无法从 spring 启动容器应用程序连接到亚马逊 RDS
Can not connect to amazon RDS from spring boot container app
我想docker化我们所有的 Spring 引导服务,但与 Amazon RDS Aurora 的连接有关 MySQL。
问题出在与 Amazon RDS 实例的通信上。
奇怪的是,如果我使用 java 命令 java -jar service.jar 运行 service.jar 文件,一切都按预期工作。
错误的堆栈跟踪:
Caused by: com.mysql.cj.exceptions.CJCommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_292]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_292]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_292]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_292]
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:105) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:151) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.exceptions.ExceptionFactory.createCommunicationsException(ExceptionFactory.java:167) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:340) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:167) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1348) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.NativeSession.connect(NativeSession.java:157) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:956) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:826) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
... 165 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171) ~[na:1.8.0_292]
at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98) ~[na:1.8.0_292]
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:220) ~[na:1.8.0_292]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428) ~[na:1.8.0_292]
at com.mysql.cj.protocol.ExportControlled.performTlsHandshake(ExportControlled.java:317) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.StandardSocketFactory.performTlsHandshake(StandardSocketFactory.java:188) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeSocketConnection.performTlsHandshake(NativeSocketConnection.java:97) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:331) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
... 170 common frames omitted
我的 docker 文件如下所示:
FROM openjdk:8
ARG app_name
ENV version /
ENV build /
COPY ./target/${app_name}.jar ./app.jar
CMD ["java", "-Dserver.port=80","-Dproject.version=${version}", "-Dbuild.number=${build}", "-jar", "./app.jar"]
应用程序属性有下一个数据:
# Hibernate ddl auto (create, create-drop, update)
spring.jpa.hibernate.ddl-auto=validate
spring.jpa.properties.hibernate.show-sql=true
spring.jpa.properties.hibernate.use-sql-comments=true
spring.jpa.properties.hibernate.format-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
#MySQL DIALECT
spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
spring.datasource.tomcat.test-on-borrow=true
spring.datasource.tomcat.validation-query=SELECT 1
spring.datasource.url=jdbc:mysql://aws_rds:3306/service_db?serverTimeZone=UTC&useSSL=false
spring.datasource.username=@database.username@
spring.datasource.password=@database.password@
spring.datasource.initialization-mode=always
spring.datasource.hikari.maximum-pool-size=5
# Flyway
spring.flyway.locations=classpath:db/migration
spring.flyway.check-location=true
spring.flyway.validate-on-migrate=false
spring.flyway.out-of-order=true
spring.flyway.table=schema_version
我在docker中错过了什么?
很可能 openjdk:8 您使用的基础 Docker 图像不支持 AWS Aurora 所需的 TLS 版本。您必须检查您的 AWS Aurora 允许使用哪个 TLS 版本,然后确保安装在 Docker 映像中的 Java 支持它。你可以看看 or this answer.
请注意,最近,在 2021 年 4 月,Java™ SE Development Kit 8, Update 291 (JDK 8u291) 更改了允许的 TLS 版本:
➜ Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.
不推荐用于生产
您可以通过将 --ssl=0 命令添加到您的 mysql docker-compose.yml 例如
version: '3.3'
services:
mysql:
image: mysql:5.7
command: --ssl=0
volumes:
- ./data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: yourPassword
ports:
- "3306:3306"
我想docker化我们所有的 Spring 引导服务,但与 Amazon RDS Aurora 的连接有关 MySQL。
问题出在与 Amazon RDS 实例的通信上。
奇怪的是,如果我使用 java 命令 java -jar service.jar 运行 service.jar 文件,一切都按预期工作。
错误的堆栈跟踪:
Caused by: com.mysql.cj.exceptions.CJCommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_292]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_292]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_292]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_292]
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:105) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:151) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.exceptions.ExceptionFactory.createCommunicationsException(ExceptionFactory.java:167) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:340) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:167) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1348) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.NativeSession.connect(NativeSession.java:157) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:956) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:826) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
... 165 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171) ~[na:1.8.0_292]
at sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98) ~[na:1.8.0_292]
at sun.security.ssl.TransportContext.kickstart(TransportContext.java:220) ~[na:1.8.0_292]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:428) ~[na:1.8.0_292]
at com.mysql.cj.protocol.ExportControlled.performTlsHandshake(ExportControlled.java:317) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.StandardSocketFactory.performTlsHandshake(StandardSocketFactory.java:188) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeSocketConnection.performTlsHandshake(NativeSocketConnection.java:97) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
at com.mysql.cj.protocol.a.NativeProtocol.negotiateSSLConnection(NativeProtocol.java:331) ~[mysql-connector-java-8.0.22.jar!/:8.0.22]
... 170 common frames omitted
我的 docker 文件如下所示:
FROM openjdk:8
ARG app_name
ENV version /
ENV build /
COPY ./target/${app_name}.jar ./app.jar
CMD ["java", "-Dserver.port=80","-Dproject.version=${version}", "-Dbuild.number=${build}", "-jar", "./app.jar"]
应用程序属性有下一个数据:
# Hibernate ddl auto (create, create-drop, update)
spring.jpa.hibernate.ddl-auto=validate
spring.jpa.properties.hibernate.show-sql=true
spring.jpa.properties.hibernate.use-sql-comments=true
spring.jpa.properties.hibernate.format-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
#MySQL DIALECT
spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
spring.datasource.tomcat.test-on-borrow=true
spring.datasource.tomcat.validation-query=SELECT 1
spring.datasource.url=jdbc:mysql://aws_rds:3306/service_db?serverTimeZone=UTC&useSSL=false
spring.datasource.username=@database.username@
spring.datasource.password=@database.password@
spring.datasource.initialization-mode=always
spring.datasource.hikari.maximum-pool-size=5
# Flyway
spring.flyway.locations=classpath:db/migration
spring.flyway.check-location=true
spring.flyway.validate-on-migrate=false
spring.flyway.out-of-order=true
spring.flyway.table=schema_version
我在docker中错过了什么?
很可能 openjdk:8 您使用的基础 Docker 图像不支持 AWS Aurora 所需的 TLS 版本。您必须检查您的 AWS Aurora 允许使用哪个 TLS 版本,然后确保安装在 Docker 映像中的 Java 支持它。你可以看看
请注意,最近,在 2021 年 4 月,Java™ SE Development Kit 8, Update 291 (JDK 8u291) 更改了允许的 TLS 版本:
➜ Disable TLS 1.0 and 1.1
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file.
不推荐用于生产
您可以通过将 --ssl=0 命令添加到您的 mysql docker-compose.yml 例如
version: '3.3'
services:
mysql:
image: mysql:5.7
command: --ssl=0
volumes:
- ./data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: yourPassword
ports:
- "3306:3306"