java - 通过公共 IP 访问 cosmos db linux docker 模拟器时出现问题，如何使用自定义服务器证书？

问题描述

我在 linux 上使用 cosmos DB 模拟器 docker。当 cosmos 模拟器和应用程序在同一台机器（localhost）上时，Java 应用程序可以访问它，但是当它在不同的机器上（通过主机名或 IP 访问）时，应用程序无法访问它，因为模拟器只为CN=localhostjava颁发自签名证书应用程序无法验证主机名，因为证书颁发给 localhost 并在 java 应用程序上获得关注。

java.security.cert.CertificateException: No subject alternative names matching IP address <<PUBLIC_IP>> found

我想在 cosmos db 模拟器中使用我自己的自签名证书，以便我可以更改CN=<customehostname>. 通过使用自定义证书，我可以避免每次重新创建容器时都导入证书，并且应用程序不必为 HTTPS 调用覆盖主机名验证程序。

我正在使用 docker compose 运行模拟器，我尝试通过提供环境使用自定义自签名AZURE_COSMOS_EMULATOR_CERTIFICATE

version: '2.4' 
services:
  cosmosdb:
    container_name: "azurecosmosemulator"
    hostname: "azurecosmosemulator"
    image: 'mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator'
    tty: true
    mem_limit: 3GB
    ports:
        - '8081:8081'
        - '8900:8900'
        - '8901:8901'
        - '8902:8902'
        - '10250:10250'
        - '10251:10251'
        - '10252:10252'
        - '10253:10253'
        - '10254:10254'
        - '10255:10255'
        - '10256:10256'
        - '10350:10350'
    environment:
      AZURE_COSMOS_EMULATOR_PARTITION_COUNT: 5
      AZURE_COSMOS_EMULATOR_ENABLE_DATA_PERSISTENCE: "true"      
      AZURE_COSMOS_EMULATOR_CERTIFICATE: "/home/user1/emulator/cosmos/appdata/self-signed-cosmos-cert.pfx"

    network_mode: "host"
    volumes:
     - '/home/user1/emulator/cosmos/appdata/:/tmp/cosmos/appdata/'

使用上述选项，cosmos 模拟器无法启动，而在控制台上没有提供任何信息。

azurecosmosemulator | This is an evaluation version.  There are [141] days left in the evaluation period.
azurecosmosemulator | Shutting Down
azurecosmosemulator | Shut Down
azurecosmosemulator exited with code 255

我也试过AZURE_COSMOS_EMULATOR_IP_ADDRESS_OVERRIDE: <<PUBLIC_IP>>了，我在 SSLHandshake 中没有遇到任何问题，但应用程序确实从模拟器中获取了任何数据。另一方面，模拟器显示以下错误gateway.log

Connection: <not connected> -> rntbd://<<PUBLIC_IP>>:10251/
DocDBTrace Information: 0 : RNTBD: ConnectReuseAddrAsync binding local endpoint 0.0.0.0:0
DocDBTrace Information: 0 : RNTBD: ConnectReuseAddrAsync connecting to rntbd://<<PUBLIC_IP>>:10251/ (address <<PUBLIC_IP>>)
DocDBTrace Warning: 0 : RNTBD open timed out on channel <not connected> -> rntbd://<<PUBLIC_IP>>:10251/. Error: ConnectTimeout
DocDBTrace Warning: 0 : Channel.InitializeAsync failed. Channel: <not connected> -> rntbd://<<PUBLIC_IP>>:10251/. TransportException: Microsoft.Azure.Documents.TransportException: A client transport error occurred: The connection attempt timed out. (Time: 2021-07-23T03:07:48.3889645Z, activity ID: 7d1a352e-a1ac-4261-ac70-4fae32fd4146, error code: ConnectTimeout [0x0006], base error: HRESULT 0x80131500, URI: rntbd://<<PUBLIC_IP>>:10251/, connection: <not connected> -> rntbd://<<PUBLIC_IP>>:10251/, payload sent: False, CPU history: not available, CPU count: 4)
   at Microsoft.Azure.Documents.Rntbd.Channel.<InitializeAsync>d__28.MoveNext()
DocDBTrace Warning: 0 : Channel initialization failed. Consuming the task exception asynchronously. Server URI: rntbd://<<PUBLIC_IP>>:10251/. Exception: A client transport error occurred: The connection attempt timed out. (Time: 2021-07-23T03:07:48.3889645Z, activity ID: 7d1a352e-a1ac-4261-ac70-4fae32fd4146, error code: ConnectTimeout [0x0006], base error: HRESULT 0x80131500, URI: rntbd://<<PUBLIC_IP>>:10251/, connection: <not connected> -> rntbd://<<PUBLIC_IP>>:10251/, payload sent: False, CPU history: not available, CPU count: 4)
DocDBTrace Information: 0 : RequestAsync failed: RID: , Resource Type: DatabaseAccount, Op: (operationType: Read, resourceType: DatabaseAccount), Address: rntbd://<<PUBLIC_IP>>:10251/apps/DocDbApp/services/DocDbMaster0/partitions/780e44f4-38c8-11e6-8106-8cdcd42c33be/replicas/1p/, Exception: Microsoft.Azure.Documents.TransportException: A client transport error occurred: The connection attempt timed out. (Time: 2021-07-23T03:07:48.3889645Z, activity ID: 7d1a352e-a1ac-4261-ac70-4fae32fd4146, error code: ConnectTimeout [0x0006], base error: HRESULT 0x80131500, URI: rntbd://<<PUBLIC_IP>>:10251/, connection: <not connected> -> rntbd://<<PUBLIC_IP>>:10251/, payload sent: False, CPU history: (2021-07-23T03:04:10.1134303Z 100.000), (2021-07-23T03:04:20.1135838Z 100.000), CPU count: 4)
   at Microsoft.Azure.Documents.Rntbd.Channel.<InitializeAsync>d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Documents.Rntbd.Channel.<<Initialize>b__14_0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Documents.Rntbd.Channel.<RequestAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.Documents.Rntbd.LoadBalancingPartition.<RequestAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Documents.Rntbd.TransportClient.<InvokeStoreAsync>d__11.MoveNext()
DocDBTrace Information: 0 : Converting to Gone (read-only request)
DocDBTrace Information: 0 : RequestAsync failed: RID: , Resource Type: DatabaseAccount, Op: (operationType: Read, resourceType: DatabaseAccount), Address: rntbd://<<PUBLIC_IP>>:10251/apps/DocDbApp/services/DocDbMaster0/partitions/780e44f4-38c8-11e6-8106-8cdcd42c33be/replicas/1p/, Exception: Microsoft.Azure.Documents.TransportException: A client transport error occurred: The connection attempt timed out. (Time: 2021-07-23T03:07:48.3889645Z, activity ID: 7d1a352e-a1ac-4261-ac70-4fae32fd4146, error code: ConnectTimeout [0x0006], base error: HRESULT 0x80131500, URI: rntbd://<<PUBLIC_IP>>:10251/, connection: <not connected> -> rntbd://<<PUBLIC_IP>>:10251/, payload sent: False, CPU history: (2021-07-23T03:04:10.1134303Z 100.000), (2021-07-23T03:04:20.1135838Z 100.000), CPU count: 4)
   at Microsoft.Azure.Documents.Rntbd.Channel.<InitializeAsync>d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Documents.Rntbd.Channel.<<Initialize>b__14_0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Documents.Rntbd.Channel.<RequestAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.Documents.Rntbd.LoadBalancingPartition.<RequestAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Documents.Rntbd.TransportClient.<InvokeStoreAsync>d__11.MoveNext()
DocDBTrace Information: 0 : Converting to Gone (read-only request)
DocDBTrace Information: 0 : Exception Microsoft.Azure.Documents.GoneException: Message: The requested resource is no longer available at the server.

Q1。我可以使用自己的自签名证书而不是每次启动时使用模拟器生成的证书吗？

Q2。有没有其他方法可以解决这个问题？我已经尝试过覆盖主机名验证器，无法覆盖它，因为我正在使用azure-spring-boot-starter-cosmos并且内部使用reactor netty HttpClient.

Q3。cosmos 模拟器 docker 镜像是不是这样创建的，只能在本地机器上使用，不能通过公共 IP 使用？

任何帮助都会很棒。谢谢

标签： javaazuredockerazure-cosmosdb