Reputation: 23
InfluxDB on Docker-Compose can't read SSL cert file
I'm having some troubles trying to configure SSL with InfluxDB v1.8 running on Docker Compose.
I followed the official documentation to enable HTTPS with self-signed certificate, but the container crashes with the following error:
run: open server: open service: open "/etc/ssl/influxdb-selfsigned.crt": no such file or directory
It works if I run this configuration using docker run command:
docker run -p 8086:8086 -v $PWD/ssl:/etc/ssl \
-e INFLUXDB_DB=db0 \
-e INFLUXDB_ADMIN_USER=admin \
-e INFLUXDB_ADMIN_PASSWORD=supersecretpassword \
-e INFLUXDB_HTTP_HTTPS_ENABLED=true \
-e INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt" \
-e INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key" \
-d influxdb
My docker-compose.yml is the following:
version: "3"
services:
influxdb:
image: influxdb
ports:
- "8086:8086"
volumes:
- influxdb:/var/lib/influxdb
- ./ssl:/etc/ssl/
environment:
- INFLUXDB_DB=db0
- INFLUXDB_ADMIN_USER=admin
- INFLUXDB_ADMIN_PASSWORD=supersecretpassword
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt"
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key"
- INFLUXDB_HTTP_AUTH_ENABLED=true
volumes:
influxdb:
If I set INFLUXDB_HTTP_HTTPS_ENABLED to false, I can see that cert and key files are mounted as they should in /etc/ssl in the container ( docker exec -it airq_influxdb_1 ls -la /etc/ssl )
Do you have any idea why this is happening and how to solve it?
Upvotes: 2
Views: 2261
Answers (1)
Reputation: 6372
The environment variables passed in the docker-compose.yml are strings. You don't need to pass the quotes.
The influx DB is looking for the certificate under "/etc/ssl/influxdb-selfsigned.crt"...literally
Simply remove the quotes and the DB will start:
...
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE=/etc/ssl/influxdb-selfsigned.crt
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY=/etc/ssl/influxdb-selfsigned.key
...
Upvotes: 2
Related Questions
- InfluxDB "influx" command won't connect to CLI
- Docker Portainer 'failed copying supplied certs: File doesn't exist'
- Why won't my custom Dockerfile connect over the docker-compose network when other services will?
- influxdb 2.0 certificate verify failed: certificate has expired (_ssl.c:1129)
- Unable to access or create database using the 'Influx' command in influxdb docker image
- Docker Compose up Throws SSL error using Docker Machine
- Docker compose install error 'curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104' in Ubuntu
- Specify cert to use for SSL in docker-compose.yml file?
- InfluxDB with docker permission denied .influx_history
- Cannot connect from python to influxdb when running in docker