为Google Cloud SQL实例启用“仅允许SSL连接”,然后从配置SSL的Spring应用程序连接到该实例
[英]Enable “Allow only SSL connection” for Google Cloud SQL instance and connect to it from SSL-configured Spring application
问题描述
我有在使用Google Cloud MySQL实例的本地计算机上的Tomcat(7.0.68)上运行的Spring应用程序。 我也使用C3P0(0.9.1.2)作为连接池。 您可以在下面找到DAOcontext.xml文件和CATALINA_OPTS的一部分:
....
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<property name="driverClass" value="com.mysql.jdbc.Driver"/>
<property name="jdbcUrl" value="jdbc:mysql://sql_instance_ip:3306/table_name?verifyServerCertificate=true&useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:/path/to/trustStore.jks&trustCertificateKeyStorePassword=****&characterEncoding=UTF-8&useUnicode=true&autoReconnect=true&useServerPrepStmts=false&rewriteBatchedStatements=true&failOverReadOnly=false&zeroDateTimeBehavior=convertToNull"/>
<property name="user" value="***"/>
<property name="password" value="****"/>
<property name="acquireIncrement" value="1"/>
<property name="initialPoolSize" value="1"/>
<property name="minPoolSize" value="1"/>
<property name="maxPoolSize" value="5"/>
<property name="maxIdleTime" value="120"/>
</bean>
...
CATALINA_OPTS="... -Djavax.net.ssl.keyStore=/path/to/keyStore.jks -Djavax.net.ssl.keyStorePassword=**** ..."
这些密钥存储区是根据我的SQL实例的证书创建的,并且我的本地IP已为此MySQL实例列入白名单。 https://cloud.google.com/sql/docs/mysql/configure-ssl-instance
从仪表板禁用“仅允许SSL连接”选项时,我的应用程序运行时没有任何数据库连接问题。 同样,当我通过WireShark检查应用程序和SQL实例之间的连接时,我看到数据包已SSL加密。
启用此选项后,tomcat应用程序将出现以下错误:
May 07, 2018 5:02:49 PM com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource getPoolManager
INFO: Initializing c3p0 pool... com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 1, acquireRetryAttempts -> 30, acquireRetryDelay -> 1000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> false, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, dataSourceName -> z8kfsx9u1h2ypospw6bfm|37fcf007, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> com.mysql.jdbc.Driver, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, identityToken -> z8kfsx9u1h2ypospw6bfm|37fcf007, idleConnectionTestPeriod -> 0, initialPoolSize -> 1, jdbcUrl -> jdbc:mysql://sql_instance_ip:3306/table_name?verifyServerCertificate=true&useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:/path/to/trustStore.jks&trustCertificateKeyStorePassword=****&characterEncoding=UTF-8&useUnicode=true&autoReconnect=true&useServerPrepStmts=false&rewriteBatchedStatements=true&failOverReadOnly=false&zeroDateTimeBehavior=convertToNull"/, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 120, maxIdleTimeExcessConnections -> 0, maxPoolSize -> 5, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 1, numHelperThreads -> 3, numThreadsAwaitingCheckoutDefaultUser -> 0, preferredTestQuery -> null, properties -> {user=******, password=******}, propertyCycle -> 0, testConnectionOnCheckin -> false, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, usesTraditionalReflectiveProxies -> false ]
May 07, 2018 5:03:09 PM com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector run
WARNING: com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@274517d0 -- APPARENT DEADLOCK!!! Creating emergency threads for unassigned pending tasks!
May 07, 2018 5:03:09 PM com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector run
WARNING: com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@274517d0 -- APPARENT DEADLOCK!!! Complete Status:
Managed Threads: 3
Active Threads: 3
Active Tasks:
com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@68bff773 (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1)
com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@67cb9623 (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2)
com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@599d5f2f (com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#0)
Pending Tasks:
com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@1f0360c0
com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@890083c
Pool thread stack traces:
Thread[com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1,5,main]
java.lang.Thread.sleep(Native Method)
com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2376)
com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2306)
com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:834)
com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
....
这些错误日志不是特定于此问题的,但是与我的应用程序无法连接数据库时得到的日志类似。 您对此问题有任何想法或建议吗? 是否有人使用类似的设置并遇到此问题?
任何帮助和建议都将受到高度赞赏!
1 个解决方案
解决方案1
1 2018-06-13 07:38:02
似乎是配置问题。 我建议您再次执行官方文档中描述的所有步骤,并检查服务器证书是否仍然有效。
作为一种解决方法,我建议使用Cloud SQL代理的可能性。
无法使用Google App Engine中的SSL + Golang连接到Google Cloud SQL
[英]Cannot connect to Google Cloud SQL using SSL + Golang from Google App Engine
来自Compute Engine和/或外部网络的带有SSL的Google Cloud SQL
[英]Google Cloud SQL with SSL from Compute Engine and/or External Network
是否可以通过 ssl 将 typeorm 连接到 sql gcloud 的实例?
[英]Is it possible to connect with typeorm to an instance of sql gcloud by ssl?
如何从外部PHPMyAdmin安装连接到Google Cloud SQL实例?
[英]How to connect to a Google cloud SQL instance from an external PHPMyAdmin installation?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何通过SSL连接到Google Cloud SQL?
无法使用Google App Engine中的SSL + Golang连接到Google Cloud SQL
如何通过SSL与数据库URL连接Google Cloud SQL?
SSL 与云集成 SQL 基于实例 MySQL
来自Compute Engine和/或外部网络的带有SSL的Google Cloud SQL
是否可以通过 ssl 将 typeorm 连接到 sql gcloud 的实例?
谷歌云 (GCP) SQL 对 SSL 证书的限制
无法通过SSL连接到Google SQL
Spring Boot应用程序无法连接到Google Cloud SQL
如何从外部PHPMyAdmin安装连接到Google Cloud SQL实例?
相关标签