SQLException 'Authentication type 10 is not supported' when connecting to kartoza/postgis image

[benjaminh]

I try to create a docker composition so that geonetwork and geoserver connect to the same Postgres/PostGIS database. So I use geonetwork:postgres image as suggested in the doc to connect to a postgres docker container.

When starting the containers, I get several SQLException errors, and all of them end with:

Initialization of bean failed; nested exception is java.lang.RuntimeException: 
java.sql.SQLException: Cannot create PoolableConnectionFactory
(The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.)

Here is my docker-compose.yml v3.1 example file (without the geoserver container) so that you can reproduce the problem :

version: '3.1'

services:

  geonetwork:
    image: geonetwork:postgres
    restart: always
    ports:
      - 8080:8080
    command: bash -c 'while !</dev/tcp/db/5432; do sleep 1; done; sh /entrypoint.sh catalina.sh run'
    environment:
      DATA_DIR: /var/lib/geonetwork_data
      POSTGRES_DB_HOST: db
      POSTGRES_DB_PORT: 5432
      POSTGRES_DB_NAME: ${POSTGRES_GN_DB}
      POSTGRES_DB_USERNAME: ${POSTGRES_USER}
      POSTGRES_DB_PASSWORD: ${POSTGRES_PASS}
    volumes:
      - geonetwork:/var/lib/geonetwork_data

  db:
    image: kartoza/postgis:13.0
    volumes:
      - geo-db-data:/var/lib/postgresql
    ports:
      - "25434:5432"
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASS=${POSTGRES_PASS}
      - POSTGRES_PASSWORD=${POSTGRES_PASS}
      - ALLOW_IP_RANGE=${ALLOW_IP_RANGE}
    restart: on-failure
    healthcheck:
      test: "exit 0"

volumes:
  geonetwork:
  geoserver-data:
  geo-db-data:

Notes:

• Environment variables are set in a .env file, but you can specify your own values.
• The database image is kartoza/postgis:13.0 because it is the one suggested by the geoserver docker documentation.

By the way, if I try to set a database service with a different image (like postgis/postgis), everything works fine. Yet, both images set up a postgres v13.0 database with a postgis v3.0. I guess this is a matter of postgres configuration, with some differences between the images, but I don't know which ones.

Could you elaborate on what postgres/postgis versions are compatible with the geonetwork docker images, and maybe specify this in the documentation ?

[cmotadev]

Hi Benjamim.

I've got this issue too, and this is because of the old embeded PostgreSQL JDBC driver (9.4.xx). I used the 3.10.2 version and got the same issues, too.

PostgreSQL 13+ now has default password encription set to SHA256. You have to change on postgresql.conf, putting back to MD5 or change the JDBC client. Look this thread

I had to change the JDBC driver version and, then, compiled geonetwork from sources and made my own image.

And so it works.

[cmotadev]

FROM maven:3.8-openjdk-8 AS BUILDER

ARG GEONETWORK_GIT_URL=https://github.com/geonetwork/core-geonetwork.git
ARG GEONETWORK_VERSION=3.10.x
ARG POSTGRESQL_JDBC_DRIVER_VERSION=42.2.18

ENV MAVEN_OPTS -Xmx512M -XX:MaxPermSize=256M

# VOLUME ["/root/.m2"]

WORKDIR /tmp

RUN git clone --recursive ${GEONETWORK_GIT_URL} geonetwork

WORKDIR /tmp/geonetwork

# Trocar o driver do PostgreSQL, pois o atual não suporta as versões 13+ antes de compilar
RUN set -xe && \
    git checkout ${GEONETWORK_VERSION} && \
    sed -i 's/<pg\.version>[^<]*</<pg.version>${POSTGRESQL_JDBC_DRIVER_VERSION}</g' pom.xml && \
    mvn clean install -DskipTests

FROM tomcat:8.5-jre8-openjdk-slim-bullseye AS RELEASE

RUN apt-get -y update && \
    apt-get -y install locales && \    
    sed -i '/pt_BR.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen && \
    apt-get -y autoremove --purge && \
    rm -rf /var/lib/apt/lists/*

COPY --from=BUILDER /tmp/geonetwork/web/target/geonetwork/ ${CATALINA_HOME}/webapps/geonetwork/