在 Jira Service Management 和 PostgreSQL 13.5 之间设置 mTLS
Set up mTLS between Jira Service Management and PostgreSQL 13.5
我正在尝试在 JSM 和 PostgreSQL 之间建立 mTLS 连接。
在数据库方面,我打开了 SSL,在 pg_hba.conf 我添加了下面的配置来告诉客户端使用证书进行连接:
hostssl all all 0.0.0.0/0 cert clientcert=1
在应用程序方面,我通过下面的行验证了它,它能够连接到数据库:
psql "host=<database server FQDN> port=5432 user=jiradbuser dbname=jiradb sslmode=verify-full sslcert=/path/to/jiradb.crt sslrootcert=/path/to/root.crt sslkey=/path/to/jiradb.key"
但是,当我配置 dbconfig.xml 时,它总是抱怨:
no pg_hba.conf entry for host <ip address of jira service management server>, user "jiradbuser", database "jiradb", SSL off
以下是dbconfig.xml的内容:
<?xml version="1.0" encoding="UTF-8"?>
<jira-database-config>
<name>defaultDS</name>
<delegator-name>default</delegator-name>
<database-type>postgres72</database-type>
<schema-name>public</schema-name>
<jdbc-datasource>
<url>jdbc:postgresql://<PosgreSQL server FQDN>:5432/jiradb?ssl=true;sslmode=verify-full;sslrootcert=/path/to/ca2.crt;sslcert=/path/to/jiradb.crt;sslkey=/path/to/jiradb.key</url>
<driver-class>org.postgresql.Driver</driver-class>
<username>jiradbuser</username>
<password><password></password>
<pool-min-size>30</pool-min-size>
<pool-max-size>30</pool-max-size>
<pool-max-wait>30000</pool-max-wait>
<validation-query>select 1</validation-query>
<min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
<time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>
<pool-max-idle>30</pool-max-idle>
<pool-remove-abandoned>true</pool-remove-abandoned>
<pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
<pool-test-on-borrow>false</pool-test-on-borrow>
<pool-test-while-idle>true</pool-test-while-idle>
<connection-properties>tcpKeepAlive=true;socketTimeout=240</connection-properties>
</jdbc-datasource>
</jira-database-config>
请问 JDBC 的正确格式应该是什么?
谢谢
嗯,经过调查我注意到 dbconfig.xml 中的分隔符应该是“&”而不是“;”。此外,私钥应该在 PKCS#8 而不是 PKCS#1。
修改完这两个部分后,一切就绪 运行.
我正在尝试在 JSM 和 PostgreSQL 之间建立 mTLS 连接。
在数据库方面,我打开了 SSL,在 pg_hba.conf 我添加了下面的配置来告诉客户端使用证书进行连接:
hostssl all all 0.0.0.0/0 cert clientcert=1
在应用程序方面,我通过下面的行验证了它,它能够连接到数据库:
psql "host=<database server FQDN> port=5432 user=jiradbuser dbname=jiradb sslmode=verify-full sslcert=/path/to/jiradb.crt sslrootcert=/path/to/root.crt sslkey=/path/to/jiradb.key"
但是,当我配置 dbconfig.xml 时,它总是抱怨:
no pg_hba.conf entry for host <ip address of jira service management server>, user "jiradbuser", database "jiradb", SSL off
以下是dbconfig.xml的内容:
<?xml version="1.0" encoding="UTF-8"?>
<jira-database-config>
<name>defaultDS</name>
<delegator-name>default</delegator-name>
<database-type>postgres72</database-type>
<schema-name>public</schema-name>
<jdbc-datasource>
<url>jdbc:postgresql://<PosgreSQL server FQDN>:5432/jiradb?ssl=true;sslmode=verify-full;sslrootcert=/path/to/ca2.crt;sslcert=/path/to/jiradb.crt;sslkey=/path/to/jiradb.key</url>
<driver-class>org.postgresql.Driver</driver-class>
<username>jiradbuser</username>
<password><password></password>
<pool-min-size>30</pool-min-size>
<pool-max-size>30</pool-max-size>
<pool-max-wait>30000</pool-max-wait>
<validation-query>select 1</validation-query>
<min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
<time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>
<pool-max-idle>30</pool-max-idle>
<pool-remove-abandoned>true</pool-remove-abandoned>
<pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
<pool-test-on-borrow>false</pool-test-on-borrow>
<pool-test-while-idle>true</pool-test-while-idle>
<connection-properties>tcpKeepAlive=true;socketTimeout=240</connection-properties>
</jdbc-datasource>
</jira-database-config>
请问 JDBC 的正确格式应该是什么?
谢谢
嗯,经过调查我注意到 dbconfig.xml 中的分隔符应该是“&”而不是“;”。此外,私钥应该在 PKCS#8 而不是 PKCS#1。 修改完这两个部分后,一切就绪 运行.