問題描述

我正在使用一個容器化的 Laravel 應用程序，它應該連接到遠程 rds 數據庫，這里是一個示例 .env

I'm working with a containerized Laravel app that is supposed to be connecting to a remote rds database, here is a sample .env

DB_HOST=xxxxxx.rds.amazonaws.com
DB_DATABASE=sample
DB_USERNAME=sample
DB_PASSWORD=sample
DB_PORT=3306
DATABASE_DRIVER=mysql

容器正常工作，但問題是，當我嘗試運行 composer ie 時，它??無法連接到遠程 rds 數據庫:

The container works as it should but the problem is, it cannot connect to the remote rds database, when I try running composer ie:

$ docker exec -ti laravel-php bash
$ composer install

我收到此錯誤:

[PDOException]
SQLSTATE[HY000] [1045] Access denied for user 'sample'@'192.168.66.1' (using password: YES)  
                                                                                                        

Script php artisan clear-compiled handling the post-install-cmd event returned with error code 1

192.168.66.1 作為我的 docker 容器的 ip，我懷疑數據庫策略是通過 @localhost 訪問打開的，因為我的開發人員確認它對公共連接開放.

192.168.66.1 as my docker container's ip, I suspect that the db policy is open via @localhost access since my dev ops confirmed that it's open for public connections.

順便說一句，我正在使用 docker-compose 版本 2，這是一個示例 docker-compose:

I'm using docker-compose version 2 btw, here's a sample docker-compose:

version: '2'
services:

    sample-server:
        build:
            context: ./
            dockerfile: sample.server.docker
        volumes:
            - ../backend:/var/www
        ports:
            - "8081:80"
        environment:
            - VIRTUAL_HOST=sample.local
        links:
            - sample-php
        depends_on:
            - sample-php
    sample-php:
        build:
            context: ./
            dockerfile: sample.php.docker
        volumes:
            - .:/var/www
        links:
            - sample-database
        environment:
            - "DB_PORT=3306"
            - "DB_HOST=sample-database"
    sample-database:
        image: mysql:5.7
        environment:
            - "MYSQL_ROOT_PASSWORD=samplepassword"
            - "MYSQL_DATABASE=sample"
        ports:
            - "33081:3306"
    sample-nginx-proxy:
        image: jwilder/nginx-proxy
        ports:
            - "80:80"
        volumes:
            - /var/run/docker.sock:/tmp/docker.sock:ro
networks:
    default:
        external:
            name: sample-nginx-proxy

我該如何解決這個問題?

How can I fix this?

推薦答案

檢查以下內容:

數據庫可公開訪問:在數據庫所在的 VPC 外部進行連接，更具體地說是通過 Internet 訪問，需要將數據庫配置為公共可訪問性.你說的已經完成了.由于您有內部 IP，而數據庫沒有公共 IP，因此這不是真正必需的.

Database is publicly accessible: Connecting outside the VPC that the database resides, more specifically accessed over the internet, requires that the database is configured for Public Accessibility. Which you said is already done. As you have an internal IP, and the database does not have a public IP, this is not really required.

基本配置:檢查數據庫名稱和端口是否設置正確，我相信你已經完成了.

Basic Configuration: Check that the database name, and port is set correctly, which I am sure you have done.

安全組入站規則:這很可能是這種情況，數據庫將有一個或多個 安全組.確保安全組配置為允許從您的案例中的客戶端進行入站訪問:192.168.66.1

Security Group Inbound Rules: This is most likely the case, the database will have one or more security groups. Ensure that the security group is configured to allow inbound access from the client in your case: 192.168.66.1

確認客戶端的IP地址:192.168.66.1 是容器的奇怪 IP，VPC 子網的前 4 個 IP 地址是 保留.

Confirm the IP address of the client: 192.168.66.1 is a strange IP for the container, the first 4 IP Addresses of a VPC Subnet are reserved.

確認網絡路由:確認包含客戶端的 VPC 可以連接到數據庫.當客戶端在 docker 容器中運行時，請確保容器可以訪問數據庫.簡單的方法是在數據庫子網中的 EC2 實例上啟用 ICMP 數據包，并檢查您是否可以 Ping 或使用 VPC 路由 分析器.

Confirm the network routing: Confirm that the VPC that contains the client can connect to the database. As the client is running within a docker container ensure that the container can access the database. Easy way to do this is enable ICMP packets on an EC2 instance in the database subnet, and check you can Ping it or use the VPC route analyser.

檢查數據庫用戶權限:數據庫用戶可以連接任何地址而不是 localhost.

Check the database user rights: Can the database user connect for any address not localhost.

VPC 的安全性:檢查兩個子網的 ACL入站和出站

Security on the VPC: Check the ACLs of the subnets for both inbound and outbound

更新:這是來自 AWS 的鏈接:故障排除用于亞馬遜 RDS.

UPDATE: Here is a link from AWS: Troubleshooting for Amazon RDS.

這篇關于Laravel Docker 容器無法連接到遠程 AWS RDS 數據庫的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！