base icon indicating copy to clipboard operation
base copied to clipboard

Published 20 hours ago verified publisher icon owncloud-docker

No support for SSL/TLS in database connections

Open JonathanWilbur opened this issue 4 years ago • 2 comments

I cannot use remote databases with this currently, but I believe this would be easy to add by introducing a few new environment variables, like:

  • OWNCLOUD_DB_SSL_ENABLE
  • OWNCLOUD_DB_SSL_CA_CERT
  • OWNCLOUD_DB_SSL_VERIFY_SERVER_CERT
  • OWNCLOUD_DB_SSL_CLIENT_CERT

etc.

JonathanWilbur avatar Mar 15 '21 03:03 JonathanWilbur

@wkloucek Do you have an idea how to reflect settings like https://github.com/owncloud/core/blob/master/config/config.sample.php#L1282 using docker env variables?

Looks like the PDO config works completely different for mysl and postgres what makes it even harder...

xoxys avatar Nov 19 '21 11:11 xoxys

Looks like config is pretty broken in that point:

  • mysql 
    'dbdriveroptions' => [
PDO::MYSQL_ATTR_SSL_CA => '/file/path/to/ca_cert.pem',
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET wait_timeout = 28800'
],
  • postgresql 
    ‘dbhost’ => ‘127.0.0.1:5432;sslmode=verify-full;sslcert=~/.postgresql/postgresql.crt;sslkey=~/.postgresql/postgresql.key;sslrootcert=~/.postgresql/root.crt’

Totally different things for different databases and that's only two of the four supported (don't know if we should count SQLite)

We could use OWNCLOUD_DB_TYPE to render different config options with gomplate to a database.config.php config file!? Looks pretty ugly though...

wkloucek avatar Nov 19 '21 12:11 wkloucek