fix: 修复 docker compose 变量替换导致 DB/Redis 密码变空字符串
docker compose 的 environment 块在 shell 缺少 MYSQL_PASSWORD / REDIS_PASSWORD 时将 SPRING_DATASOURCE_PASSWORD 替换为空字符串, 此空字符串会覆盖 env_file 注入的值,导致 Spring 连接 MySQL/Redis 时使用空密码(using password: NO)。 修复: 1. deploy.sh 在 secrets.env 中额外写入 SPRING_DATASOURCE_PASSWORD 和 SPRING_DATA_REDIS_PASSWORD,由 env_file 直接注入容器 2. docker-compose.yml 中删除这两个 environment 条目,消除覆盖风险 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
这个提交包含在:
徐勤民
父节点
b411e613bd
当前提交
429077e7eb
@ -25,12 +25,12 @@ services:
|
|||||||
- ./config/tenant/bootstrap.env # 初始租户配置
|
- ./config/tenant/bootstrap.env # 初始租户配置
|
||||||
environment:
|
environment:
|
||||||
# 覆盖 application.yml 中硬编码的生产地址,私有化部署必须保留此块
|
# 覆盖 application.yml 中硬编码的生产地址,私有化部署必须保留此块
|
||||||
|
# SPRING_DATASOURCE_PASSWORD / SPRING_DATA_REDIS_PASSWORD 由 secrets.env 注入,
|
||||||
|
# 不在此处设置,避免 compose 变量替换时因 shell 缺少变量而覆盖成空字符串
|
||||||
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
||||||
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
||||||
SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
|
|
||||||
SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
|
SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
|
||||||
SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
|
SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
|
||||||
SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}"
|
|
||||||
SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
|
SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
@ -50,10 +50,8 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
||||||
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
||||||
SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
|
|
||||||
SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
|
SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
|
||||||
SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
|
SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
|
||||||
SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}"
|
|
||||||
SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
|
SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/uploads:/data/uploads # 上传文件持久化目录
|
- ./data/uploads:/data/uploads # 上传文件持久化目录
|
||||||
@ -108,10 +106,8 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
||||||
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
||||||
SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
|
|
||||||
SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
|
SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
|
||||||
SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
|
SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
|
||||||
SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}"
|
|
||||||
SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
|
SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
|
||||||
TENANT_SERVICE_URL: "http://tenant-service:9001"
|
TENANT_SERVICE_URL: "http://tenant-service:9001"
|
||||||
PUSH_SERVICE_URL: "http://push-service:8083"
|
PUSH_SERVICE_URL: "http://push-service:8083"
|
||||||
@ -134,7 +130,6 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
||||||
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
||||||
SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
@ -154,7 +149,6 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
||||||
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
||||||
SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
|
|
||||||
SDK_TENANT_SERVICE_URL: "http://tenant-service:9001"
|
SDK_TENANT_SERVICE_URL: "http://tenant-service:9001"
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/update:/data/update # 版本包存储目录
|
- ./data/update:/data/update # 版本包存储目录
|
||||||
@ -176,5 +170,4 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
|
||||||
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
|
||||||
SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|||||||
@ -319,6 +319,9 @@ cat > "$ROOT_DIR/config/secrets.env" <<EOF
|
|||||||
MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
||||||
MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||||
REDIS_PASSWORD=${REDIS_PASSWORD}
|
REDIS_PASSWORD=${REDIS_PASSWORD}
|
||||||
|
# Spring 直接读取的 env 名(避免 docker compose 变量替换时因 shell 缺失变量而变成空字符串)
|
||||||
|
SPRING_DATASOURCE_PASSWORD=${MYSQL_PASSWORD}
|
||||||
|
SPRING_DATA_REDIS_PASSWORD=${REDIS_PASSWORD}
|
||||||
EOF
|
EOF
|
||||||
chmod 600 "$ROOT_DIR/config/secrets.env"
|
chmod 600 "$ROOT_DIR/config/secrets.env"
|
||||||
ok "config/secrets.env 已写入 (chmod 600)"
|
ok "config/secrets.env 已写入 (chmod 600)"
|
||||||
|
|||||||
正在加载...
在新工单中引用
屏蔽一个用户
