来自亚马乌罗提的神秘Blog
Docker容器内连接SQL Server链接问题
编辑
2025-04-14
运维
00

目录

场景
解决方案

场景

写了一个钉钉的机器人,因为业务系统使用的是SQL Server,所以需要在容器内连接SQL Server。因为之前构建过有差不多的容器,所以抄了一下自己之前的Dockerfile。 确认网络和账号密码都是正确的以后,发现无法连接服务器

Dockerfile
FROM python:3.12-slim

EXPOSE 5002

# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1

# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1

# Install pip requirements
COPY requirements.txt .
RUN rm -rf /etc/apt/sources.list
ADD sources.list /etc/apt/ 
RUN python -m pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple && apt-get clean && apt-get update && apt-get install -y unixodbc unixodbc-dev curl apt-transport-https gnupg && rm -rf /var/lib/apt/lists/*
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
    && curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update && ACCEPT_EULA=Y apt-get install -y msodbcsql17

WORKDIR /app
COPY . /app

# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser

# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
CMD ["gunicorn", "--bind", "0.0.0.0:5002", "gmsFlask:app"]

使用的是python:3.12-slim这个镜像,底包是ubuntu2004,之前是只需要安装msodbcsql17就行,但是这次构建完成后发现无法连上另外一台更老的SQL Server服务器。

解决方案

GitHub 参考链接

在google上一阵检索后发现应该是底包的openssl的版本过高(3.0),服务器无法通过高版本tls链接服务器导致的。参考issues后更改DockerFile后测试链接正常

Dockerfile
FROM python:3.12-slim

# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1

# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1

# Install pip requirements
COPY requirements.txt .
RUN rm -rf /etc/apt/sources.list
ADD sources.list /etc/apt/
RUN python -m pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple \
    && apt-get clean \
    && apt-get update \
    && apt-get install -y unixodbc unixodbc-dev curl apt-transport-https gnupg \
    && rm -rf /var/lib/apt/lists/*
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
    && curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update \
    && ACCEPT_EULA=Y apt-get install -y msodbcsql17
RUN sed -i 's/openssl_conf = openssl_init/openssl_conf = default_conf/' /etc/ssl/openssl.cnf \
    && echo "[ default_conf ]" >> /etc/ssl/openssl.cnf \
    && echo "ssl_conf = ssl_sect" >> /etc/ssl/openssl.cnf \
    && echo "" >> /etc/ssl/openssl.cnf \
    && echo "[ ssl_sect ]" >> /etc/ssl/openssl.cnf \
    && echo "system_default = system_default_sect" >> /etc/ssl/openssl.cnf \
    && echo "" >> /etc/ssl/openssl.cnf \
    && echo "[ system_default_sect ]" >> /etc/ssl/openssl.cnf \
    && echo "MinProtocol = TLSv1.2" >> /etc/ssl/openssl.cnf \
    && echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf

WORKDIR /app
COPY . /app

# Creates a non-root user with an explicit UID and adds permission to access the /app folder
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
CMD ["python3","./SHSyncTool.py"]