L3 - Default Environment (Required on creation): Windows / Linux
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):
Cannot connect to a DB server (PostgreSQL 11.12 in this case) with SSL. With camunda-bpm-platform:tomcat-7.16.0 image, this is possible by attaching "?ssl=true" at the end of the DB URL. It's not possible with tomcat-7.17.0. The error log complains about missing SSL libraries.
Steps to reproduce (Required on creation):
Try to use a database with SSL connection by addng "?ssl=true" at the end of the DB URL.
Observed Behavior (Required on creation):
Cannot connect to the database. The image fails to start.
Expected behavior (Required on creation):
Run normally.
Root Cause (Required on prioritization):
SSL libraries missing in the new docker image.
Solution Ideas (Optional):
Hints (optional):
This is the controller panel for Smart Panels app
[CAM-14595] SSL library not found
Hi @Nikola Koevski,
It's PostgreSQL 11.12. It still works properly with the 7.16.0 version, which I've fixed currently to solve the issue.
I've updated the ticket description accordingly.
Thank you,
Onur
Hi DeadDuck,
Sorry for the long delay. I haven't had time to investigate this issue.
I can replicate the issue on both:
- camunda/camunda-bpm-platform:tomcat-7.17.0 (base image alpine:3.15)
- camunda/camunda-bpm-platform:tomcat-7.16.0 (base image alpine:3.15)
- camunda/camunda-bpm-platform:tomcat-7.12.0 (base image alpine:3.10)
I perform the following steps:
- I start a DB container with:
docker run --rm --name pg -p 5432:5432 -e POSTGRES_PASSWORD=camunda postgres:11.12
- I start a Camunda Platform 7.17.0/7.16.0/7.12.0 container with:
docker run -it --rm --name camunda -p 8080:8080 --link pg:db \ -e DB_DRIVER=org.postgresql.Driver \ -e DB_URL="jdbc:postgresql://db:5432/postgres?ssl=true" \ -e DB_USERNAME=postgres \ -e DB_PASSWORD=camunda \ -e WAIT_FOR=db:5432 \ camunda/camunda-bpm-platform:tomcat-7.17.0
For both Camunda Platform 7.17.0, 7.16.0, and 7.12.0 I can see the following error:
SEVERE [main] org.apache.tomcat.jdbc.pool.ConnectionPool.init Unable to create initial connections of pool. org.postgresql.util.PSQLException: The server does not support SSL. at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:561) at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168) at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235) at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223) at org.postgresql.Driver.makeConnection(Driver.java:400) at org.postgresql.Driver.connect(Driver.java:259) at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:347) at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:228) at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:769) at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:697) at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:496) at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:154) at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:121) at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:110) at org.apache.tomcat.jdbc.pool.DataSourceFactory.createDataSource(DataSourceFactory.java:560) at org.apache.tomcat.jdbc.pool.DataSourceFactory.getObjectInstance(DataSourceFactory.java:244) at org.apache.naming.factory.FactoryBase.getObjectInstance(FactoryBase.java:96) at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:330) at org.apache.naming.NamingContext.lookup(NamingContext.java:864) at org.apache.naming.NamingContext.lookup(NamingContext.java:158) at org.apache.naming.NamingContext.lookup(NamingContext.java:850) at org.apache.naming.NamingContext.lookup(NamingContext.java:172) at org.apache.naming.SelectorContext.lookup(SelectorContext.java:161) at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409) at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.initDataSource(ProcessEngineConfigurationImpl.java:1533) at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.init(ProcessEngineConfigurationImpl.java:1045) at org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl.buildProcessEngine(ProcessEngineConfigurationImpl.java:1016) at org.camunda.bpm.container.impl.jmx.services.JmxManagedProcessEngineController.start(JmxManagedProcessEngineController.java:38) at org.camunda.bpm.container.impl.jmx.MBeanServiceContainer.startService(MBeanServiceContainer.java:77) at org.camunda.bpm.container.impl.jmx.MBeanServiceContainer.startService(MBeanServiceContainer.java:63) at org.camunda.bpm.container.impl.deployment.StartProcessEngineStep.performOperationStep(StartProcessEngineStep.java:119) at org.camunda.bpm.container.impl.spi.DeploymentOperation.execute(DeploymentOperation.java:120) at org.camunda.bpm.container.impl.jmx.MBeanServiceContainer.executeDeploymentOperation(MBeanServiceContainer.java:160) at org.camunda.bpm.container.impl.spi.DeploymentOperation$DeploymentOperationBuilder.execute(DeploymentOperation.java:216) at org.camunda.bpm.container.impl.tomcat.TomcatBpmPlatformBootstrap.deployBpmPlatform(TomcatBpmPlatformBootstrap.java:83) at org.camunda.bpm.container.impl.tomcat.TomcatBpmPlatformBootstrap.lifecycleEvent(TomcatBpmPlatformBootstrap.java:61) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:920) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.startup.Catalina.start(Catalina.java:772) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)
Questions:
- Are you doing any modifications to the Docker image to get it working with SSL?
- If yes, can you provide the steps, or an example on what modifications you make?
Otherwise, I would classify this as a missing functionality, and not a bug. In that case, it would be better to raise a feature request.
Best,
Nikola
This ticket was migrated to github: https://github.com/camunda/camunda-bpm-platform/issues/2648. Please use this link for any future references and continue any discussion there.
Hi DeadDuck,
Thank you for raising this issue.
To what database are you trying to connect? This would help with reproduction and debugging.
Furthermore, the 7.16.0 Docker image was rebuilt because we bumped the base image from alpine:3.12 to alpine:3.13 due to some security fixes. Can you confirm that an SSL connection works on 7.16.0 if you pull a clean copy of that image from DockerHub?
Best,
Nikola