Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied after upgrade to 1.25.0 #660

Open
Cologler opened this issue Mar 20, 2024 · 8 comments
Open

could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied after upgrade to 1.25.0 #660

Cologler opened this issue Mar 20, 2024 · 8 comments
Labels
bug Something isn't working known issue

Comments

@Cologler
Copy link

Cologler commented Mar 20, 2024
edited

After upgrading the linkding server to the latest version (1.25.0), the server returned code 500.

Docker-compose file:

version: '3.8'

services:
  linkding:
    container_name: linkding
    image: sissbruecker/linkding:latest
    ports:
      - "127.0.0.1:####:9090"
    volumes:
      - "/root/****/linkding:/etc/linkding/data"
    environment:
      LD_DB_ENGINE: postgres
      LD_DB_DATABASE: linkding
      LD_DB_USER: linkding
      LD_DB_PASSWORD: '********'
      LD_DB_HOST: '********.aws.neon.tech'
      LD_DB_PORT: '5432'
      LD_DB_OPTIONS: '{"options": "endpoint=********""}'
    restart: unless-stopped
    network_mode: bridge

Logs:

linkding  | 2024-03-20 07:58:12,183 INFO Secret key file already exists
linkding  | Operations to perform:
linkding  |   Apply all migrations: admin, auth, authtoken, background_task, bookmarks, contenttypes, sessions
linkding  | Running migrations:
linkding  |   No migrations to apply.

...

linkding  | 2024-03-20 08:01:05,822 ERROR Internal Server Error: /login/
linkding  | Traceback (most recent call last):
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 275, in ensure_connection
linkding  |     self.connect()
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 256, in connect
linkding  |     self.connection = self.get_new_connection(conn_params)
linkding  |                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/postgresql/base.py", line 277, in get_new_connection
linkding  |     connection = self.Database.connect(**conn_params)
linkding  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
linkding  |     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  | psycopg2.OperationalError: connection to server at "********.aws.neon.tech" (********), port 5432 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
linkding  | connection to server at "********.aws.neon.tech" (********), port 5432 failed: ERROR:  connection is insecure (try using `sslmode=require`)
linkding  |
linkding  |
linkding  | The above exception was the direct cause of the following exception:
linkding  |
linkding  | Traceback (most recent call last):
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
linkding  |     response = get_response(request)
linkding  |                ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 220, in _get_response
linkding  |     response = response.render()
linkding  |                ^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/response.py", line 114, in render
linkding  |     self.content = self.rendered_content
linkding  |                    ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/response.py", line 92, in rendered_content
linkding  |     return template.render(context, self._request)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/backends/django.py", line 61, in render
linkding  |     return self.template.render(context)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/base.py", line 169, in render
linkding  |     with context.bind_template(self):
linkding  |   File "/usr/local/lib/python3.11/contextlib.py", line 137, in __enter__
linkding  |     return next(self.gen)
linkding  |            ^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/template/context.py", line 254, in bind_template
linkding  |     context = processor(self.request)
linkding  |               ^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/etc/linkding/bookmarks/context_processors.py", line 27, in public_shares
linkding  |     has_public_shares = query_set.count() > 0
linkding  |                         ^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/query.py", line 620, in count
linkding  |     return self.query.get_count(using=self.db)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 629, in get_count
linkding  |     return obj.get_aggregation(using, {"__count": Count("*")})["__count"]
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 615, in get_aggregation
linkding  |     result = compiler.execute_sql(SINGLE)
linkding  |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/models/sql/compiler.py", line 1560, in execute_sql
linkding  |     cursor = self.connection.cursor()
linkding  |              ^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 316, in cursor
linkding  |     return self._cursor()
linkding  |            ^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 292, in _cursor
linkding  |     self.ensure_connection()
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 274, in ensure_connection
linkding  |     with self.wrap_database_errors:
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/utils.py", line 91, in __exit__
linkding  |     raise dj_exc_value.with_traceback(traceback) from exc_value
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 275, in ensure_connection
linkding  |     self.connect()
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/base/base.py", line 256, in connect
linkding  |     self.connection = self.get_new_connection(conn_params)
linkding  |                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/utils/asyncio.py", line 26, in inner
linkding  |     return func(*args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/db/backends/postgresql/base.py", line 277, in get_new_connection
linkding  |     connection = self.Database.connect(**conn_params)
linkding  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/psycopg2/__init__.py", line 122, in connect
linkding  |     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  | django.db.utils.OperationalError: connection to server at "******.aws.neon.tech" (******), port 5432 failed: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
linkding  | connection to server at "******.aws.neon.tech" (******), port 5432 failed: ERROR:  connection is insecure (try using `sslmode=require`)

Replacing with LD_DB_OPTIONS: '{"options": "endpoint=********", "sslmode": "require"}' also did not work.
@Cologler Cologler changed the title Server Error (500) after u could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied after upgrade Mar 20, 2024
@Cologler
Copy link
Author

Cologler commented Mar 20, 2024
edited

The config works on image sissbruecker/linkding:1.24.2.

@Cologler Cologler changed the title could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied after upgrade could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied after upgrade to 1.25.0 Mar 20, 2024
@sissbruecker
Copy link
Owner

You could give this a try: https://stackoverflow.com/a/75929838/11368281. Looks like it should be added under environmentwith docker-compose.

@Cologler
Copy link
Author

@sissbruecker it worked! 😄

@sissbruecker
Copy link
Owner

Let’s keep this open as a known issue for now. Maybe this should be added to the docker image, or maybe someone who knows Linux can figure out what the actual problem is.

@sissbruecker sissbruecker reopened this Mar 20, 2024
@sissbruecker sissbruecker added bug Something isn't working known issue labels Mar 20, 2024
@DevSH01
Copy link

DevSH01 commented Mar 26, 2024

had the same issue, this fixed it for me.

You could give this a try: https://stackoverflow.com/a/75929838/11368281. Looks like it should be added under environmentwith docker-compose.

I just added as env to docker compose
PGSSLCERT=/tmp/postgresql.crt

@Cologler
Copy link
Author

It looks like the user www-data does not have permission to access /root/.postgresql/postgresql.crt.

@mgutbor
Copy link

mgutbor commented Apr 21, 2024

It looks like the user www-data does not have permission to access /root/.postgresql/postgresql.crt.

Have you solved it?

@DevSH01
Copy link

DevSH01 commented Apr 22, 2024

It looks like the user www-data does not have permission to access /root/.postgresql/postgresql.crt.

Have you solved it?

just add PGSSLCERT=/tmp/postgresql.crt in your docker compose file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working known issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sissbruecker @Cologler @mgutbor @DevSH01