远程访问mariadb服务器(docker容器)但SSL证书有问题

问题描述 投票:0回答:1

我正在使用 mariadb 数据库开发一个应用程序,这是我的 compose.yaml 文件。我想远程访问此 mariadb 服务器,但我遇到了一些 ssl 证书问题。我启用并生成了在撰写文件中认证的 ssl


services:
  app:
    build:
      context: .
    ports:
      - "8080:8080"
    restart: always
    environment:
      DATASOURCE_HOSTNAME: mysqldb
      DATASOURCE_PORT: 3306
      DATASOURCE_USERNAME: CargoStacks
      DATASOURCE_PASSWORD: changeMe
      DATASOURCE_DBNAME: CargoStacks
      JPA_SHOW_SQL: true
      JPA_HIBERNATE_DDL_AUTO: update
      UPLOAD_PATH: /opt/repository
      MAX_FILE_SIZE: 20MB
      MAX_REQUEST_SIZE: 20MB
      BCRYPT_PASSWORD_ENCODER_STRENGTH: 10
    depends_on:
      - mysqldb
    networks:
      - CargoStacks-net

  cert-gen:
    image: alpine
    volumes:
      - ./certs:/certs
    entrypoint:
      - /bin/sh
      - -c
      - |
        apk add --no-cache openssl &&
        openssl genpkey -algorithm RSA -out /certs/mysql.key -pkeyopt rsa_keygen_bits:2048 &&
        openssl req -new -key /certs/mysql.key -out /certs/mysql.csr -subj "/CN=mysql/O=myorg/C=US" &&
        openssl x509 -req -in /certs/mysql.csr -signkey /certs/mysql.key -out /certs/mysql.crt -days 365 &&
        openssl genpkey -algorithm RSA -out /certs/ca.key -pkeyopt rsa_keygen_bits:2048 &&
        openssl req -new -x509 -key /certs/ca.key -out /certs/ca.crt -days 1095 -subj "/CN=Certificate Authority/O=myorg/C=US" &&
        chmod 600 /certs/* && chown 999:999 /certs/*
    restart: "no"  
    networks:
      - CargoStacks-net

  mysqldb:
    image: mariadb:latest
    expose:
      - 3306
    ports:
      - 3307:3306
    volumes:
      - ./mysql:/var/lib/mysql
      - ./data:/var/lib/mysql
      - ./certs:/etc/mysql/certs
    command:
      - --ssl-ca=/etc/mysql/certs/ca.crt
      - --ssl-cert=/etc/mysql/certs/mysql.crt
      - --ssl-key=/etc/mysql/certs/mysql.key
      - --ssl=1
      - --bind-address=0.0.0.0
    environment:
      MYSQL_ROOT_USERNAME: changeMe
      MYSQL_ROOT_PASSWORD: changeMe
      MYSQL_DATABASE: CargoStacks
      MYSQL_USER: CargoStacks
      MYSQL_PASSWORD: changeMe
    networks:
      - CargoStacks-net

networks:
  CargoStacks-net:
    driver: bridge

但是当我尝试访问服务器时出现此错误

$ sudo mysql -u root -P 3307 -p

mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead
Enter password: 
ERROR 2026 (HY000): TLS/SSL error: tlsv1 alert unknown ca

我希望能够远程访问我的 mariadb 服务器,但我遇到一些 ssl 问题

docker ssl docker-compose mariadb
1个回答
0
投票

mysql客户端需要指定CA。试试:

mysql --ssl-ca ./certs/ca.crt ...

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.