[英]Adding SSL certificates to a mysql docker container
I am building a docker container for a django application, which uses nginx and uwsgi. 我正在为django应用程序构建一个docker容器,它使用nginx和uwsgi。 For the Database the application is using mysql, which is located in a different container and both of them are link with a
docker-compose.yml
file: 对于数据库,应用程序使用的是mysql,它位于不同的容器中,并且它们都与
docker-compose.yml
文件链接:
version: '2'
services:
mysql:
image: mysql:latest
environment:
-MYSQL_DATABASE: TheDatabase
-MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
-MYSQL_USER: TheUsername
-MYSQL_PASSWORD: ThePassword
ports:
-"3306:3306"
django:
build: .
volumes:
- .:/app
ports:
- "443:443"
- "8000:8000"
links:
- mysql
I am using SSL certificates, which are self-signed using OpenSSL and are included in the nginx.conf file. 我使用的是SSL证书,它使用OpenSSL进行自签名,并包含在nginx.conf文件中。 The problem is that every time I run the containers and try to log as the superuser I get the following error 504 Timed Out .
问题是,每次我运行容器并尝试以超级用户身份登录时,我都会收到以下错误: 504 Timed Out 。 After a decent amount of thinking I came to the conclusion that the issue is in the connection to the mysql database.
在经过深思熟虑之后,我得出的结论是,问题在于与mysql数据库的连接。 I did enter the mysql container and saw that the Database is there and after inspecting the tables, I saw that all the tables have been created.
我确实输入了mysql容器并看到数据库在那里,在检查表之后,我看到所有表都已创建。 However, after reading the logs I noticed the following line:
但是,在阅读日志后,我注意到以下行:
[Warning] Failed to set up SSL because of the following SSL library error: SSL context is not usable without certificate and private key.
[警告]由于以下SSL库错误,无法设置SSL:如果没有证书和私钥,SSL上下文将无法使用。
How am I supposed to add the SSL key and certificate, when I am using a ready image from the docker hub? 当我使用来自docker hub的现成图像时,我应该如何添加SSL密钥和证书? Is that why I getting the 504 Timed out error ?
这就是为什么我得到504超时错误 ? I am also getting the following 3 Warnings:
我也收到以下3个警告:
[Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
[警告]在-skip-name-resolve模式下忽略'db'条目'sys mysql.sys@localhost'。
[Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
[警告]在--skip-name-resolve模式下忽略'proxies_priv'条目'@root @ localhost'。
[Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode
[警告]'tables_priv'条目'sys_config mysql.sys@localhost'在--skip-name-resolve模式下被忽略
"If you want the server to be able to deploy with automatic support for secure connections, use the mysql_ssl_rsa_setup utility to create default SSL and RSA files:
“如果您希望服务器能够部署并自动支持安全连接,请使用mysql_ssl_rsa_setup实用程序创建默认的SSL和RSA文件:
shell> mysql_ssl_rsa_setup
For more information, see Section 4.4.5, “mysql_ssl_rsa_setup — Create SSL/RSA Files”.
有关更多信息,请参见第4.4.5节“mysql_ssl_rsa_setup - 创建SSL / RSA文件”。
mysql_ssl_rsa_setup mysql_ssl_rsa_setup
Only the MySQL enterprise edition server will create the certificates for you at --initialize time. 只有MySQL企业版服务器才会在--initialize时为您创建证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.