search

WhatsApp / WhatsApp-Business-API-Setup-Scripts

The scripts related to setting up WhatsApp business API
MIT License
404 stars 425 forks source link

Connection to PostgreSQL with required SSL #81

Closed CzernyJ closed 1 year ago

CzernyJ commented 1 year ago

Hi there,

I´m expanding on the setup mentioned in Issue https://github.com/WhatsApp/WhatsApp-Business-API-Setup-Scripts/issues/31 with one difference: I try to use PostgreSQL as a DB. For this I´m using a Azure Database for PostgreSQL flexible server which requires SSL by default.

I set the following environment variables:

env:
- name: WA_API_VERSION
  value: 2.41.2
- name: WA_DB_SSL_CA
  value: /usr/local/waent/data/certs/filename.crt.pem
- name: WA_DB_ENGINE
  value: PGSQL
image: docker.whatsapp.biz/coreapp:v2.41.2
volumeMounts:
    - mountPath: /usr/local/waent/data
      name: wch-kl-de-qs-data-volume

The defined path above (/usr/local/waent/data) is mounted as a persistent volume on the kubernetes system. And the matching certificate is present, that I checked. When the coreApp does start however I get the following errors in the log:

dbsettings.cpp:79] Database engine is set to  "PGSQL" req_id=Main
datastore.cpp:779] "create_configStore_139699752194944" connectOption: "SSL_CA=/usr/local/waent/data/certs/filename.crt.pem;connect_timeout=15" req_id=Main
datastore.cpp:132] Failed to create database "configStore" QSqlError("", "QPSQL: Unable to connect", "invalid connection option \"SSL_CA\"\n") req_id=Main
datastore.cpp:168] Failed to create database "configStore" req_id=Main
datastore.cpp:779] "configStore" connectOption: "SSL_CA=/usr/local/waent/data/certs/filename.crt.pem;connect_timeout=15" req_id=Main
datastore.cpp:179] Initiated DB connection "wchkldeqsconfigStore"  of engine type "PGSQL" req_id=Main
wasqldatabase.cpp:106] DB query   on  "wchkldeqsconfigStore" : "invalid connection option \"SSL_CA\"\nQPSQL: Unable to connect"  has error:  QSqlError("", "QPSQL: Unable to connect", "invalid connection option \"SSL_CA\"\n")  from function:  get db req_id=Main
wasqldatabase.cpp:106] DB query   on  "wchkldeqsconfigStore" : "invalid connection option \"SSL_CA\"\nQPSQL: Unable to connect"  has error:  QSqlError("", "QPSQL: Unable to connect", "invalid connection option \"SSL_CA\"\n")  from function:  open config db req_id=Main
main.cpp:50] Unable to initialize config store req_id=Main
wa-service: Unable to initialize ConfigStore

Looks like the behavior is different for PSQL than MYSQL. When using the quite old MYSQL 5.7 it worked with the environment variables above (except for the different DB_ENGINE).

Also in the documentation there are some additional variables mentioned. I guess the WA_DB_CONNECTION_OPTION should not be used anymore since it is deprecated. But for what exactly are the WA_DB_SSL_KEY and WA_DB_SSL_CERT used? Do I need a certificate for the on-prem API that is not needed in the MYSQL case?

Aside from that the error above does indicate some problem with the used WA_DB_SSL_CA when using PGSQL.

We´re using version 2.41.2.

facebook-github-bot commented 1 year ago

Hi CzernyJ (https://github.com/CzernyJ),

Thank you for your comment. This GitHub repo is not actively monitored. If you need help, please check previously asked questions in the WA Business API Developer Community, or raise a Direct support ticket. Meanwhile, we are happy to continue with less time-sensitive discussions in GitHub.

Thanks for your understanding!

mengyiyuan commented 1 year ago

Hi CzernyJ, It seems that the WA_DB_SSL_CA is only properly set when you are using MySQL, but not by Postgres.

for what exactly are the WA_DB_SSL_KEY and WA_DB_SSL_CERT used?

To my understanding, they are used by the Web / Core app to encrypt their connections with the database, which only supports MySQL atm.

Feel free to raise a Direct support ticket to share this feedback with the team.

Hope this helps!