I’m working on a Flask application that uses SQLAlchemy and PyMySQL to connect to a MySQL database hosted on Render.com. I’m facing SSL connection issues, and I’m not sure how to configure the SSL parameters correctly.
我正在开发一个FlaskTM应用程序,它使用SQLAlChemy和PyMySQL连接到Render.com上托管的MySQL数据库。我面临着SSL连接问题,我不确定如何正确配置SSL参数。
Here's a snippet:
以下是一段视频片段:
load_dotenv()
db_connect_string = os.getenv('DB_STR')
# Creating the engine.
engine = create_engine(db_connect_string, connect_args={"ssl_ca": "/etc/ssl/cert.pem"})
I’ve tried different variations of the ssl_ca parameter, but I keep encountering SSL-related errors, such as “server does not allow insecure connections” or “FileNotFoundError” for the certificate file.
我尝试了不同版本的ssl_ca参数,但我一直遇到与SSL相关的错误,例如证书文件的“服务器不允许不安全的连接”或“FileNotFoundError”。
Render.com provides SSL certificates, but I’m unsure about how to correctly configure the SSL parameters in SQLAlchemy and PyMySQL for this hosting environment. The service documentation mentions that SSL is handled automatically.
Render.com提供了SSL证书,但我不确定如何为这个托管环境在SQLAlChemy和PyMySQL中正确配置SSL参数。服务文档提到,SSL是自动处理的。
Any guidance or insights would be greatly appreciated. Thanks!
任何指导或见解都将不胜感激。谢谢!
更多回答
优秀答案推荐
Render will handle SSL certificates automatically for you on managed services, like their managed postgres instances or SSL for public facing servers.
Render将自动为您处理托管服务上的SSL证书,如托管的Postgres实例或面向公共服务器的SSL。
I'm not sure how you're deploying mysql into your workspace, but if you're using the render mysql example, you wont get SSL out of the box- you'll need to set that up yourself.
我不确定您是如何将MySQL部署到您的工作区中的,但如果您使用的是Render MySQL示例,您将无法获得开箱即用的SSL--您需要自己进行设置。
In the example case, you'll need to generate your own SSL certs, add them to your mount volume, and configure mysql to point to them. (some docs)
在本例中,您需要生成自己的SSL证书,将它们添加到挂载卷中,并配置MySQL以指向它们。(部分文档)
If you've done that setup already and the problem is that your DB connection can't find the cert in your mount volume or in your local filesystem (maybe you committed the cert into your repo), you can always upgrade your plan to starter and SSH to your service to navigate around the filesystem to find the cert and get the correct path, or have the startup log some paths for you so you can figure out the correct path and then put that in your code.
如果您已经完成了该设置,但问题是您的DB连接在挂载卷或本地文件系统中找不到证书(也许你已经将证书提交到了你的存储库中),你可以随时将你的计划升级到启动器,并通过SSH连接到你的服务,在文件系统中导航,找到证书并获得正确的路径,或者让启动记录一些路径,这样你就可以找出正确的路径,然后把它放在代码中。
更多回答
我是一名优秀的程序员,十分优秀!