I'm having some troubles trying to configure SSL with InfluxDB v1.8 running on Docker Compose.
I followed the official documentation to enable HTTPS with self-signed certificate, but the container crashes with the following error:
run: open server: open service: open "/etc/ssl/influxdb-selfsigned.crt": no such file or directory
It works if I run this configuration using docker run command:
docker run -p 8086:8086 -v $PWD/ssl:/etc/ssl \
-e INFLUXDB_DB=db0 \
-e INFLUXDB_ADMIN_USER=admin \
-e INFLUXDB_ADMIN_PASSWORD=supersecretpassword \
-e INFLUXDB_HTTP_HTTPS_ENABLED=true \
-e INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt" \
-e INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key" \
-d influxdb
My docker-compose.yml is the following:
version: "3"
services:
influxdb:
image: influxdb
ports:
- "8086:8086"
volumes:
- influxdb:/var/lib/influxdb
- ./ssl:/etc/ssl/
environment:
- INFLUXDB_DB=db0
- INFLUXDB_ADMIN_USER=admin
- INFLUXDB_ADMIN_PASSWORD=supersecretpassword
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt"
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key"
- INFLUXDB_HTTP_AUTH_ENABLED=true
volumes:
influxdb:
If I set INFLUXDB_HTTP_HTTPS_ENABLED to false, I can see that cert and key files are mounted as they should in /etc/ssl in the container ( docker exec -it airq_influxdb_1 ls -la /etc/ssl )
Do you have any idea why this is happening and how to solve it?
The environment variables passed in the docker-compose.yml are strings. You don't need to pass the quotes.
The influx DB is looking for the certificate under "/etc/ssl/influxdb-selfsigned.crt"...literally
Simply remove the quotes and the DB will start:
...
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE=/etc/ssl/influxdb-selfsigned.crt
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY=/etc/ssl/influxdb-selfsigned.key
...