从 Django 连接到 RDS MySQL 时出现 SSL 连接错误
我正在尝试在 Heroku 上部署一个 Django 应用程序,并将 RDS 实例作为数据库后端.一切正常,直到我尝试加密连接,然后出现此错误:
I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error:
OperationalError at /path/
(2026, 'SSL connection error')
设置如下:
- 标准 Django 应用程序
- 具有安全组的 MySQL RDS 实例允许来自所有 IP 地址的连接
- MySQL 用户设置为允许来自任何主机的连接
- Amazon 的 pem 已下载并在 Django 设置中指定
在 Heroku 上:
On Heroku:
DATABASE_URL: mysql2://username:password@instance.us-east-1.rds.amazonaws.com:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem
在 Django 设置中:
In Django settings:
DATABASES = {
'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}`
我已经尝试搜索并阅读了很多关于在 Rails 中设置这种类型的环境的内容,但是关于使用 Django 执行此操作的文档很少甚至不存在.
I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent.
有没有人成功部署过类似的设置,或者有人想过如何解决这个错误?
Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error?
更新:
通过 cli 连接和在 python 解释器中直接使用 MySQLdb 连接一样有效.
Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.
推荐答案
已解决:
pem 文件的路径必须是绝对路径,您不能使用 python 尝试构建绝对路径.
The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path.
DATABASES = {
'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {
'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'}
}
同样,检测这样的路径不起作用,路径必须是硬编码的:
Again, detecting the path like this does not work, the path must be hard coded:
DATABASES['default']['OPTIONS'] = {
'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')}
}
相关文章