`could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied` after upgrade to 1.25.0

Cologler commented 7 months ago

After upgrading the linkding server to the latest version (1.25.0), the server returned code 500.

Docker-compose file:

version: '3.8'

services:
  linkding:
    container_name: linkding
    image: sissbruecker/linkding:latest
    ports:
      - "127.0.0.1:####:9090"
    volumes:
      - "/root/****/linkding:/etc/linkding/data"
    environment:
      LD_DB_ENGINE: postgres
      LD_DB_DATABASE: linkding
      LD_DB_USER: linkding
      LD_DB_PASSWORD: '********'
      LD_DB_HOST: '********.aws.neon.tech'
      LD_DB_PORT: '5432'
      LD_DB_OPTIONS: '{"options": "endpoint=********""}'
    restart: unless-stopped
    network_mode: bridge

Logs:

linkding  | 2024-03-20 07:58:12,183 INFO Secret key file already exists
linkding  | Operations to perform:
linkding  |   Apply all migrations: admin, auth, authtoken, background_task, bookmarks, contenttypes, sessions
linkding  | Running migrations:
linkding  |   No migrations to apply.

...

linkding  | 2024-03-20 08:01:05,822 ERROR Internal Server Error: /login/
linkding  | Traceback (most recent call last):
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 275, in ensure_connection
linkding  |     self.connect()
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 256, in connect
linkding  |     self.connection = self.get_new_connection(conn_params)
linkding  |                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/postgresql/base.py", line 277, in get_new_connection
linkding  |     connection = self.Database.connect(**conn_params)
linkding  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
linkding  |     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  | psycopg2.OperationalError: connection to server at "********.aws.neon.tech" (********), port 5432 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
linkding  | connection to server at "********.aws.neon.tech" (********), port 5432 failed: ERROR:  connection is insecure (try using `sslmode=require`)
linkding  |
linkding  |
linkding  | The above exception was the direct cause of the following exception:
linkding  |
linkding  | Traceback (most recent call last):
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
linkding  |     response = get_response(request)
linkding  |                ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 220, in _get_response
linkding  |     response = response.render()
linkding  |                ^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/response.py", line 114, in render
linkding  |     self.content = self.rendered_content
linkding  |                    ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/response.py", line 92, in rendered_content
linkding  |     return template.render(context, self._request)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/backends/django.py", line 61, in render
linkding  |     return self.template.render(context)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/base.py", line 169, in render
linkding  |     with context.bind_template(self):
linkding  |   File "/usr/local/lib/python3.11/contextlib.py", line 137, in __enter__
linkding  |     return next(self.gen)
linkding  |            ^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/context.py", line 254, in bind_template
linkding  |     context = processor(self.request)
linkding  |               ^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/etc/linkding/bookmarks/context_processors.py", line 27, in public_shares
linkding  |     has_public_shares = query_set.count() > 0
linkding  |                         ^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/query.py", line 620, in count
linkding  |     return self.query.get_count(using=self.db)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 629, in get_count
linkding  |     return obj.get_aggregation(using, {"__count": Count("*")})["__count"]
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 615, in get_aggregation
linkding  |     result = compiler.execute_sql(SINGLE)
linkding  |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/sql/compiler.py", line 1560, in execute_sql
linkding  |     cursor = self.connection.cursor()
linkding  |              ^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 316, in cursor
linkding  |     return self._cursor()
linkding  |            ^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 292, in _cursor
linkding  |     self.ensure_connection()
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 274, in ensure_connection
linkding  |     with self.wrap_database_errors:
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/utils.py", line 91, in __exit__
linkding  |     raise dj_exc_value.with_traceback(traceback) from exc_value
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 275, in ensure_connection
linkding  |     self.connect()
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 256, in connect
linkding  |     self.connection = self.get_new_connection(conn_params)
linkding  |                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/postgresql/base.py", line 277, in get_new_connection
linkding  |     connection = self.Database.connect(**conn_params)
linkding  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
linkding  |     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  | django.db.utils.OperationalError: connection to server at "******.aws.neon.tech" (******), port 5432 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
linkding  | connection to server at "******.aws.neon.tech" (******), port 5432 failed: ERROR:  connection is insecure (try using `sslmode=require`)

Replacing with LD_DB_OPTIONS: '{"options": "endpoint=********", "sslmode": "require"}' also did not work.

Cologler commented 7 months ago

The config works on image sissbruecker/linkding:1.24.2.

sissbruecker commented 7 months ago

You could give this a try: https://stackoverflow.com/a/75929838/11368281. Looks like it should be added under environmentwith docker-compose.

Cologler commented 7 months ago

@sissbruecker it worked! 😄

sissbruecker commented 7 months ago

Let’s keep this open as a known issue for now. Maybe this should be added to the docker image, or maybe someone who knows Linux can figure out what the actual problem is.

DevSH01 commented 7 months ago

had the same issue, this fixed it for me.

You could give this a try: https://stackoverflow.com/a/75929838/11368281. Looks like it should be added under environmentwith docker-compose.

I just added as env to docker compose PGSSLCERT=/tmp/postgresql.crt

Cologler commented 7 months ago

It looks like the user www-data does not have permission to access /root/.postgresql/postgresql.crt.

mgutbor commented 6 months ago

It looks like the user www-data does not have permission to access /root/.postgresql/postgresql.crt.

Have you solved it?

DevSH01 commented 6 months ago

It looks like the user www-data does not have permission to access /root/.postgresql/postgresql.crt.

Have you solved it?

just add PGSSLCERT=/tmp/postgresql.crt in your docker compose file

sissbruecker / linkding

`could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied` after upgrade to 1.25.0 #660