search

Zibbp / ganymede

Twitch VOD and Live Stream archiving platform. Includes a rendered and real-time chat for each archive.
https://github.com/Zibbp/ganymede
GNU General Public License v3.0
491 stars 25 forks source link

DB_SSL=verify-full and DB_SSL=verify-ca no longer work #507

Closed joshuayuen99 closed 2 months ago

joshuayuen99 commented 2 months ago

It seems like as of v3.0.0 DB_SSL_ROOT_CERT is no longer being used anywhere to construct the connection string, and it results in errors such as:

{"level":"fatal","error":"querying server version tls: failed to verify certificate: x509: certificate signed by unknown authority","time":"2024-09-14T15:01:47-04:00","message":"error running auto migration"}

when attempting to upgrade to v3.0.0 with DB_SSL=verify-full.

It looks like this is what the connection string was when it was previously working in v2.3.2: internal/database/database.go

connectionString := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s sslrootcert=%s",
        dbHost, dbPort, dbUser, dbPass, dbName, dbSSL, dbSSLTRootCert)

What it looks like now: internal/server/server.go

dbString := fmt.Sprintf("user=%s password=%s host=%s port=%s dbname=%s sslmode=%s", envAppConfig.DB_USER, envAppConfig.DB_PASS, envAppConfig.DB_HOST, envAppConfig.DB_PORT, envAppConfig.DB_NAME, envAppConfig.DB_SSL)

cmd/worker/main.go

dbString := fmt.Sprintf("user=%s password=%s host=%s port=%s dbname=%s sslmode=%s", envAppConfig.DB_USER, envAppConfig.DB_PASS, envAppConfig.DB_HOST, envAppConfig.DB_PORT, envAppConfig.DB_NAME, envAppConfig.DB_SSL)
Zibbp commented 2 months ago

DB SSL functionality has been restored in https://github.com/Zibbp/ganymede/pull/508. You can use it now with the :dev image of the API container. Let me know if you have any issues with it.