search

qdrant / landing_page

Landing page for qdrant.tech
18 stars 73 forks source link

CERTIFICATE_VERIFY_FAILED when trying to use qdrant with docker-compose and https #694

Closed vhdmoradi closed 2 months ago

vhdmoradi commented 7 months ago

I have two containers, qdrant and searchai. qdrant is my qdrant container with this docker-compose setup:

version: '3'
services:
  qdrant:
    image: qdrant/qdrant:latest
    restart: always
    container_name: qdrant
    ports:
      - "6333:6333"
      - "6334:6334"
    volumes:
      - ./qdrant_data:/qdrant_data
    configs:
      - source: qdrant_config
        target: /qdrant/config/production.yaml
configs:
  qdrant_config:
    file: ./qdrant_data/qdrant_custom_config.yaml
volumes:
  qdrant_data:

And this is my qdrant_custom_config.yaml:

service:
  api_key: ${QDRANT_API_KEY}
  enable_tls: true
tls:
  # Server certificate chain file
  cert: /qdrant_data/tls/qdrant_3.pem

  # Server private key file
  key: /qdrant_data/tls/qdrant_key.pem

I generated the .pem files using mkcert and I gave the qdrant container name (qdrant) alongside with localhost to mkcert for .pem generation:

mkcert qdrant localhost 127.0.0.1 ::1

Then I have a function inside my django backend which is in the searchai container to connect to qdrant using:

qdrant_client = QdrantClient(
            url=kwargs.get("url", "https://qdrant"),
            port=kwargs.get("port", 6333),
            api_key=kwargs.get(
                "apikey"
            ),
            timeout=kwargs.get("timeout", 1000),
        )

So far there are a lot of places to make mistakes. But I do not know what I have done wrong that when I try to call this function from inside a backend api using curl:

curl 172.31.0.3:80/products/search/?q=kadin+ayakkabi&language=en

I get this error:

searchai  | qdrant_client.http.exceptions.ResponseHandlingException: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

I also checked the qdrant connection both from my host machine and from inside the searchai container: When I ran this curl command from my host machine, I got:

curl -X GET https://localhost:6333
{"title":"qdrant - vector search engine","version":"1.7.4"}

But the I went into the searchai container:

docker exec -it searchai sh
curl -X GET https://qdrant:6333
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I did check that the .pem files exactly exist in the specified dir /qdrant_data/tls. Other than this, I have no clue on how to solve this problem.

Anush008 commented 2 months ago

Hey. It would be more appropriate to reach out on our Discord server at https://qdrant.to/discord.