连接重置:在 docker 中设置 Oracle SSL
我正在 docker 内设置 Oracle SSL 实例。
我正在使用这个 docker 映像: https://hub.docker.com/r/rafaelmariotti/oracle-ee-11g/
设置完 docker 机器等后,像这样运行实例: $docker run -d -p 1521:1521 -p 2484:2484 d03c4f0a4743
然后我通过 ssh 进入 docker 实例: $docker exec -it xxxxxxxxxx /bin/bash
修改listener.ora文件:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1521))
)
#(DESCRIPTION =
# (ADDRESS = (PROTOCOL = TCPS)(HOST = )(PORT = 2484))
#)
)
ADR_BASE_LISTENER = /home/oracle/app/oracle
以 # 开头的行是我添加的行,但在实际文件中未注释掉。
如果我连接到实例则不然,端口 1521 返回正确,但端口 2484 直接返回: IO Error: Connection reset java.net.SocketException: Connection reset
但是如果我通过将 TCPS 替换为 TCP 来更改添加的行
(ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 2484))
那么错误将类似于 ORA-xxxxx
所以看来 PROTOCOL = TCPS 带来了这个问题
有人可以帮忙吗?
谢谢!
我运行 12c 的 docker 实例
docker run -t -p 1532:1532 -p 1521:1521 -e ORACLE_SID=APITST -e ORACLE_PWD=pswd -v /Users/apuliyeril/anilfolder/docker/mounts/oracle:/opt/oracle/oradata oracle/database:12.1.0.2-ee
连接到实例
docker exec -it friendly_khorana /bin/bash
运行以下命令来创建钱包
orapki wallet create -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123 -auto_login_local
orapki wallet add -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123 -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 3650
orapki wallet display -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123
orapki wallet export -wallet /opt/oracle/admin/APITST/xdb_wallet -pwd WalletPasswd123 -dn "CN=`hostname`" -cert /tmp/15e31b633912-certificate.crt
将 .ora 文件编辑为
==> 监听器.ora <==
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/oracle/admin/APITST/xdb_wallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
(ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1532))
)
)
DEDICATED_THROUGH_BROKER_LISTENER=ON
DIAG_ADR_ENABLED = off
==> sqlnet.ora <==
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/oracle/admin/APITST/xdb_wallet)
)
)
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
==> tnsnames.ora <==
APITST=
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = APITST)
)
)
与 sqldeveloper 连接
keytool -import -trustcacerts -alias oracle3 -file 15e31b633912-certificate.crt -keystore /u01/keystore/OracleTrustStore.jks
更新 SqlDeveloper.conf /Applications/SQLDeveloper.app/Contents/Resources/sqldeveloper/sqldeveloper/bin/sqldeveloper.conf
AddVMOption -Djavax.net.ssl.trustStore=/u01/keystore/OracleTrustStore.jks
AddVMOption -Djavax.net.ssl.trustStorePassword=welcome1234
AddVMOption -Djavax.net.ssl.trustStoreType=JKS
要从 sqldevloper 进行连接,请重新启动 sqldeveloper 并使用 sqldeveloper 中的高级选项
| 归档时间: |
|
| 查看次数: |
1947 次 |
| 最近记录: |