CodingAllTheTime
CodingAllTheTime
Explore posts from servers
RRailway
Created by CodingAllTheTime on 8/8/2023 in #✋|help
Postgres Plugin: SSL error: Certificates do not conform to algorithm constraints
Just seen this @CheckMaathy . Is your deployment working now ?
25 replies
RRailway
Created by CodingAllTheTime on 8/8/2023 in #✋|help
Postgres Plugin: SSL error: Certificates do not conform to algorithm constraints
No problem, thanks. Will check it out
25 replies
RRailway
Created by CodingAllTheTime on 8/8/2023 in #✋|help
Postgres Plugin: SSL error: Certificates do not conform to algorithm constraints
@Brody This is the Dockerfile FROM quay.io/keycloak/keycloak:22.0.1 AS builder ENV KC_HEALTH_ENABLED=true ENV KC_METRICS_ENABLED=true ENV KC_FEATURES=token-exchange ENV KC_DB=postgres RUN sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /etc/crypto-policies/back-ends/java.config ADD --chown=keycloak:keycloak https://github.com/klausbetz/apple-identity-provider-keycloak/releases/download/1.7.0/apple-identity-provider-1.7.0.jar /opt/keycloak/providers/apple-identity-provider-1.7.0.jar COPY themes/keywind/theme/keywind /opt/keycloak/themes/keywind COPY realms /opt/keycloak/data/import RUN /opt/keycloak/bin/kc.sh build Final Image FROM quay.io/keycloak/keycloak:22.0.1 Copying Keycloak COPY --from=builder /opt/keycloak/ /opt/keycloak/ WORKDIR /opt/keycloak ENV HOSTNAME=${HOSTNAME} ENV KEYCLOAK_ADMIN=${KEYCLOAK_USER} ENV KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD} ARG PGHOST ARG PGPORT ARG PGDATABASE ARG PGUSER ARG PGPASSWORD ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] CMD ["start", "--proxy", "edge", "--hostname", "${HOSTNAME}", "--import-realm", "--db=postgres", "--db-url", "jdbc:postgresql://${PGHOST}:${PGPORT}/${PGDATABASE}", "--db-username", "${PGUSER}", "--db-password", "${PGPASSWORD}"]
25 replies
RRailway
Created by CodingAllTheTime on 8/8/2023 in #✋|help
Postgres Plugin: SSL error: Certificates do not conform to algorithm constraints
@Brody Keycloak recently added SHA1 to the list of disabled ssl algos. The general advice for devs encountering this issue when trying to connect to cloud db's still using this algo is to manually edit the java.config file to remove SH1 from the list of disabled algos during docker build https://github.com/keycloak/keycloak/issues/19185#issuecomment-1480763024
I have tried this, but that doesn't work on Railway. Everytime I try I get a permission denied, these are my logs. When I try to write to a temporary file and use that file as the new java.config: #5 DONE 4.4s  #7 [builder 2/6] RUN sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /usr/share/crypto-policies/DEFAULT/java.txt  #7 1.769 sed: couldn't open temporary file /usr/share/crypto-policies/DEFAULT/sedvMPHzX: Permission denied #7 ERROR: process "/bin/sh -c sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /usr/share/crypto-policies/DEFAULT/java.txt" did not complete successfully: exit code: 4
25 replies