如何使用 Docker compose 在 HTTPS 上运行 Weaviate?

问题描述 投票:0回答:1

我无法让 Weaviate 在 Docker 中的 HTTPS 上运行。

我已经通过 HTTP 在 Docker 上成功运行 Weaviate 一段时间了。我正处于应用程序开发的最后阶段,希望尽我所能保护整个堆栈的安全。第一步是让 Weaviate 在 HTTPS 上运行,然后应用 API 密钥。我尝试遵循(不是特别有帮助)说明,但没有成功。我一次尝试一步并让服务运行,但它不会响应 HTTPS 请求。我尝试在这里搜索,发现了this,但没有得到答复(“有用”的评论没有那么有帮助)。

这是 HTTPS 尝试:

> curl -v -k https://localhost:8080/v1/schema
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8080 
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8080

这是 HTTP 尝试:

> curl -v -k http://localhost:8080/v1/schema 
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /v1/schema HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.88.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/json
< Vary: Origin
< Date: Tue, 12 Sep 2023 19:57:01 GMT
< Content-Length: 15
< 
{"classes":[]}
* Connection #0 to host localhost left intact

对于 HTTPS,我的 docker-compose.yml 如下所示:

---
version: '3.4'
services:
  weaviate:
    command:
    - --host
    - 0.0.0.0
    - --port
    - '8080'
    - --scheme
    - https
    - --tls-certificate
    - /etc/ssl/certs/dev-certificate.pem
    - --tls-key
    - /etc/ssl/certs/dev-private-key.pem
    image: semitechnologies/weaviate:1.21.2
    ports:
    - 8080:8080
    volumes:
    - weaviate_data:/var/lib/weaviate
    - /etc/ssl/certs:/etc/ssl/certs
    restart: on-failure:0
    environment:
      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'true'
      TRANSFORMERS_INFERENCE_API: 'http://t2v-transformers:8080'
      QUERY_DEFAULTS_LIMIT: 25
      PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
      DEFAULT_VECTORIZER_MODULE: 'text2vec-transformers'
      ENABLE_MODULES: 'text2vec-transformers'
      CLUSTER_HOSTNAME: 'node1'
  t2v-transformers:
    image: semitechnologies/transformers-inference:sentence-transformers-multi-qa-MiniLM-L6-cos-v1
    environment:
      ENABLE_CUDA: '0'
volumes:
  weaviate_data:
...

我真的不想在具有不安全矢量存储的生产环境中部署此应用程序。

docker security docker-compose https weaviate
1个回答
0
投票

您应该像这样使用命令选项 --tls-host 和 --tls-port :

  ---
version: '3.4'
services:
  weaviate:
    command:
    - --tls-host
    - 0.0.0.0
    - --tls-port
    - '8080'
    - --scheme
    - https
    - --tls-certificate
    - /etc/ssl/certs/dev-certificate.pem
    - --tls-key
    - /etc/ssl/certs/dev-private-key.pem
    image: semitechnologies/weaviate:1.21.2
    ports:
    - 8080:8080
    volumes:
    - weaviate_data:/var/lib/weaviate
    - /etc/ssl/certs:/etc/ssl/certs
    restart: on-failure:0
    environment:
      AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: 'true'
      TRANSFORMERS_INFERENCE_API: 'http://t2v-transformers:8080'
      QUERY_DEFAULTS_LIMIT: 25
      PERSISTENCE_DATA_PATH: '/var/lib/weaviate'
      DEFAULT_VECTORIZER_MODULE: 'text2vec-transformers'
      ENABLE_MODULES: 'text2vec-transformers'
      CLUSTER_HOSTNAME: 'node1'
  t2v-transformers:
    image: semitechnologies/transformers-inference:sentence-transformers-multi-qa-MiniLM-L6-cos-v1
    environment:
      ENABLE_CUDA: '0'
volumes:
  weaviate_data:
...
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.