docker_auth不会通过TLS访问mongoDB

时间:2019-05-08 09:18:09

标签: mongodb docker ssl docker-registry

我使用自己的注册表成功。有一个官方的Option Explicit 'Set reference to Microsoft Scripting Runtime Sub terfuge() Dim FSO As FileSystemObject, FI As File, FIs As Files, FO As Folder Const strBasePath As String = "full_path_of_folder_to_search" Dim bMsg As Integer Set FSO = New FileSystemObject Set FO = FSO.GetFolder(strBasePath) Set FIs = FO.Files For Each FI In FIs If FI.Name Like "*.csv" Then If FI.Size = 0 Then bMsg = MsgBox(Prompt:="Are you sure you want to delete " & FI.Name & "?", Buttons:=vbYesNoCancel) Select Case bMsg Case vbYes FI.Delete Case vbCancel Exit Sub End Select End If End If Next FI End Sub 图像作为基础。为了进行身份验证,我使用docker_auth。我将ACL存储并登录到MongoDB中。效果很好,但是我想在docker registrydocker_auth之间使用TLS。

但是现在mongodb失败了。

docker_auth日志:

docker_auth

docker_auth_1_14457fe1be84 | F0508 08:12:36.117584 1 main.go:49] Failed to create auth server: no reachable servers docker-registry_docker_auth_1_14457fe1be84 exited with code 1 日志:

mongo

IP是[...] db_1_653e79e3c33a | 2019-05-08T09:03:27.780+0000 I CONTROL [initandlisten] options: { net: { bindIpAll: true, ssl: { CAFile: "/etc/mongo/ca.pem", PEMKeyFile: "/etc/mongo/Docker_Registry.pem", mode: "requireSSL" } }, security: { authorization: "enabled" } } [...] db_1_653e79e3c33a | 2019-05-08T09:09:08.576+0000 I NETWORK [listener] connection accepted from 172.24.0.4:34224 #52 (1 connection now open) db_1_653e79e3c33a | 2019-05-08T09:09:08.578+0000 I NETWORK [conn52] end connection 172.24.0.4:34224 (0 connections now open) db_1_653e79e3c33a | 2019-05-08T09:09:09.078+0000 I NETWORK [listener] connection accepted from 172.24.0.4:34226 #53 (1 connection now open) db_1_653e79e3c33a | 2019-05-08T09:09:09.079+0000 I NETWORK [conn53] end connection 172.24.0.4:34226 (0 connections now open) db_1_653e79e3c33a | 2019-05-08T09:09:09.580+0000 I NETWORK [listener] connection accepted from 172.24.0.4:34228 #54 (1 connection now open) # Before docker_auth fails: db_1_653e79e3c33a | 2019-05-08T09:09:09.581+0000 I NETWORK [conn54] end connection 172.24.0.4:34228 (0 connections now open) 容器之一。

我的配置:

auth_config.yml(docker_auth的配置):

docker_auth

docker-compose.yml:

server:
      addr: ":5001"
      certificate: "/certs/Docker_Registry.pem"
      key: "/certs/Docker_Registry.key"

token:
      issuer: "me" 
      expiration: 900

mongo_auth:
  dial_info:
    addrs: ["db"]
    timeout: "10s"
    database: "docker_auth"
    username: "auth_helper"
    password_file: "/config/mongo_pw"
    # Enable TLS connection to MongoDB (only enable this if your server supports it)
    enable_tls: true
  collection: "users"

acl_mongo:
  dial_info:
    addrs: ["db"]
    timeout: "10s"
    database: "docker_auth"
    username: "auth_helper"
    password_file: "/config/mongo_pw"
    enable_tls: true
  collection: "acl"
  cache_ttl: "2m"

我尝试了不使用version: "3.7" services: registry: image: registry:2.6 [...] docker_auth: image: cesanta/docker_auth:1.3.1 restart: always ports: - "5001:5001" volumes: - ${PWD}/docker_auth:/config:ro - ${PWD}/certs:/certs:ro db: image: mongo restart: always ports: - "27017:27017" volumes: - ${PWD}/mongodb/entrypoint/:/docker-entrypoint-initdb.d/:ro - /data/mongodb:/data/db - ${PWD}/certs/Docker_Registry.cert_and_key.pem:/etc/mongo/Docker_Registry.pem:ro - ${PWD}/certs/ca.pem:/etc/mongo/ca.pem:ro environment: - MONGO_INITDB_ROOT_USERNAME=myUser - MONGO_INITDB_ROOT_PASSWORD=myPassword command: --sslMode requireSSL --sslPEMKeyFile /etc/mongo/Docker_Registry.pem --sslCAFile /etc/mongo/ca.pem 选项的情况:相同的结果

您有什么建议吗?

0 个答案:

没有答案
相关问题
最新问题