semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphoreui

Unable to connect to Postgres from Docker with sslmode disabled.

Open fiftin opened this issue 3 years ago • 11 comments

No env var SEMAPHORE_DB_OPTIONS for Docker image to disable sslmode for Postgres.

https://github.com/ansible-semaphore/semaphore/issues/745#issuecomment-1082980602

fiftin avatar Mar 30 '22 11:03 fiftin

Hi there - thanks for raising this issue. I believe the main change will be in this file: deployment/docker/common/semaphore-wrapper

Perhaps we could do something like this:

Provide an env var called SEMAPHORE_DB_OPTIONS_SSLMODE with an empty default value.

SEMAPHORE_DB_OPTIONS_SSLMODE="${SEMAPHORE_DB_OPTIONS_SSLMODE:-}"

And then some code in the wrapper file that does something like:

if [ "${SEMAPHORE_DB_OPTIONS_SSLMODE}" = "disabled" ]; then
# insert code here to make it work
# we need to add: ?sslmode=disabled to the connection string
...
fi;

And then later in the same file, around line 71, we'll need to include this when writing the config file.

Sorry I can't be more help. I don't really understand how this wrapper creates the config file that can be read by Semaphore but hopefully this will help steer someone in the right direction.

stuartmaxwell avatar Mar 30 '22 21:03 stuartmaxwell

I am able to bypass the ssl with postgres using the environment variable SEMAPHORE_DB: ${POSTGRES_DB:-semaphore}?sslmode=disable

fawqsir avatar Apr 01 '22 20:04 fawqsir

I am using the binary file mode of the semaphore, how do I bypass the ssl mode for postgres, do I need a different environment variable ?

bbarman4u avatar Apr 10 '22 04:04 bbarman4u

@bbarman4u you need to edit your config.json and add ?sslmode=disable to the database name here is the postgres section of my config.json that was generated by docker compose

        "postgres": {
                "host": "postgres:5432",
                "user": "semaphore",
                "pass": "semaphore",
                "name": "semaphore?sslmode=disable",
                "options": null
        },

tiny-pangolin avatar May 31 '22 03:05 tiny-pangolin

Also work for me add ?sslmode=disable to host

dmitrygribenchuk avatar Sep 21 '22 14:09 dmitrygribenchuk

Hi, please use following config:

        "postgres": {
                "host": "postgres:5432",
                "user": "semaphore",
                "pass": "semaphore",
                "name": "semaphore",
                "options": { "sslmode": "disable" }
        },

fiftin avatar Sep 21 '22 15:09 fiftin

Hi, please use following config:

        "postgres": {
                "host": "postgres:5432",
                "user": "semaphore",
                "pass": "semaphore",
                "name": "semaphore",
                "options": { "sslmode": "disable" }
        },

How can we set that with env vars in the Docker image?

I get this error:

time="2022-12-16T20:41:05Z" level=warning msg="pq: syntax error at or near \"?\""
panic: pq: unsupported sslmode "disable?sslmode=disable"; only "require" (default), "verify-full", "verify-ca", and "disable" supported
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x8c89b7]

Using this env var:

SEMAPHORE_DB: semaphore?sslmode=disable

onedr0p avatar Dec 16 '22 20:12 onedr0p

actually I'm getting the following error panic: pq: unsupported sslmode "disable?sslmode=disable"; only "require" (default), "verify-full", "verify-ca", and "disable" supported

when using the env var provided in the example SEMAPHORE_DB: semaphore?sslmode=disable

d-roak avatar Dec 21 '22 16:12 d-roak

in a recent update the need for adding ?sslmode=disable has been dropped. I cannot find the source for this at moment

tiny-pangolin avatar Dec 22 '22 04:12 tiny-pangolin

also submitted a PR so this doesn't affect anyone else

tiny-pangolin avatar Dec 22 '22 04:12 tiny-pangolin

Hi, please use following config:

        "postgres": {
                "host": "postgres:5432",
                "user": "semaphore",
                "pass": "semaphore",
                "name": "semaphore",
                "options": { "sslmode": "disable" }
        },

How can we set that with env vars in the Docker image?

I get this error:

time="2022-12-16T20:41:05Z" level=warning msg="pq: syntax error at or near \"?\""
panic: pq: unsupported sslmode "disable?sslmode=disable"; only "require" (default), "verify-full", "verify-ca", and "disable" supported
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x8c89b7]

Using this env var:

SEMAPHORE_DB: semaphore?sslmode=disable

same question!

zelanastasia avatar Jun 06 '23 09:06 zelanastasia

Great, so sslmode is now disabled by default.

...but I need sslmode to work with my Postgres.

🤦

Zorlin avatar Jan 07 '24 04:01 Zorlin

I also need SSL mode to work with my Postgres. is there a way?

abeastmal avatar Mar 27 '24 13:03 abeastmal

@Zorlin , @abeastmal sslmode is not disabled by default. Just do not provide this option.

fiftin avatar Mar 27 '24 13:03 fiftin

@fiftin I saw this in my container (I'm running it in kubernetes BTW, latest image)

time="2024-03-27T12:08:24Z" level=warning msg="pq: pg_hba.conf rejects connection for host \"10.244.0.107\", user \"semaphore\", database \"semaphore\", SSL off"
panic: pq: pg_hba.conf rejects connection for host "10.244.0.107", user "semaphore", database "semaphore", SSL off

Allowing non ssl connections was the only workaround for now

abeastmal avatar Mar 27 '24 16:03 abeastmal

Same issue with me as with @abeastmal.

Zorlin avatar Mar 27 '24 16:03 Zorlin