Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CERTIFICATE_VERIFY_FAILED when trying to use qdrant with docker-compose and https #694

Open
vhdmoradi opened this issue Mar 7, 2024 · 0 comments
Open

CERTIFICATE_VERIFY_FAILED when trying to use qdrant with docker-compose and https #694

vhdmoradi opened this issue Mar 7, 2024 · 0 comments

Comments

@vhdmoradi
Copy link

vhdmoradi commented Mar 7, 2024
edited

I have two containers, qdrant and searchai. qdrant is my qdrant container with this docker-compose setup:

version: '3'
services:
  qdrant:
    image: qdrant/qdrant:latest
    restart: always
    container_name: qdrant
    ports:
      - "6333:6333"
      - "6334:6334"
    volumes:
      - ./qdrant_data:/qdrant_data
    configs:
      - source: qdrant_config
        target: /qdrant/config/production.yaml
configs:
  qdrant_config:
    file: ./qdrant_data/qdrant_custom_config.yaml
volumes:
  qdrant_data:

And this is my qdrant_custom_config.yaml:

service:
  api_key: ${QDRANT_API_KEY}
  enable_tls: true
tls:
  # Server certificate chain file
  cert: /qdrant_data/tls/qdrant_3.pem

  # Server private key file
  key: /qdrant_data/tls/qdrant_key.pem

I generated the .pem files using mkcert and I gave the qdrant container name (qdrant) alongside with localhost to mkcert for .pem generation:

mkcert qdrant localhost 127.0.0.1 ::1

Then I have a function inside my django backend which is in the searchai container to connect to qdrant using:

qdrant_client = QdrantClient(
            url=kwargs.get("url", "https://qdrant"),
            port=kwargs.get("port", 6333),
            api_key=kwargs.get(
                "apikey"
            ),
            timeout=kwargs.get("timeout", 1000),
        )

So far there are a lot of places to make mistakes. But I do not know what I have done wrong that when I try to call this function from inside a backend api using curl:

curl 172.31.0.3:80/products/search/?q=kadin+ayakkabi&language=en

I get this error:

searchai  | qdrant_client.http.exceptions.ResponseHandlingException: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

I also checked the qdrant connection both from my host machine and from inside the searchai container:
When I ran this curl command from my host machine, I got:

curl -X GET https://localhost:6333
{"title":"qdrant - vector search engine","version":"1.7.4"}

But the I went into the searchai container:

docker exec -it searchai sh
curl -X GET https://qdrant:6333
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I did check that the .pem files exactly exist in the specified dir /qdrant_data/tls. Other than this, I have no clue on how to solve this problem.
@vhdmoradi vhdmoradi changed the title ERTIFICATE_VERIFY_FAILED when trying to use qdrant with docker-compose and https CERTIFICATE_VERIFY_FAILED when trying to use qdrant with docker-compose and https Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vhdmoradi