[英]Error when using selfhosted (Jetty) Metabase with ssl inside docker container
I'm trying to setup a self hosted (Jetty) Metabase inside a docker container running with ssl enabled.我正在尝试在启用了 ssl 的 docker 容器内设置一个自托管(Jetty)元数据库。
First I created the fullchain.pem
and privkey.pem
using the certbot , than converted to keystore.jks
using this gist .首先,我使用certbot创建了
fullchain.pem
和privkey.pem
,然后使用这个gist 转换为keystore.jks
。
Then created a.env file that would be used for the --env-file
docker flag:然后创建一个用于
--env-file
docker 标志的 .env 文件:
MB_DB_FILE=/metabase/metabase.db
MB_JETTY_SSL=true
MB_JETTY_SSL_PORT=443
MB_JETTY_SSL_KEYSTORE=./keystore.jks
MB_JETTY_SSL_KEYSTORE_PASSWORD=my-pass
And tried to run:并试图运行:
docker run -p 80:3000 -v ~/metabase:/metabase --env-file "./prod.env" --name metabase metabase/metabase
But I got the following error:但我收到以下错误:
ERROR metabase.core :: Metabase Initialization FAILED
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method) ~[?:?]
at sun.nio.ch.Net.bind(Unknown Source) ~[?:?]
at sun.nio.ch.Net.bind(Unknown Source) ~[?:?]
at sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source) ~[?:?]
at sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source) ~[?:?]
at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:345) ~[metabase.jar:?]
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:310) ~[metabase.jar:?]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80) ~[metabase.jar:?]
Solved by changing the SSL_PORT to 8443, so the new env file looks like this:通过将 SSL_PORT 更改为 8443 解决,因此新的 env 文件如下所示:
MB_DB_FILE=/metabase/metabase.db
MB_JETTY_SSL=true
MB_JETTY_SSL_PORT=8443
MB_JETTY_SSL_KEYSTORE=./keystore.jks
MB_JETTY_SSL_KEYSTORE_PASSWORD=my-pass
Deleted the old container and started a new one with the env file above but now I'm stuck on this error:删除了旧容器并使用上面的 env 文件启动了一个新容器,但现在我遇到了这个错误:
ERROR metabase.core :: Metabase Initialization FAILED
java.lang.IllegalStateException: /"./keystore.jks" is not a valid keystore
I've double checked if my.jks file is valid using this .我已经使用this仔细检查了 my.jks 文件是否有效。 And it is.
它是。
My questions are:我的问题是:
Edit 1:编辑1:
Following up Joakim's suggestion:跟进 Joakim 的建议:
Changed to the absute path改为绝对路径
MB_DB_FILE=/metabase-prod-data/metabase.db
MB_JETTY_SSL=true
MB_JETTY_SSL_PORT=8443
MB_JETTY_SSL_KEYSTORE=/root/services/metabase/setup/keystore.jks
MB_JETTY_SSL_KEYSTORE_PASSWORD=my-pass
Got this error:得到这个错误:
ERROR metabase.core :: Metabase Initialization FAILED
java.lang.IllegalStateException: /root/services/metabase/setup/keystore.jks is not a valid keystore
443 is a restricted port on most OS's that require root/superuser/admin rights to be able to bind to it. 443 是大多数操作系统上的受限端口,需要 root/超级用户/管理员权限才能绑定到它。
Your keystore isn't found, that path is invalid.找不到您的密钥库,该路径无效。
The error is just confusing.错误只是令人困惑。
The configuration you have at您拥有的配置
MB_JETTY_SSL_KEYSTORE=./keystore.jks
Try making that an absolute path, as the metabase is apparently just tacking what you give it onto the end of some other path /
in your case.尝试将其设为绝对路径,因为在您的情况下,元数据库显然只是将您提供的内容添加到其他路径
/
的末尾。
why port 443 is not used is answered by @Joakim @Joakim 回答了为什么不使用端口 443
I also faced this issue for metabase initialisation.我也遇到了元数据库初始化的这个问题。 The error I was facing was that the keystore file at host is not accessible inside the docker container.
我面临的错误是在 docker 容器内无法访问主机上的密钥库文件。
I used docker-compose yml file.我使用了 docker-compose yml 文件。 You can search for terminal based ways as well.
您也可以搜索基于终端的方式。
I made it accessible by adding folder at host which has the certificate by using volume attribute.我通过使用卷属性在具有证书的主机上添加文件夹来使其可访问。
metabase:
...
env_file:
- ./config/metabase.env
volumes:
- <LOCAL_PATH>:<CONTAINER_PATH>
Inside the environment path:在环境路径内:
MB_JETTY_SSL_KEYSTORE:<CONTAINER_PATH>/keystore.jks
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.