senerh
Reputation: 1365
Quarkus Docker JVM SSL issue
I have a quarkus app connecting to a MySQL database.
I use the generated Dockerfile.jvm to build my docker image. And I have no issue to run this image on my local desktop.
However when I want to run the same image on my vm, I have the following stacktrace:
Caused by: com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:64)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:836)
at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:456)
at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:246)
at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:197)
at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:200)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:419)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:401)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:65)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.mysql.cj.exceptions.CJCommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:105)
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:151)
at com.mysql.cj.exceptions.ExceptionFactory.createCommunicationsException(ExceptionFactory.java:167)
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:334)
at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:164)
at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1342)
at com.mysql.cj.NativeSession.connect(NativeSession.java:157)
at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:956)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:826)
... 11 more
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:222)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at com.mysql.cj.protocol.ExportControlled.performTlsHandshake(ExportControlled.java:336)
at com.mysql.cj.protocol.StandardSocketFactory.performTlsHandshake(StandardSocketFactory.java:188)
at com.mysql.cj.protocol.a.NativeSocketConnection.performTlsHandshake(NativeSocketConnection.java:99)
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:325)
... 16 more
I have no idea about how to solve this issue. Any help would be very appreciated.
Upvotes: 1
Views: 754
Answers (2)
Diogo Quintela
Reputation: 191
Just stumbled into this; My quarkus container in running in ubi8 (rhel8) and connecting to mysql 5.7
Just modify mysql jdbc url to "useSSL=true&enabledTLSProtocols=TLSv1.2"
Upvotes: 0
senerh
Reputation: 1365
I solved my problem with replacing the original Dockerfile.jvm content by the following one:
FROM openjdk:11-jdk-slim
COPY target/lib/* lib/
COPY target/*.jar app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
This maybe create heavier image, but at least this is always working.
Upvotes: 1
Related Questions
- Cannot reach quarkus application on host from inside docker container
- Getting 401 Unauthorized when calling Quarkus app inside a Docker container with Keycloak authorization
- Quarkus JDBC connection with SSL
- Property quarkus.http.ssl.certificate.key-store-file not working with unable to find valid certification path to requested target
- Configuration for Quarkus and Keycloak on Docker
- unable to find valid certification path to requested target with Quarkus
- Quarkus - Docker image fails
- Adding SSL certificate in Distroless Image(Java Application)
- 1 way SSL with MQIPT and tomcat docker
- Docker - Unable to find any JVMs - Error checking TLS connection