我正在 AWS 中设置 Wiki.js 实例,并已按照 此设置指南 通过 ECS 部署我的实例。
这是我目前得到的任务定义:
{
"taskDefinitionArn": "xxx",
"containerDefinitions": [
{
"name": "wikijs",
"image": "requarks/wiki:2",
"cpu": 0,
"portMappings": [
{
"name": "wikijs-3000-tcp",
"containerPort": 3000,
"hostPort": 3000,
"protocol": "tcp",
"appProtocol": "http"
},
{
"name": "wikijs-80-tcp",
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [
{
"name": "DB_TYPE",
"value": "postgres"
},
{
"name": "DB_SSL",
"value": "false"
},
{
"name": "DB_PASS",
"value": "password"
},
{
"name": "DB_PORT",
"value": "5432"
},
{
"name": "DB_USER",
"value": "postgres"
},
{
"name": "DB_NAME",
"value": "wiki"
},
{
"name": "DB_HOST",
"value": "wiki-db.xxx.xxx.rds.amazonaws.com"
}
],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/wikijs",
"awslogs-region": "xxx",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
}
}
],
"family": "wikijs",
"executionRoleArn": "arn:aws:iam::xxx:role/wikijs-task-execution-role",
"networkMode": "awsvpc",
"revision": 10,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "256",
"memory": "512",
"runtimePlatform": {
"cpuArchitecture": "ARM64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "2024-01-26T10:27:31.013Z",
"registeredBy": "arn:aws:iam::xxx:xxx",
"tags": []
}
我遵循的指南说只为端口 3000 设置端口映射,但我还为端口 80 设置了一个端口映射以防万一。
我还在 postgres 中设置了一个名为
wiki
的数据库
当我设置服务时,它成功初始化,并显示以下日志(最新的位于底部):
- =======================================
- =======================================
- Initializing...
- = Wiki.js 2.5.300 =====================
- Using database driver pg for postgres [ OK ]
- Connecting to database...
然后,它尝试连接数据库 10 次,但均失败,最终以这组日志结束:
- Connecting to database...
- Database Connection Error: 28000 undefined:undefined
- Will retry in 3 seconds... [Attempt 10 of 10]
- Connecting to database...
- Database Initialization Error: no pg_hba.conf entry for host "<ecs task ip>", user "postgres", database "wiki", no encryption
在尝试解决此问题时,我尝试将 postgres 数据库的
rds.force_ssl
参数设置为 false - 这会导致完全相同的错误
我还尝试将
DB_SSL
环境参数设置为 true
,但这会导致以下错误:
- Database Initialization Error: self-signed certificate in certificate chain
我期望的行为不是这些错误,而是我的 wikijs 实例应该连接到数据库,并开始设置启动所需的表。我是否遗漏了一些明显的东西来阻止这种行为的发生?
为了将更新的参数组应用到数据库,需要重新启动数据库。
重启后,
rds.force_ssl
参数被禁用,ECS任务可以连接到数据库。