I have two containers, qdrant and searchai. qdrant is my qdrant container with this docker-compose setup:
version: '3'
services:
qdrant:
image: qdrant/qdrant:latest
restart: always
container_name: qdrant
ports:
- "6333:6333"
- "6334:6334"
volumes:
- ./qdrant_data:/qdrant_data
configs:
- source: qdrant_config
target: /qdrant/config/production.yaml
configs:
qdrant_config:
file: ./qdrant_data/qdrant_custom_config.yaml
volumes:
qdrant_data:
And this is my qdrant_custom_config.yaml:
service:
api_key: ${QDRANT_API_KEY}
enable_tls: true
tls:
# Server certificate chain file
cert: /qdrant_data/tls/qdrant_3.pem
# Server private key file
key: /qdrant_data/tls/qdrant_key.pem
I generated the .pem files using mkcert and I gave the qdrant container name (qdrant) alongside with localhost to mkcert for .pem generation:
mkcert qdrant localhost 127.0.0.1 ::1
Then I have a function inside my django backend which is in the searchai container to connect to qdrant using:
qdrant_client = QdrantClient(
url=kwargs.get("url", "https://qdrant"),
port=kwargs.get("port", 6333),
api_key=kwargs.get(
"apikey"
),
timeout=kwargs.get("timeout", 1000),
)
So far there are a lot of places to make mistakes. But I do not know what I have done wrong that when I try to call this function from inside a backend api using curl:
curl 172.31.0.3:80/products/search/?q=kadin+ayakkabi&language=en
I get this error:
searchai | qdrant_client.http.exceptions.ResponseHandlingException: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
I also checked the qdrant connection both from my host machine and from inside the searchai container: When I ran this curl command from my host machine, I got:
curl -X GET https://localhost:6333
{"title":"qdrant - vector search engine","version":"1.7.4"}
But the I went into the searchai container:
docker exec -it searchai sh
curl -X GET https://qdrant:6333
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I did check that the .pem files exactly exist in the specified dir /qdrant_data/tls. Other than this, I have no clue on how to solve this problem.