问题描述
尝试在Docker Compose上运行的InfluxDB v1.8配置SSL时遇到一些麻烦。
我遵循official documentation启用具有自签名证书的HTTPS,但是容器因以下错误而崩溃:
run: open server: open service: open "/etc/ssl/influxdb-selfsigned.crt": no such file or directory
如果我使用docker run命令运行此配置,它将起作用:
docker run -p 8086:8086 -v $PWD/ssl:/etc/ssl \
-e INFLUXDB_DB=db0 \
-e INFLUXDB_ADMIN_USER=admin \
-e INFLUXDB_ADMIN_PASSWORD=supersecretpassword \
-e INFLUXDB_HTTP_HTTPS_ENABLED=true \
-e INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt" \
-e INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key" \
-d influxdb
我的docker-compose.yml如下:
version: "3"
services:
influxdb:
image: influxdb
ports:
- "8086:8086"
volumes:
- influxdb:/var/lib/influxdb
- ./ssl:/etc/ssl/
environment:
- INFLUXDB_DB=db0
- INFLUXDB_ADMIN_USER=admin
- INFLUXDB_ADMIN_PASSWORD=supersecretpassword
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt"
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key"
- INFLUXDB_HTTP_AUTH_ENABLED=true
volumes:
influxdb:
如果将INFLUXDB_HTTP_HTTPS_ENABLED设置为false,则可以看到证书和密钥文件已按需装入容器(/etc/ssl的{{1}}中
您是否知道为什么会发生这种情况以及如何解决?
解决方法
在docker-compose.yml中传递的环境变量是字符串。您不需要传递引号。
涌入数据库正在"/etc/ssl/influxdb-selfsigned.crt"下……从字面上寻找证书
只需删除引号,数据库便会启动:
...
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE=/etc/ssl/influxdb-selfsigned.crt
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY=/etc/ssl/influxdb-selfsigned.key
...