我正在使用 mariadb 数据库开发一个应用程序,这是我的 compose.yaml 文件。我想远程访问此 mariadb 服务器,但我遇到了一些 ssl 证书问题。我启用并生成了在撰写文件中认证的 ssl
services:
app:
build:
context: .
ports:
- "8080:8080"
restart: always
environment:
DATASOURCE_HOSTNAME: mysqldb
DATASOURCE_PORT: 3306
DATASOURCE_USERNAME: CargoStacks
DATASOURCE_PASSWORD: changeMe
DATASOURCE_DBNAME: CargoStacks
JPA_SHOW_SQL: true
JPA_HIBERNATE_DDL_AUTO: update
UPLOAD_PATH: /opt/repository
MAX_FILE_SIZE: 20MB
MAX_REQUEST_SIZE: 20MB
BCRYPT_PASSWORD_ENCODER_STRENGTH: 10
depends_on:
- mysqldb
networks:
- CargoStacks-net
cert-gen:
image: alpine
volumes:
- ./certs:/certs
entrypoint:
- /bin/sh
- -c
- |
apk add --no-cache openssl &&
openssl genpkey -algorithm RSA -out /certs/mysql.key -pkeyopt rsa_keygen_bits:2048 &&
openssl req -new -key /certs/mysql.key -out /certs/mysql.csr -subj "/CN=mysql/O=myorg/C=US" &&
openssl x509 -req -in /certs/mysql.csr -signkey /certs/mysql.key -out /certs/mysql.crt -days 365 &&
openssl genpkey -algorithm RSA -out /certs/ca.key -pkeyopt rsa_keygen_bits:2048 &&
openssl req -new -x509 -key /certs/ca.key -out /certs/ca.crt -days 1095 -subj "/CN=Certificate Authority/O=myorg/C=US" &&
chmod 600 /certs/* && chown 999:999 /certs/*
restart: "no"
networks:
- CargoStacks-net
mysqldb:
image: mariadb:latest
expose:
- 3306
ports:
- 3307:3306
volumes:
- ./mysql:/var/lib/mysql
- ./data:/var/lib/mysql
- ./certs:/etc/mysql/certs
command:
- --ssl-ca=/etc/mysql/certs/ca.crt
- --ssl-cert=/etc/mysql/certs/mysql.crt
- --ssl-key=/etc/mysql/certs/mysql.key
- --ssl=1
- --bind-address=0.0.0.0
environment:
MYSQL_ROOT_USERNAME: changeMe
MYSQL_ROOT_PASSWORD: changeMe
MYSQL_DATABASE: CargoStacks
MYSQL_USER: CargoStacks
MYSQL_PASSWORD: changeMe
networks:
- CargoStacks-net
networks:
CargoStacks-net:
driver: bridge
但是当我尝试访问服务器时出现此错误
$ sudo mysql -u root -P 3307 -p
mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead
Enter password:
ERROR 2026 (HY000): TLS/SSL error: tlsv1 alert unknown ca
我希望能够远程访问我的 mariadb 服务器,但我遇到一些 ssl 问题
mysql客户端需要指定CA。试试:
mysql --ssl-ca ./certs/ca.crt ...