我的 Django 应用程序托管在一台服务器上,我的 PostgreSQL 数据库托管在另一台服务器上。我希望两台服务器之间的通信强制通过 SSL。
我在Django的settings.py
中的数据库配置:
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': os.environ.get("DB_NAME"),
'USER': os.environ.get("DB_USER"),
'PASSWORD': os.environ.get("DB_PASS"),
'HOST': os.environ.get("DB_HOST"),
'PORT': '5432',
'OPTIONS': {
'sslmode': 'verify-full',
'sslrootcert': '/home/{user}/.postgresql/default_root.crt',
'sslcert': '/home/{user}/.postgresql/default.crt',
'sslkey': '/home/{user}/.postgresql/default.key',
},
}
我在 pg_hba.conf
文件中的配置:
hostssl {DB_NAME} {DB_USER} {DJANGO_SERVER_IP} md5 clientcert=1
运行 python manage.py dbshell --database default
会抛出以下错误:
psql: FATAL: connection requires a valid client certificate
FATAL: no pg_hba.conf entry for host "{DB_HOST}", user "{DB_USER}", database "{DB_NAME}", SSL off
完整的错误回溯:
Traceback (most recent call last):
File "manage.py", line 20, in <module>
main()
File "manage.py", line 16, in main
execute_from_command_line(sys.argv)
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
self.execute(*args, **cmd_options)
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/core/management/base.py", line 364, in execute
output = self.handle(*args, **options)
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/core/management/commands/dbshell.py", line 22, in handle
connection.client.runshell()
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/db/backends/postgresql/client.py", line 71, in runshell
DatabaseClient.runshell_db(self.connection.get_connection_params())
File "/home/{user}/.virtualenvs/{project_name}/lib/python3.6/site-packages/django/db/backends/postgresql/client.py", line 61, in runshell_db
subprocess.check_call(args)
File "/usr/lib/python3.6/subprocess.py", line 311, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['psql', '-U', '{DB_USER}', '-h', '{DB_HOST}', '-p', '5432', '{DB_NAME}']' returned non-zero exit status 2.
但是,当我运行 psycopg2.connect("host={DB_HOST} dbname={DB_NAME} user={DB_USER} password={DB_PASS} sslmode=verify-full sslcert=/home/{user}/.postgresql/default.crt sslkey=/home/{user}/.postgresql/default.key sslrootcert=/home/{user}/.postgresql/default_root.crt")
在Django python shell中,连接即可成立。
此外,openssl verify -CAfile default_root.crt default.crt
显示 default.crt: OK
。
任何帮助将不胜感激。提前致谢!
最佳答案
这个错误(对于 dbshell)似乎在 6 个月前解决了, https://code.djangoproject.com/ticket/30370
你能检查一下你的django版本吗,也许是旧版本
我还注意到,在代码测试中,他们对 ssl 模式使用了“verify-ca”
关于python - 无法在 Django 上使用 SSL 连接到 PostgreSQL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58569242/