的帮助!

我已经看到了以下问题,但无法回答与我的情况有关的问题:

更新:在docker-compose.yml文件中添加了缺少的环境变量后,我看到一个错误,让我觉得我没有正确设置变量:

node:internal/fs/utils:347
worker | throw err;
worker | ^
worker |
worker | Error: ENOENT: no such file or directory, open
worker | at Object.openSync (node:fs:601:3)
worker | at Object.readFileSync (node:fs:469:35)
worker | at Object.<anonymous> (/usr/src/app/dist/vendure-config.js:62:30)
worker | at Module._compile (node:internal/modules/cjs/loader:1254:14)
worker | at Module._extensions..js (node:internal/modules/cjs/loader:1308:10)
worker | at Module.load (node:internal/modules/cjs/loader:1117:32)
worker | at Module._load (node:internal/modules/cjs/loader:958:12)
worker | at Module.require (node:internal/modules/cjs/loader:1141:19)
worker | at require (node:internal/modules/cjs/helpers:110:18)
worker | at Object.<anonymous> (/usr/src/app/dist/index-worker.js:4:26) {
worker | errno: -2,
worker | syscall: 'open',
worker | code: 'ENOENT'
worker | }

我现在也看到了这个警告:

WARN[0000] The "DB_CA_CERT_PATH" variable is not set. Defaulting to a blank string.

这个变量在.env文件中设置为:

DB_CA_CERT_PATH=/usr/src/app/ca-certificate.crt

由于Dockerfile的工作目录设置为/usr/src/app,我

英文:

This is most likely due to my lack of knowledge around Docker, so I probably just need a theoretical answer but I can post some code if needed.

So, I have a containerized project that connects to a managed database on Digital Ocean through a public network connection and SSL is required so I have that configured. When I run it locally with:

docker compose build
docker compose up

everything looks fine and I can see that it connects to the DB. Then I push the new images to docker hub with:

docker compose push

and reference those images in my docker-compose.yml:

image: &lt;myDockerID&gt;/&lt;imagename&gt;

I've checked Docker hub to confirm that the images are being updated when pushing and also deleted them to make sure they were the right images being uploaded.

In my root directory I have the key files:

  • docker-compose.yml
  • Dockerfile
  • ca-certificate.crt
  • .env
  • ..

From what I've read, everything looks good.
From my understanding, I should now be able to copy/paste the docker-compose file in any directory on any machine and run docker compose up (this might be where I misunderstand). However, when I try this, I get an SSL error.
For example, in a new directory containing only the docker-compose.yml, I would clear out old stuff then run fresh:

docker compose down -v --rmi all --remove-orphans
docker compose up

and it fetches new images and everything looks pretty good except that now I get:

[TypeOrmModule] Unable to connect to the database. Retrying (2)...
worker    | Error: The server does not support SSL connections
worker    |     at Socket.&lt;anonymous&gt; (/usr/src/app/node_modules/pg/lib/connection.js:77:37)
worker    |     at Object.onceWrapper (node:events:628:26)
worker    |     at Socket.emit (node:events:513:28)
worker    |     at addChunk (node:internal/streams/readable:324:12)
worker    |     at readableAddChunk (node:internal/streams/readable:297:9)
worker    |     at Readable.push (node:internal/streams/readable:234:10)
worker    |     at TCP.onStreamRead (node:internal/stream_base_commons:190:23)

So, my question is why doesn't this error present itself in the project directory? Is this error referring to the DB not supporting SSL connection (it does)? Does docker require more than just the docker-compose.yml file to run correctly?

Here is my Dockerfile:

FROM node:18.16.0-alpine

WORKDIR /usr/src/app

COPY package.json ./
COPY yarn.lock ./
RUN yarn --production
COPY . .
RUN yarn build

Here is my docker-compose.yml:

version: &quot;3.8&quot;

networks:
  app-net:
    driver: bridge

volumes:
  server_data: {}
  worker_data: {}
  postgres_data: {}

services:
  ######################################################################################
  server:
    container_name: server
    build:
      context: .
      dockerfile: Dockerfile
    image: &lt;dockhubID&gt;/backend2-server
    ports:
      - 3001:3001
    command: [&quot;yarn&quot;, &quot;start:server&quot;]
    volumes:
      - server_data:/usr/src/app
    networks:
      - app-net
    environment:
      DB_HOST: ${DB_HOST}
      DB_PORT: ${DB_PORT}
      DB_NAME: ${DB_NAME}
      DB_USERNAME: ${DB_USERNAME}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_CA_CERT_PATH: ${DB_CA_CERT_PATH}
  worker:
    container_name: worker
    build:
      context: .
      dockerfile: Dockerfile
    image: &lt;dockerhubID&gt;/backend2-worker
    command: [&quot;yarn&quot;, &quot;start:worker&quot;]
    volumes:
      - worker_data:/usr/src/app
    expose:
      - 4000
    networks:
      - app-net
    environment:
      DB_HOST: ${DB_HOST}
      DB_PORT: ${DB_PORT}
      DB_NAME: ${DB_NAME}
      DB_USERNAME: ${DB_USERNAME}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_CA_CERT_PATH: ${DB_CA_CERT_PATH}

Any help is greatly appreciated!

I've seen the following questions but wasn't able to answer the questions that pertain to my situation:

UPDATE: After adding the missing environment variable to the docker-compose.yml file, I'm seeing an error that makes me think I didn't set the variable correctly:

node:internal/fs/utils:347
worker  |     throw err;
worker  |     ^
worker  | 
worker  | Error: ENOENT: no such file or directory, open
worker  |     at Object.openSync (node:fs:601:3)
worker  |     at Object.readFileSync (node:fs:469:35)
worker  |     at Object.&lt;anonymous&gt; (/usr/src/app/dist/vendure-config.js:62:30)
worker  |     at Module._compile (node:internal/modules/cjs/loader:1254:14)
worker  |     at Module._extensions..js (node:internal/modules/cjs/loader:1308:10)
worker  |     at Module.load (node:internal/modules/cjs/loader:1117:32)
worker  |     at Module._load (node:internal/modules/cjs/loader:958:12)
worker  |     at Module.require (node:internal/modules/cjs/loader:1141:19)
worker  |     at require (node:internal/modules/cjs/helpers:110:18)
worker  |     at Object.&lt;anonymous&gt; (/usr/src/app/dist/index-worker.js:4:26) {
worker  |   errno: -2,
worker  |   syscall: &#39;open&#39;,
worker  |   code: &#39;ENOENT&#39;
worker  | }

I also see this warning now:

WARN[0000] The &quot;DB_CA_CERT_PATH&quot; variable is not set. Defaulting to a blank string.

The variable is set in .env as:
DB_CA_CERT_PATH=/usr/src/app/ca-certificate.crt

Since the Dockerfile's workspace is set to /usr/src/app, I assume the path should be correct. I also assume that .env is copied over when COPY . . is ran, but I could be mistaken. Just to reiterate, I'm focusing on the case where I copy the docker-compose.yml file into an empty directory. Running the container in the original directory still works fine.
Thanks again for the help!

答案1

得分: 2

  • 假设是ca-certificate.crt用于SSL连接,并且您的docker-compose.yml文件是您引用此证书的地方,该文件中的路径可能已损坏。
  • 您提到您通过process.env.DB_CA_CERT_PATH引用证书文件。然而,不清楚您如何在容器中设置此变量,因为它在docker-compose.ymlDockerfile中不存在。
  • 结果发现环境变量根本没有配置。然后,您在docker-compose.yml文件中添加了对此变量的引用,该文件又引用了一个在docker-compose.yml旁边必须存在的.env文件中定义的“本地”环境变量。

正如您所指出的,您目前在docker-compose.yml中定义环境变量的方式(例如DB_CA_CERT_PATH: ${DB_CA_CERT_PATH}),实际上只传递主机上的“本地”环境变量到该文件,然后将其传递给Docker容器。因此,您还需要将.env文件与docker-compose.yml文件一起使用。

如果您只想使用“单个docker-compose.yml”文件而不使用本地的.env文件,您可以直接在docker-compose.yml中定义环境变量:

server:
...
  environment:
    DB_CA_CERT_PATH=/usr/src/app/ca-certificate.crt

如果您想要一个自包含的镜像,您可以再次使用一个被复制到镜像中的.env文件,或者使用Dockerfile中的ENV指令来定义这些环境变量。

英文:

I will try to summarize the comments by Alex D. and me:

  • The assumption was that ca-certificate.crt is used for the SSL connection, and that your docker-compose.yml is where you are referencing this certificate and the path in that file might be broken.
  • You stated that you are referencing the certificate file via process.env.DB_CA_CERT_PATH. However, it was unclear how you are setting this variable in the container, since it was not present in the docker-compose.yml or Dockerfile.
  • It turns out the environment variable was not configured at all. You then added a reference to this variable in the docker-compose.yml file, which in turn references a "local" environment variable defined in an .env file, which needs to be present alongside the docker-compose.yml.

As you pointed out, the way you are currently defining your environment variables in the docker-compose.yml (e.g. DB_CA_CERT_PATH: ${DB_CA_CERT_PATH}), you actually are only passing your "local" environment variables on the host to that file, which are then passed into the docker container. For this reason, you also need the .env file alongside the docker-compose.yml file.

If you only want to use "a single docker-compose.yml" file without the local .env file, you can just defined the environment variables directly in docker-compose.yml:

server:
...
  environment:
    DB_CA_CERT_PATH=/usr/src/app/ca-certificate.crt

If you wanted to have a self-contained image, you could, again, use a .env file which is copied to the image, or define these environment variables in your Dockerfile with the ENV instruction.

huangapple
  • 本文由 发表于 2023年6月26日 13:35:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76553773.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定