如何使用curl访问influxdb数据库

Question

设置：

• 使用curl访问influxdb数据库，存在一些问题。请阅读以下步骤来重现该问题。

• 使用openssl创建证书

openssl req -x509 -nodes -newkey rsa:2048 -keyout ./influxdb-selfsigned.key -out ./influxdb-selfsigned.crt -days 365000 -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"

sudo cp ./influxdb-selfsigned.key   /etc/ssl/ 
sudo cp ./influxdb-selfsigned.crt  /etc/ssl/

• Dockerfile：

FROM influxdb:latest
COPY ./influxdb-selfsigned.key /etc/ssl/influxdb-selfsigned.key
COPY ./influxdb-selfsigned.crt /etc/ssl/influxdb-selfsigned.crt
RUN chown influxdb:influxdb /etc/ssl/influxdb-selfsigned.*

• 构建docker映像： docker build . -t influxdb:v1
• influxdb.conf：

bind-address = "127.0.0.1:8088"

[meta]
  dir = "/var/lib/influxdb/meta"

[data]
  dir = "/var/lib/influxdb/data"
  engine = "tsm1"
  wal-dir = "/var/lib/influxdb/wal"

[[udp]]
  enabled = true
  bind-address = ":8089"
  database = "tmpdb"

[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = false
  log-enabled = true
  https-enabled = true
  https-certificate = "/etc/ssl/influxdb-selfsigned.crt"
  https-private-key = "/etc/ssl/influxdb-selfsigned.key"

• 运行docker容器

docker run   -it --net=host  -v $HOME:$HOME -w $PWD influxdb:v1  \
       influxd -config influxdb.conf

• 使用openssl测试：openssl s_client -connect localhost:8086

---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1529 bytes and written 269 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: C1DB40C5CE80B89FD2365E8EFF2C04EF191DD6C50EE61D02219099330868969B
    Session-ID-ctx: 
    Master-Key: A5E27D93D02194154AF277DBAAC4703554762C84D1981E8EA7ED4E1B63052C90282BDEA55E9EE2D2C372480C5061D4C4
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - f9 65 11 7a a5 91 77 b7-58 2c 8c c8 ac a3 71 45   .e.z..w.X,....qE
    0010 - 1b 96 16 e4 34 ad 18 dc-98 f4 5d b4 d1 58 7a 2c   ....4.....]..Xz,
    0020 - f8 af 85 f4 04 8a f7 b4-01 48 06 40 01 a4 4b a4   .........H.@..K.
    0030 - 35 1e fa ab aa 09 6b 19-4f 33 04 15 a9 8e 7f 42   5.....k.O3.....B
    0040 - bc 6c 46 70 58 6a 6c 12-ab 5f 9d 14 4a fa 17 66   .lFpXjl.._..J..f
    0050 - 62 08 2d 49 71 be 69 67-ae 30 ab c6 8a 07 2b 58   b.-Iq.ig.0....+X
    0060 - d5 b0 a6 55 6f 89 af 27-f7 e9 e4 11 0c c4 f2 68   ...Uo..'.......h
    0070 - 33 89 83 62 6b 22 dc 89-                          3..bk"..

    Start Time: 1559701453
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
---

• http查询：

curl --tlsv1.2 -o tmp.txt -G 'http://localhost:8086/db/tmpdb/series?u=root&p=root'

• 来自influxdb的错误日志

2019/06/05 02:15:20 http: TLS handshake error from 127.0.0.1:35094: tls: first record does not look like a TLS handshake

• 那么curl和openssl有什么问题？ TLS版本？卷曲版本？ openssl版本？还是influxdb？

Answer 1

在curl命令中尝试使用https而不是http。