Add TLS-enabled PostgreSQL and ThingsBoard integration, update README #1367
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…, and update services.env.template
Contributor
prasadtalasila
left a comment
prasadtalasila
left a comment
There was a problem hiding this comment.
@sigurd-rbj Thanks for the PR. I couldn't bring up the thingsboard service successfully. Please see the review comments.
deploy/services/README.md
Outdated
| ```bash | ||
| cat certs/services.foo.com/privkey.pem \ | ||
| certs/services.foo.com/fullchain.pem > certs/foo.com/combined.pem | ||
| certs/services.foo.com/fullchain.pem > certs/servicesfoo.com/combined.pem |
Contributor
There was a problem hiding this comment.
This should be certs/services.foo.com after redirection
| cp config/services.env.template config/services.env | ||
| ``` | ||
|
|
||
| * Start PostgreSQL and run ThingsBoard install. |
Contributor
There was a problem hiding this comment.
The data and log directories of thingsboard need specific permissions
sudo chown -R 799:799 data/thingsboard
sudo chown -R 799:799 log/thingsboardPlease see this page
deploy/services/README.md
Outdated
| * Start PostgreSQL and run ThingsBoard install. | ||
|
|
||
| ```bash | ||
| docker compose -f compose.services.secure.yml\ |
Contributor
There was a problem hiding this comment.
there should be a space character before the backward slash
| docker compose -f compose.services.secure.yml\ | ||
| --env-file config/services.env\ | ||
| up -d postgres | ||
| docker compose -f compose.services.secure.yml \ |
Contributor
There was a problem hiding this comment.
gives the following output
Starting ThingsBoard installation ...
OpenJDK 64-Bit Server VM warning: Option UseBiasedLocking was deprecated in version 15.0 and will likely be removed in a future release.
_____ _ _ ____ _
|_ _| |__ (_)_ __ __ _ ___| __ ) ___ __ _ _ __ __| |
| | | '_ \| | '_ \ / _` / __| _ \ / _ \ / _` | '__/ _` |
| | | | | | | | | | (_| \__ \ |_) | (_) | (_| | | | (_| |
|_| |_| |_|_|_| |_|\__, |___/____/ \___/ \__,_|_| \__,_|
|___/
===========================================================
:: ThingsBoard :: (v4.2.1)
===========================================================
Unable to start web server
| docker compose -f compose.services.secure.yml \ | ||
| --env-file config/services.env \ | ||
| run --rm -e INSTALL_TB=true thingsboard-ce | ||
| ``` |
Contributor
There was a problem hiding this comment.
thingsboard has installation step followed by service start step. Please see docs. The service start step must be specified as well.
Contributor
There was a problem hiding this comment.
If the service start command is run, it throws the following error.
docker compose -f compose.services.secure.yml --env-file config/services.env up thingsboard-ce
[+] Running 2/2
✔ Container postgres Running 0.0s
✔ Container thingsboard Created 0.1s
Attaching to thingsboard
thingsboard | Starting 'ThingsBoard Node Microservice' ...
thingsboard | OpenJDK 64-Bit Server VM warning: Option UseBiasedLocking was deprecated in version 15.0 and will likely be removed in a future release.
thingsboard | _____ _ _ ____ _
thingsboard | |_ _| |__ (_)_ __ __ _ ___| __ ) ___ __ _ _ __ __| |
thingsboard | | | | '_ \| | '_ \ / _` / __| _ \ / _ \ / _` | '__/ _` |
thingsboard | | | | | | | | | | | (_| \__ \ |_) | (_) | (_| | | | (_| |
thingsboard | |_| |_| |_|_|_| |_|\__, |___/____/ \___/ \__,_|_| \__,_|
thingsboard | |___/
thingsboard |
thingsboard | ===========================================================
thingsboard | :: ThingsBoard :: (v4.2.1)
thingsboard | ===========================================================
thingsboard |
thingsboard | 2025-11-23 14:53:08,148 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 8.0.3.Final
thingsboard | 2025-11-23 14:53:08,342 [main] INFO o.t.s.ThingsboardServerApplication - Starting ThingsboardServerApplication v4.2.1 using Java 17.0.16 with PID 1 (/usr/share/thingsboard/bin/thingsboard.jar started by thingsboard in /usr/share/thingsboard/bin)
thingsboard | 2025-11-23 14:53:08,344 [main] INFO o.t.s.ThingsboardServerApplication - No active profile set, falling back to 1 default profile: "default"
thingsboard | 2025-11-23 14:53:09,195 [main] WARN o.s.c.a.AnnotationTypeMapping - Support for convention-based annotation attribute overrides is deprecated and will be removed in Spring Framework 7.0. Please annotate the following attributes in @org.thingsboard.server.config.annotations.ApiOperation with appropriate @AliasFor declarations: [hidden, requestBody, responses]
thingsboard | 2025-11-23 14:53:14,466 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
thingsboard | 2025-11-23 14:53:14,466 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data JPA repositories in LAZY mode.
thingsboard | 2025-11-23 14:53:14,761 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 273 ms. Found 7
JPA repository interfaces.
thingsboard | 2025-11-23 14:53:14,765 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
thingsboard | 2025-11-23 14:53:14,765 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data JPA repositories in LAZY mode.
thingsboard | 2025-11-23 14:53:15,185 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 417 ms. Found 57 JPA repository interfaces.
thingsboard | 2025-11-23 14:53:15,192 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
thingsboard | 2025-11-23 14:53:15,192 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data JPA repositories in LAZY mode.
thingsboard | 2025-11-23 14:53:15,213 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 17 ms. Found 1 JPA repository interface.
thingsboard | 2025-11-23 14:53:15,214 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
thingsboard | 2025-11-23 14:53:15,214 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data JPA repositories in LAZY mode.
thingsboard | 2025-11-23 14:53:15,238 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 18 ms. Found 1 JPA repository interface.
thingsboard | 2025-11-23 14:53:16,824 [main] INFO o.s.i.c.DefaultConfiguringBeanFactoryPostProcessor - No bean named 'errorChannel' has been explicitly defined. Therefore, a default PublishSubscribeChannel will be created.
thingsboard | 2025-11-23 14:53:16,847 [main] INFO o.s.i.c.DefaultConfiguringBeanFactoryPostProcessor - No bean named 'integrationHeaderChannelRegistry' has been explicitly defined. Therefore, a default DefaultHeaderChannelRegistry will be created.
thingsboard | 2025-11-23 14:53:18,281 [main] INFO o.t.s.q.d.DefaultTbServiceInfoProvider - Current Service ID: tb-ce-node
thingsboard | 2025-11-23 14:53:20,022 [main] INFO o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [name: default]
thingsboard | 2025-11-23 14:53:20,247 [main] INFO org.hibernate.Version - HHH000412: Hibernate ORM core version 6.6.29.Final
thingsboard | 2025-11-23 14:53:20,364 [main] INFO o.h.c.i.RegionFactoryInitiator - HHH000026: Second-level cache disabled
thingsboard | 2025-11-23 14:53:20,693 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
thingsboard | 2025-11-23 14:53:22,164 [main] WARN o.h.e.jdbc.spi.SqlExceptionHelper - SQL Error: 0, SQLState: 28P01
thingsboard | 2025-11-23 14:53:22,165 [main] ERROR o.h.e.jdbc.spi.SqlExceptionHelper - FATAL: password authentication failed for user "postgres"
thingsboard | 2025-11-23 14:53:22,168 [main] WARN o.h.e.j.e.i.JdbcEnvironmentInitiator - HHH000342: Could not obtain connection to query metadata
thingsboard | org.hibernate.exception.GenericJDBCException: unable to obtain isolated JDBC connection [FATAL: password authentication failed for user "postgres"] [n/a]
thingsboard | at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:63)
thingsboard | at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:108)
thingsboard | at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:94)
thingsboard | at org.hibernate.resource.transaction.backend.jdbc.internal.JdbcIsolationDelegate.delegateWork(JdbcIsolationDelegate.java:116)
thingsboard | at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.getJdbcEnvironmentUsingJdbcMetadata(JdbcEnvironmentInitiator.java:334)
thingsboard | at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:129)
...| - platform-services | ||
|
|
||
| thingsboard-ce: | ||
| image: 'thingsboard/tb-node:4.2.1' |
Contributor
There was a problem hiding this comment.
please check the advantage of this image versus tb-postgres. If you can make both work, we can have a live comparison of both the setups.
Contributor
|
@sigurd-rbj |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Template
Title
[Provide a succinct and descriptive title for the pull request,
e.g., "Improve dockerfiles for admins"]
Type of Change
Description
Configures PostgreSQL to use TLS certificates from certs/${HOSTNAME}.
Ensures ThingsBoard connects to PostgreSQL using sslmode=require.
Adds installation steps for ThingsBoard to the services README.
Updates compose.services.secure.yml to mount certs and enable TLS for all services.
Updates services.env.template with required fields.
Verified on WSL with a clean install.
Checklist
existing code.