search

wallabag / wallabag

wallabag is a self hostable application for saving web pages: Save and classify articles. Read them later. Freely.
https://wallabag.org
MIT License
10.6k stars 776 forks source link

Installation fails while connection to postgresql using ssl #7496

Open IeP4nieF opened 6 months ago

IeP4nieF commented 6 months ago

Environment

My app/config/parameters.yml is: ``` # This file is auto-generated during the composer install parameters: database_driver: pdo_pgsql database_host: postgresql.domain database_port: 5432 database_name: wallabag database_user: wallabag database_password: database_path: null database_table_prefix: wallabag_ database_socket: null database_charset: utf8mb4 domain_name: 'https://wallabag.domain' server_name: 'Your wallabag instance' mailer_dsn: 'smtp://smtp.domain' locale: en secret: twofactor_sender: wallabag@domain fosuser_registration: true fosuser_confirmation: true fos_oauth_server_access_token_lifetime: 3600 fos_oauth_server_refresh_token_lifetime: 1209600 from_email: wallabag@domain rss_limit: 50 rabbitmq_host: localhost rabbitmq_port: 5672 rabbitmq_user: guest rabbitmq_password: guest rabbitmq_prefetch_count: 10 redis_scheme: tcp redis_host: localhost redis_port: 6379 redis_path: null redis_password: null sentry_dsn: null ```

What steps will reproduce the bug?

Try make install with a dedicated postgresql-host which forces ssl (hostssl in pg_hab.conf). After entering all the parameters make install fails with throwing an error:

ERROR!   Can't connect to the database: An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "postgresql.domain" (<ip>), port 5432 failed: Fatal error: np pg_hba.conf entry for host "<ip>", user "wallabag", database "wallabag", no encryption.

Obviously wallabag tries to connect with an unencrypted connection. There is no parameter in the documentation to switch sslmode on.

j0k3r commented 6 months ago

I guess that you then have certificats to provide to the connection?

Can you add these lines (filled with your informations) between line 59 & 60: https://github.com/wallabag/wallabag/blob/f8f7f962cebab65d94f29e165046dc6e638d1a37/app/config/config.yml#L59C9-L59C20

        sslmode:                  require             # PostgreSQL specific (LIBPQ-CONNECT-SSLMODE)
        sslrootcert:              postgresql-ca.pem   # PostgreSQL specific (LIBPQ-CONNECT-SSLROOTCERT)
        sslcert:                  postgresql-cert.pem # PostgreSQL specific (LIBPQ-CONNECT-SSLCERT)
        sslkey:                   postgresql-key.pem  # PostgreSQL specific (LIBPQ-CONNECT-SSLKEY)
        sslcrl:                   postgresql.crl      # PostgreSQL specific (LIBPQ-CONNECT-SSLCRL)

Be careful about the indentation.

IeP4nieF commented 2 months ago

Please excuse the very late reply. I'm willing to test this. But where do I find the file config.yml? I'm using docker-compose to deploy wallabag. And there is only the compose.yml.

j0k3r commented 2 months ago

It's inside the running wallabag container