将SSL证书添加到docker容器中的postgres db

Question

我在一个docker容器中运行来自this镜像的Postgres DB。我尝试将SSL证书添加到其中。但是我无法将证书从主机移动到容器。

我甚至尝试使用this gist作为示例，但得到的响应如下。

Pulling bridge_db (postgres:alpine)...
alpine: Pulling from library/postgres
921b31ab772b: Pull complete
be3c1cbf8f01: Pull complete
59c0d4fd1acf: Pull complete
ac0dfed8036c: Pull complete
a866c759c33e: Pull complete
8166d6656385: Pull complete
b6da096b964f: Pull complete
3fad06bb156c: Pull complete
c48f6f07ba24: Pull complete
Digest:sha256:0058d56b16eda79d34fb7b6987cee0b26df495cb39bbf9a1e2fdab411b08648c
Status: Downloaded newer image for postgres:alpine
Creating core_bridge_db_1
Attaching to core_bridge_db_1
bridge_db_1  | The files belonging to this database system will be owned by user "postgres".
bridge_db_1  | This user must also own the server process.
bridge_db_1  |
bridge_db_1  | The database cluster will be initialized with locale "en_US.utf8".
bridge_db_1  | The default database encoding has accordingly been set to "UTF8".
bridge_db_1  | The default text search configuration will be set to "english".
bridge_db_1  |
bridge_db_1  | Data page checksums are disabled.
bridge_db_1  |
bridge_db_1  | fixing permissions on existing directory /var/lib/postgresql/data ... ok
bridge_db_1  | creating subdirectories ... ok
bridge_db_1  | selecting default max_connections ... 100
bridge_db_1  | selecting default shared_buffers ... 128MB
bridge_db_1  | selecting default timezone ... UTC
bridge_db_1  | selecting dynamic shared memory implementation ... posix
bridge_db_1  | creating configuration files ... ok
bridge_db_1  | running bootstrap script ... ok
bridge_db_1  | performing post-bootstrap initialization ... sh: locale:    not found
bridge_db_1  | 2019-06-26 22:24:17.643 UTC [27] WARNING:  no usable system locales were found
bridge_db_1  | ok
bridge_db_1  | syncing data to disk ... ok
bridge_db_1  |
bridge_db_1  | Success. You can now start the database server using:
bridge_db_1  |
bridge_db_1  |     pg_ctl -D /var/lib/postgresql/data -l logfile start
bridge_db_1  |
bridge_db_1  |
bridge_db_1  | WARNING: enabling "trust" authentication for local connections
bridge_db_1  | You can change this by editing pg_hba.conf or using the option -A, or
bridge_db_1  | --auth-local and --auth-host, the next time you run initdb.
bridge_db_1  | waiting for server to start....2019-06-26 22:24:18.202 UTC [31] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
bridge_db_1  | 2019-06-26 22:24:18.218 UTC [32] LOG:  database system was shut down at 2019-06-26 22:24:17 UTC
bridge_db_1  | 2019-06-26 22:24:18.221 UTC [31] LOG:  database system is ready to accept connections
bridge_db_1  |  done
bridge_db_1  | server started
bridge_db_1  | CREATE DATABASE
bridge_db_1  |
bridge_db_1  |
bridge_db_1  | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
bridge_db_1  |
bridge_db_1  | 2019-06-26 22:24:18.557 UTC [31] LOG:  received fast shutdown request
bridge_db_1  | waiting for server to shut down....2019-06-26 22:24:18.558 UTC [31] LOG:  aborting any active transactions
bridge_db_1  | 2019-06-26 22:24:18.558 UTC [31] LOG:  background worker "logical replication launcher" (PID 38) exited with exit code 1
bridge_db_1  | 2019-06-26 22:24:18.559 UTC [33] LOG:  shutting down
bridge_db_1  | 2019-06-26 22:24:18.568 UTC [31] LOG:  database system is shut down
bridge_db_1  |  done
bridge_db_1  | server stopped
bridge_db_1  |
bridge_db_1  | PostgreSQL init process complete; ready for start up.
bridge_db_1  |
bridge_db_1  | 2019-06-26 22:24:18.667 UTC [1] FATAL:  could not load server certificate file "/var/lib/postgresql/server.crt": no start line
bridge_db_1  | 2019-06-26 22:24:18.667 UTC [1] LOG:  database system is shut down
core_bridge_db_1 exited with code 1

Answer 1

查看server.crt中的第一行

它应该只是：

-----BEGIN CERTIFICATE-----

看看这行中是否有更多或更少的东西。(也许^M字符?)

我建议用dos2unix把crt文件转换成unix格式。