从 Django 连接到 RDS MySQL 时出现 SSL 连接错误

2021-11-27 00:00:00 django heroku ssl mysql amazon-rds

我正在尝试在 Heroku 上部署一个 Django 应用程序,并将 RDS 实例作为数据库后端.一切正常,直到我尝试加密连接,然后出现此错误:

I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error:

OperationalError at /path/
(2026, 'SSL connection error')

设置如下:

  • 标准 Django 应用程序
  • 具有安全组的 MySQL RDS 实例允许来自所有 IP 地址的连接
  • MySQL 用户设置为允许来自任何主机的连接
  • Amazon 的 pem 已下载并在 Django 设置中指定

在 Heroku 上:

On Heroku:

DATABASE_URL: mysql2://username:password@instance.us-east-1.rds.amazonaws.com:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem

在 Django 设置中:

In Django settings:

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}`

我已经尝试搜索并阅读了很多关于在 Rails 中设置这种类型的环境的内容,但是关于使用 Django 执行此操作的文档很少甚至不存在.

I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent.

有没有人成功部署过类似的设置,或者有人想过如何解决这个错误?

Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error?

更新:

通过 cli 连接和在 python 解释器中直接使用 MySQLdb 连接一样有效.

Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.

推荐答案

已解决:

pem 文件的路径必须是绝对路径,您不能使用 python 尝试构建绝对路径.

The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path.

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'}
}

同样,检测这样的路径不起作用,路径必须是硬编码的:

Again, detecting the path like this does not work, the path must be hard coded:

DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')}
}

相关文章