WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

Chris
Hello,

I currently have the latest docker up and running, connecting a Google Cloud SQL instance (Postgres 9.6). All is working well when SSL is not required at the server end. However, when I configure the server to only allow SSL connections, things work only partially.

My Dockerfile looks like this:

FROM quay.io/gmod/apollo
COPY
*.pem /var/lib/postgresql/
RUN chmod
400 /var/lib/postgresql/*.pem && \
    chown postgres:postgres /var/lib/postgresql/*.pem
ENV PGSSLCERT /var/lib/postgresql/client-cert.pem
ENV PGSSLKEY /var/lib/postgresql/client-key.pem
ENV PGSSLROOTCERT /var/lib/postgresql/server-ca.pem
ENV PGSSLMODE require

When the app starts up, I can see encrypted traffic passing to the database during the intial phases of launch.sh. However, the steps after catalina.sh run fail with this message presumably because connections are not going over SSL. Monitoring the traffic confirms that SSL is not being attempted.

Is there a straightforward way to set this in the docker (pasing JAVA_OPTS, for example)? I've been googling around, but nothing is jumping out at me.

Thanks!
Chris

app_1    |      org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host "...", user "apollo", database "apollo", SSL off
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
app_1    
|              at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
app_1    
|              at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
app_1    
|              at org.postgresql.Driver.makeConnection(Driver.java:404)
app_1    
|              at org.postgresql.Driver.connect(Driver.java:272)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:712)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:646)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:468)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:145)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:127)
app_1    
|              at org.springframework.jdbc.datasource.LazyConnectionDataSourceProxy.afterPropertiesSet(LazyConnectionDataSourceProxy.java:162)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1631)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.initialize(TransactionManagerPostProcessor.java:74)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.setBeanFactory(TransactionManagerPostProcessor.java:52)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:1591)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1559)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:199)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:616)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:465)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.DefaultRuntimeSpringConfiguration.getApplicationContext(DefaultRuntimeSpringConfiguration.java:156)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.initializeContext(GrailsRuntimeConfigurator.java:188)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:168)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:127)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsConfigUtils.configureWebApplicationContext(GrailsConfigUtils.java:126)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener.initWebApplicationContext(GrailsContextLoaderListener.java:109)
app_1    
|              at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
app_1    
|              at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4685)
app_1    
|              at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690)
app_1    
|              at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133)
app_1    
|              at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1867)
app_1    
|              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1045)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:429)
app_1    
|              at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
app_1    
|              at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
app_1    
|              at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
app_1    
|              at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
app_1    
|              at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.startup.Catalina.start(Catalina.java:633)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
app_1    
|              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
app_1    
|              at java.lang.reflect.Method.invoke(Method.java:498)
app_1    
|              at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
app_1    
|              at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)




--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

nathandunn

Chris, I think its because the SSL has to be configured in the Apollo config specifically where the url is set.


I added a PR for this here: add-ssl-to-docker (https://quay.io/repository/gmod/apollo?tab=builds)

FROM quay.io/gmod/apollo:addd-ssl-to-docker

I *think* you would just set WEBAPOLLO_USE_SSL=true

Let me know if that works so I can merge: 


Thanks,

Nathan



On Feb 5, 2020, at 12:57 PM, Chris <[hidden email]> wrote:

Hello,

I currently have the latest docker up and running, connecting a Google Cloud SQL instance (Postgres 9.6). All is working well when SSL is not required at the server end. However, when I configure the server to only allow SSL connections, things work only partially.

My Dockerfile looks like this:

FROM quay.io/gmod/apollo
COPY
*.pem /var/lib/postgresql/
RUN chmod
400 /var/lib/postgresql/*.pem && \
    chown postgres:postgres /var/lib/postgresql/*.pem
ENV PGSSLCERT /var/lib/postgresql/client-cert.pem
ENV PGSSLKEY /var/lib/postgresql/client-key.pem
ENV PGSSLROOTCERT /var/lib/postgresql/server-ca.pem
ENV PGSSLMODE require

When the app starts up, I can see encrypted traffic passing to the database during the intial phases of launch.sh. However, the steps after catalina.sh run fail with this message presumably because connections are not going over SSL. Monitoring the traffic confirms that SSL is not being attempted.

Is there a straightforward way to set this in the docker (pasing JAVA_OPTS, for example)? I've been googling around, but nothing is jumping out at me.

Thanks!
Chris

app_1    |      org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host "...", user "apollo", database "apollo", SSL off
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
app_1    
|              at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
app_1    
|              at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
app_1    
|              at org.postgresql.Driver.makeConnection(Driver.java:404)
app_1    
|              at org.postgresql.Driver.connect(Driver.java:272)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:712)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:646)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:468)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:145)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:127)
app_1    
|              at org.springframework.jdbc.datasource.LazyConnectionDataSourceProxy.afterPropertiesSet(LazyConnectionDataSourceProxy.java:162)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1631)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.initialize(TransactionManagerPostProcessor.java:74)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.setBeanFactory(TransactionManagerPostProcessor.java:52)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:1591)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1559)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:199)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:616)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:465)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.DefaultRuntimeSpringConfiguration.getApplicationContext(DefaultRuntimeSpringConfiguration.java:156)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.initializeContext(GrailsRuntimeConfigurator.java:188)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:168)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:127)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsConfigUtils.configureWebApplicationContext(GrailsConfigUtils.java:126)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener.initWebApplicationContext(GrailsContextLoaderListener.java:109)
app_1    
|              at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
app_1    
|              at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4685)
app_1    
|              at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690)
app_1    
|              at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133)
app_1    
|              at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1867)
app_1    
|              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1045)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:429)
app_1    
|              at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
app_1    
|              at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
app_1    
|              at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
app_1    
|              at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
app_1    
|              at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.startup.Catalina.start(Catalina.java:633)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
app_1    
|              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
app_1    
|              at java.lang.reflect.Method.invoke(Method.java:498)
app_1    
|              at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
app_1    
|              at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)





--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

Chris
Hi Nathan,

Thanks. I think you're on to the right idea here. I was hoping to do it without needing to update the docker image itself.

However, with this change, and updating my stack to use those new envvars, I get this message.

org.postgresql.util.PSQLException: FATAL: database "apollo&ssl=true" does not exist

It may need to be

"?ssl=true"

instead of

"&ssl=true"

Thanks,
Chris

On Thursday, February 6, 2020 at 1:29:52 PM UTC-5, Nathan Dunn wrote:

Chris, I think its because the SSL has to be configured in the Apollo config specifically where the url is set.

From here: <a href="https://jdbc.postgresql.org/documentation/head/connect.html" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjdbc.postgresql.org%2Fdocumentation%2Fhead%2Fconnect.html\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEN_hzvBPzyjoywNekHqtWudBpM-A&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjdbc.postgresql.org%2Fdocumentation%2Fhead%2Fconnect.html\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEN_hzvBPzyjoywNekHqtWudBpM-A&#39;;return true;">https://jdbc.postgresql.org/documentation/head/connect.html

I added a PR for this here: add-ssl-to-docker (<a href="https://quay.io/repository/gmod/apollo?tab=builds" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fquay.io%2Frepository%2Fgmod%2Fapollo%3Ftab%3Dbuilds\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGuAFMj9DUB6IlRXDQUWN52uRGx0g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fquay.io%2Frepository%2Fgmod%2Fapollo%3Ftab%3Dbuilds\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGuAFMj9DUB6IlRXDQUWN52uRGx0g&#39;;return true;">https://quay.io/repository/gmod/apollo?tab=builds)

FROM quay.io/gmod/apollo:addd-ssl-to-docker

I *think* you would just set WEBAPOLLO_USE_SSL=true

Let me know if that works so I can merge: 

<a href="https://github.com/GMOD/Apollo/pull/2370" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2FGMOD%2FApollo%2Fpull%2F2370\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGuFPdYuXSj72VtqDZ-duyVUyDO9g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2FGMOD%2FApollo%2Fpull%2F2370\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGuFPdYuXSj72VtqDZ-duyVUyDO9g&#39;;return true;">https://github.com/GMOD/Apollo/pull/2370

Thanks,

Nathan



On Feb 5, 2020, at 12:57 PM, Chris <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="Duvh3BY5EQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ch...@...> wrote:

Hello,

I currently have the latest docker up and running, connecting a Google Cloud SQL instance (Postgres 9.6). All is working well when SSL is not required at the server end. However, when I configure the server to only allow SSL connections, things work only partially.

My Dockerfile looks like this:

FROM quay.io/gmod/apollo
COPY
*.pem /var/lib/postgresql/
RUN chmod
400 /var/lib/postgresql/*.pem && \
    chown postgres:postgres /var/lib/postgresql/*.pem
ENV PGSSLCERT /var/lib/postgresql/client-cert.pem
ENV PGSSLKEY /var/lib/postgresql/client-key.pem
ENV PGSSLROOTCERT /var/lib/postgresql/server-ca.pem
ENV PGSSLMODE require

When the app starts up, I can see encrypted traffic passing to the database during the intial phases of launch.sh. However, the steps after catalina.sh run fail with this message presumably because connections are not going over SSL. Monitoring the traffic confirms that SSL is not being attempted.

Is there a straightforward way to set this in the docker (pasing JAVA_OPTS, for example)? I've been googling around, but nothing is jumping out at me.

Thanks!
Chris

app_1    |      org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host "...", user "apollo", database "apollo", SSL off
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
app_1    
|              at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
app_1    
|              at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
app_1    
|              at org.postgresql.Driver.makeConnection(Driver.java:404)
app_1    
|              at org.postgresql.Driver.connect(Driver.java:272)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:712)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:646)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:468)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:145)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:127)
app_1    
|              at org.springframework.jdbc.datasource.LazyConnectionDataSourceProxy.afterPropertiesSet(LazyConnectionDataSourceProxy.java:162)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1631)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.initialize(TransactionManagerPostProcessor.java:74)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.setBeanFactory(TransactionManagerPostProcessor.java:52)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:1591)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1559)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:199)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:616)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:465)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.DefaultRuntimeSpringConfiguration.getApplicationContext(DefaultRuntimeSpringConfiguration.java:156)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.initializeContext(GrailsRuntimeConfigurator.java:188)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:168)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:127)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsConfigUtils.configureWebApplicationContext(GrailsConfigUtils.java:126)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener.initWebApplicationContext(GrailsContextLoaderListener.java:109)
app_1    
|              at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
app_1    
|              at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4685)
app_1    
|              at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690)
app_1    
|              at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133)
app_1    
|              at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1867)
app_1    
|              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1045)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:429)
app_1    
|              at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
app_1    
|              at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
app_1    
|              at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
app_1    
|              at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
app_1    
|              at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.startup.Catalina.start(Catalina.java:633)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
app_1    
|              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
app_1    
|              at java.lang.reflect.Method.invoke(Method.java:498)
app_1    
|              at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
app_1    
|              at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)





--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

Chris
Hi Nathan,

After rebuilding the docker with

"?ssl=true"

I get further, but the certs can't be found. I think that the PG* envvars that I set in my docker file should also propagate somehow (perhaps in createenv.sh or be set another way for apollo and chado explicitly, although they would be the same for either case)

app_1    | 07-Feb-2020 04:43:59.390 SEVERE [main] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool.
app_1    
|      org.postgresql.util.PSQLException: SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks,
Chris


On Thursday, February 6, 2020 at 11:20:41 PM UTC-5, Chris wrote:
Hi Nathan,

Thanks. I think you're on to the right idea here. I was hoping to do it without needing to update the docker image itself.

However, with this change, and updating my stack to use those new envvars, I get this message.

org.postgresql.util.PSQLException: FATAL: database "apollo&ssl=true" does not exist

It may need to be

"?ssl=true"

instead of

"&ssl=true"

Thanks,
Chris


--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

nathandunn
In reply to this post by Chris

Okay I fixed and pushed this fix . ..  looking into the other one now. 

Feel free to comment / push within the PR directly as well:


Nathan

On Feb 6, 2020, at 8:20 PM, Chris <[hidden email]> wrote:

Hi Nathan,

Thanks. I think you're on to the right idea here. I was hoping to do it without needing to update the docker image itself.

However, with this change, and updating my stack to use those new envvars, I get this message.

org.postgresql.util.PSQLException: FATAL: database "apollo&ssl=true" does not exist

It may need to be

"?ssl=true"

instead of

"&ssl=true"

Thanks,
Chris

On Thursday, February 6, 2020 at 1:29:52 PM UTC-5, Nathan Dunn wrote:

Chris, I think its because the SSL has to be configured in the Apollo config specifically where the url is set.


I added a PR for this here: add-ssl-to-docker (https://quay.io/repository/gmod/apollo?tab=builds)

FROM quay.io/gmod/apollo:addd-ssl-to-docker

I *think* you would just set WEBAPOLLO_USE_SSL=true

Let me know if that works so I can merge: 


Thanks,

Nathan



On Feb 5, 2020, at 12:57 PM, Chris <[hidden email]> wrote:

Hello,

I currently have the latest docker up and running, connecting a Google Cloud SQL instance (Postgres 9.6). All is working well when SSL is not required at the server end. However, when I configure the server to only allow SSL connections, things work only partially.

My Dockerfile looks like this:

FROM quay.io/gmod/apollo
COPY
*.pem /var/lib/postgresql/
RUN chmod
400 /var/lib/postgresql/*.pem && \
    chown postgres:postgres /var/lib/postgresql/*.pem
ENV PGSSLCERT /var/lib/postgresql/client-cert.pem
ENV PGSSLKEY /var/lib/postgresql/client-key.pem
ENV PGSSLROOTCERT /var/lib/postgresql/server-ca.pem
ENV PGSSLMODE require

When the app starts up, I can see encrypted traffic passing to the database during the intial phases of launch.sh. However, the steps after catalina.sh run fail with this message presumably because connections are not going over SSL. Monitoring the traffic confirms that SSL is not being attempted.

Is there a straightforward way to set this in the docker (pasing JAVA_OPTS, for example)? I've been googling around, but nothing is jumping out at me.

Thanks!
Chris

app_1    |      org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host "...", user "apollo", database "apollo", SSL off
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
app_1    
|              at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
app_1    
|              at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
app_1    
|              at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
app_1    
|              at org.postgresql.Driver.makeConnection(Driver.java:404)
app_1    
|              at org.postgresql.Driver.connect(Driver.java:272)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
app_1    
|              at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:712)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:646)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:468)
app_1    
|              at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:145)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
app_1    
|              at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:127)
app_1    
|              at org.springframework.jdbc.datasource.LazyConnectionDataSourceProxy.afterPropertiesSet(LazyConnectionDataSourceProxy.java:162)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1631)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
app_1    
|              at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
app_1    
|              at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1040)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.initialize(TransactionManagerPostProcessor.java:74)
app_1    
|              at org.codehaus.groovy.grails.orm.support.TransactionManagerPostProcessor.setBeanFactory(TransactionManagerPostProcessor.java:52)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:1591)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1559)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
app_1    
|              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
app_1    
|              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
app_1    
|              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
app_1    
|              at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:199)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:616)
app_1    
|              at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:465)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.DefaultRuntimeSpringConfiguration.getApplicationContext(DefaultRuntimeSpringConfiguration.java:156)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.initializeContext(GrailsRuntimeConfigurator.java:188)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:168)
app_1    
|              at org.codehaus.groovy.grails.commons.spring.GrailsRuntimeConfigurator.configure(GrailsRuntimeConfigurator.java:127)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsConfigUtils.configureWebApplicationContext(GrailsConfigUtils.java:126)
app_1    
|              at org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener.initWebApplicationContext(GrailsContextLoaderListener.java:109)
app_1    
|              at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
app_1    
|              at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4685)
app_1    
|              at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
app_1    
|              at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690)
app_1    
|              at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133)
app_1    
|              at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1867)
app_1    
|              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1045)
app_1    
|              at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:429)
app_1    
|              at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
app_1    
|              at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
app_1    
|              at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
app_1    
|              at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
app_1    
|              at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
app_1    
|              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
app_1    
|              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
app_1    
|              at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
app_1    
|              at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
app_1    
|              at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
app_1    
|              at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
app_1    
|              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
app_1    
|              at org.apache.catalina.startup.Catalina.start(Catalina.java:633)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
app_1    
|              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
app_1    
|              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
app_1    
|              at java.lang.reflect.Method.invoke(Method.java:498)
app_1    
|              at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
app_1    
|              at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)






--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

nathandunn
In reply to this post by Chris

Hmm . . . you have to set environmental variables either ahead of time or within the setenv.sh as you noted below. 

I added: 


And this:


If this works, let me know and I can turn them into proper variables. 

It should be rebuilt momentarily. 

Nathan

On Feb 6, 2020, at 8:53 PM, Chris <[hidden email]> wrote:

Hi Nathan,

After rebuilding the docker with

"?ssl=true"

I get further, but the certs can't be found. I think that the PG* envvars that I set in my docker file should also propagate somehow (perhaps in createenv.sh or be set another way for apollo and chado explicitly, although they would be the same for either case)

app_1    | 07-Feb-2020 04:43:59.390 SEVERE [main] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool.
app_1    
|      org.postgresql.util.PSQLException: SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks,
Chris


On Thursday, February 6, 2020 at 11:20:41 PM UTC-5, Chris wrote:
Hi Nathan,

Thanks. I think you're on to the right idea here. I was hoping to do it without needing to update the docker image itself.

However, with this change, and updating my stack to use those new envvars, I get this message.

org.postgresql.util.PSQLException: FATAL: database "apollo&ssl=true" does not exist

It may need to be

"?ssl=true"

instead of

"&ssl=true"

Thanks,
Chris



--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

Chris

Thanks. I have those env variables in my docker already, so I did end up editing my own copy of createenv.sh and rebuilding the docker. However, still no dice. I think part of the reason is the format of the cert key required for JDBC (PEM vs DER). I'm working on that on my end. Interestingly, the postgres client (part of launch.sh) uses PEM but JDBC requires DER. It may also be required to add the sslmode, sslcert, sslkey (DER), and sslrootcert to the connection string if it's not picked up from the environment. For example, I had to use the DER version of the key to get DBeaver to connect to the DB over SSL (which uses Postgres JDBC under the hood).

On Friday, February 7, 2020 at 12:56:01 AM UTC-5, Nathan Dunn wrote:

Hmm . . . you have to set environmental variables either ahead of time or within the setenv.sh as you noted below. 

I added: 

<a href="https://github.com/GMOD/Apollo/pull/2370/files#diff-944cc9918a72f6eb4ac39ae4935c0e8cR60-R63" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2FGMOD%2FApollo%2Fpull%2F2370%2Ffiles%23diff-944cc9918a72f6eb4ac39ae4935c0e8cR60-R63\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEaOTATLB6Rh0fWipxTEU47h8vquw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2FGMOD%2FApollo%2Fpull%2F2370%2Ffiles%23diff-944cc9918a72f6eb4ac39ae4935c0e8cR60-R63\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEaOTATLB6Rh0fWipxTEU47h8vquw&#39;;return true;">https://github.com/GMOD/Apollo/pull/2370/files#diff-944cc9918a72f6eb4ac39ae4935c0e8cR60-R63

And this:

<a href="https://github.com/GMOD/Apollo/pull/2370/files#diff-0735b8d2f1ff0ed4db676e4198740413R54-R57" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2FGMOD%2FApollo%2Fpull%2F2370%2Ffiles%23diff-0735b8d2f1ff0ed4db676e4198740413R54-R57\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGipenSGrouEYNpt040FYgqPSlf5Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2FGMOD%2FApollo%2Fpull%2F2370%2Ffiles%23diff-0735b8d2f1ff0ed4db676e4198740413R54-R57\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGipenSGrouEYNpt040FYgqPSlf5Q&#39;;return true;">https://github.com/GMOD/Apollo/pull/2370/files#diff-0735b8d2f1ff0ed4db676e4198740413R54-R57

If this works, let me know and I can turn them into proper variables. 

It should be rebuilt momentarily. 

Nathan

On Feb 6, 2020, at 8:53 PM, Chris <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="xKFqO4heEQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ch...@...> wrote:

Hi Nathan,

After rebuilding the docker with

"?ssl=true"

I get further, but the certs can't be found. I think that the PG* envvars that I set in my docker file should also propagate somehow (perhaps in createenv.sh or be set another way for apollo and chado explicitly, although they would be the same for either case)

app_1    | 07-Feb-2020 04:43:59.390 SEVERE [main] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool.
app_1    
|      org.postgresql.util.PSQLException: SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks,
Chris


On Thursday, February 6, 2020 at 11:20:41 PM UTC-5, Chris wrote:
Hi Nathan,

Thanks. I think you're on to the right idea here. I was hoping to do it without needing to update the docker image itself.

However, with this change, and updating my stack to use those new envvars, I get this message.

org.postgresql.util.PSQLException: FATAL: database "apollo&ssl=true" does not exist

It may need to be

"?ssl=true"

instead of

"&ssl=true"

Thanks,
Chris



--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: WebApollo Docker connecting to external postgres over SSL not working from tomcat pool

nathandunn

Thanks for keeping us up to date. 

Let us know what you finally get working.   If generic, I’d like to integrate what you end up with into Dockerized options. 

Cheers,

Nathan


On Feb 7, 2020, at 6:40 AM, Chris <[hidden email]> wrote:


Thanks. I have those env variables in my docker already, so I did end up editing my own copy of createenv.sh and rebuilding the docker. However, still no dice. I think part of the reason is the format of the cert key required for JDBC (PEM vs DER). I'm working on that on my end. Interestingly, the postgres client (part of launch.sh) uses PEM but JDBC requires DER. It may also be required to add the sslmode, sslcert, sslkey (DER), and sslrootcert to the connection string if it's not picked up from the environment. For example, I had to use the DER version of the key to get DBeaver to connect to the DB over SSL (which uses Postgres JDBC under the hood).

On Friday, February 7, 2020 at 12:56:01 AM UTC-5, Nathan Dunn wrote:

Hmm . . . you have to set environmental variables either ahead of time or within the setenv.sh as you noted below. 

I added: 


And this:


If this works, let me know and I can turn them into proper variables. 

It should be rebuilt momentarily. 

Nathan

On Feb 6, 2020, at 8:53 PM, Chris <[hidden email]> wrote:

Hi Nathan,

After rebuilding the docker with

"?ssl=true"

I get further, but the certs can't be found. I think that the PG* envvars that I set in my docker file should also propagate somehow (perhaps in createenv.sh or be set another way for apollo and chado explicitly, although they would be the same for either case)

app_1    | 07-Feb-2020 04:43:59.390 SEVERE [main] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool.
app_1    
|      org.postgresql.util.PSQLException: SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thanks,
Chris


On Thursday, February 6, 2020 at 11:20:41 PM UTC-5, Chris wrote:
Hi Nathan,

Thanks. I think you're on to the right idea here. I was hoping to do it without needing to update the docker image itself.

However, with this change, and updating my stack to use those new envvars, I get this message.

org.postgresql.util.PSQLException: FATAL: database "apollo&ssl=true" does not exist

It may need to be

"?ssl=true"

instead of

"&ssl=true"

Thanks,
Chris




--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].