docker-compose example not working because prest tries to connect with ssl and postgres-service is running without sslmode #524
Comments
|
@t-hofmann I'm looking at it... seems this commit broke our Docker examples because SSL is disabled by default on postgres configuration. Fix is pretty simple, something like: ➜ git diff
diff --git a/docker-compose.yml b/docker-compose.yml
index 643f098..f0027e6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,11 +16,7 @@ services:
- "postgres:postgres"
environment:
- PREST_DEBUG=true # remove comment for enable DEBUG mode (disable JWT)
- - PREST_PG_HOST=postgres
- - PREST_PG_USER=prest
- - PREST_PG_PASS=prest
- - PREST_PG_DATABASE=prest
- - PREST_PG_PORT=5432
+ - PREST_PG_URL=postgresql://prest:prest@postgres:5432/prest/?sslmode=disable
- PREST_JWT_DEFAULT=false # remove if need jwt
depends_on:
- postgres
diff --git a/docs/integrations/timescaledb.en.md b/docs/integrations/timescaledb.en.md
index b3bb656..a89e6d8 100644
--- a/docs/integrations/timescaledb.en.md
+++ b/docs/integrations/timescaledb.en.md
@@ -40,11 +40,7 @@ services:
- "timescaledb:timescaledb"
environment:
- PREST_DEBUG=true # remove comment for enable DEBUG mode (disable JWT)
- - PREST_PG_HOST=timescaledb
- - PREST_PG_USER=prest
- - PREST_PG_PASS=prest
- - PREST_PG_DATABASE=prest
- - PREST_PG_PORT=5432
+ - PREST_PG_URL=postgresql://prest:prest@timescaledb:5432/prest/?sslmode=disable
- PREST_JWT_DEFAULT=false # remove if need jwt
depends_on:
- timescaledbBut I'm just thinking if we should expose the pREST SSL config into environment variables. Something like: PREST_PG_SSLMODE='enable'
PREST_PG_SSLCERT='/path/to/ssl/cert'
PREST_PG_SSLKEY='/path/to/ssl/key'
PREST_PG_SSLROOTCERT='/path/to/ssl/rootcert'WDYT @avelino @t-hofmann ? |
|
I like the environment variables, would be more coherent, but note: the actual SSl-key used by postgres should not be made available to other services than the postgres-service itself, so PREST_PG_SSLKEY is not necessary. So with those environment variable and in case "sslmode=enabled", the only way would be to use "PREST_PG_URL", which as a sideeffect would kind of disable the other PREST_PG_-environment variables... So again, I like the environment variables. |
|
@t-hofmann it was more simple than I imagine... have a look on PR #529 |
workaround:
add something like:
PREST_PG_URL: "postgres://USER:PASSWORD@postgres:5432/DATABASE?sslmode=disable"
to the environment of the prest-service in the docker-compose.yml
Fix:
introduce a new environment-variable "PREST_PG_SSL" to be one of [enable, disable], default: disable
to the prest-service
which consequently is used to configure presumable the pq-driver
Kindly,
Thomas
The text was updated successfully, but these errors were encountered: