折雨的天空
ClickHouse报错:Code: 210. DB::NetException: Connection refused (localhost:9000)
2023-10-18 我好笨


使用工具连接不上



在本机执行:



clickhouse-client --password



报错:Code: 210. DB::NetException: Connection refused (localhost:9000)







重启,clickhouse,没有问题,可以启动。查看错误日志有内容。



2023.10.18 15:06:06.002140 [ 27259 ] {} <Error> CertificateReloader: Cannot obtain modification time for certificate file /etc/clickhouse-server/server.crt, skipping update. errno: 2, strerror: No such file or directory

2023.10.18 15:06:06.002195 [ 27259 ] {} <Error> CertificateReloader: Cannot obtain modification time for key file /etc/clickhouse-server/server.key, skipping update. errno: 2, strerror: No such file or directory

2023.10.18 15:06:06.008685 [ 27259 ] {} <Error> CertificateReloader: Poco::Exception. Code: 1000, e.code() = 0, SSL context exception: Error loading private key from file /etc/clickhouse-server/server.key: error:02000002:system library:OPENSSL_internal:No such file or directory (version 23.9.1.1326 (official build))

2023.10.18 15:10:25.464159 [ 27514 ] {} <Error> CertificateReloader: Poco::Exception. Code: 1000, e.code() = 0, SSL context exception: Error opening Diffie-Hellman parameters file /etc/clickhouse-server/dhparam.pem: error:02000002:system library:OPENSSL_internal:No such file or directory (version 23.9.1.1326 (official build))



找到配置文档:



Server参数配置 - Server参数说明 - 《ClickHouse v20.3 使用教程》 - 书栈网 · BookStack



中有一段说明:







微信图片_20231018155739.png







原文复制出来,如下:



<openSSL>

    <server>

        <!-- openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt -->

        <certificateFile>/etc/clickhouse-server/server.crt</certificateFile>

        <privateKeyFile>/etc/clickhouse-server/server.key</privateKeyFile>

        <!-- openssl dhparam -out /etc/clickhouse-server/dhparam.pem 4096 -->

        <dhParamsFile>/etc/clickhouse-server/dhparam.pem</dhParamsFile>

        <verificationMode>none</verificationMode>

        <loadDefaultCAFile>true</loadDefaultCAFile>

        <cacheSessions>true</cacheSessions>

        <disableProtocols>sslv2,sslv3</disableProtocols>

        <preferServerCiphers>true</preferServerCiphers>

    </server>

    <client>

        <loadDefaultCAFile>true</loadDefaultCAFile>

        <cacheSessions>true</cacheSessions>

        <disableProtocols>sslv2,sslv3</disableProtocols>

        <preferServerCiphers>true</preferServerCiphers>

        <!-- Use for self-signed: <verificationMode>none</verificationMode> -->

        <invalidCertificateHandler>

            <!-- Use for self-signed: <name>AcceptCertificateHandler</name> -->

            <name>RejectCertificateHandler</name>

        </invalidCertificateHandler>

    </client>

</openSSL>



主要是用其中的两句生成证书的代码:







openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt





openssl dhparam -out /etc/clickhouse-server/dhparam.pem 4096



第二句要执行非常久,执行完以后,重启一下,就不再报错了。









发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容