leantime icon indicating copy to clipboard operation
leantime copied to clipboard

Published 20 hours ago verified publisher icon Leantime

MySQL SSL connection required

Open leogaggl opened this issue 2 years ago • 2 comments

I have been trying to find any information on how to change the SSLMode of the database connection using a docker image to connect to a database server that is configured with SSLMODE=required.

I can connect to the database from the docker container and credentials using the --ssl flag in the MySQL CLI.

There does not seem to be any way to use either ENV variables (there is no DB_SSL_MODE) or the configuration.php to set this correctly.

Am I missing anything here?

leogaggl avatar Aug 22 '22 01:08 leogaggl

Thanks for bringing that up. Right now there is no way that I could think of (short of going into the docker instance and changing the db call)

it seems we could just add a string for additional parameters that would allow you to add sslmode. I am not sure where you’d put the certificate though.

On Sun, Aug 21, 2022 at 9:11 PM Leo Gaggl @.***> wrote:

I have been trying to find any information on how to change the SSLMode of the database connection using a docker image to connect to a database server that is configured with SSLMODE=required.

I can connect to the database from the docker container and credentials using the --ssl flag in the MySQL CLI.

There does not seem to be any way to use either ENV variables (there is no DB_SSL_MODE) or the configuration.php to set this correctly.

Am I missing anything here?

— Reply to this email directly, view it on GitHub https://github.com/Leantime/leantime/issues/899, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALG4EFWJ4B2ZJUCOGZCIPFLV2LHS3ANCNFSM57F33KAQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

marcelfolaron avatar Aug 22 '22 01:08 marcelfolaron

Hi @marcelfolaron

The certificates should probably just go into the default Laravel /resources/certificates folder (which currently does not exist) I assume. That is if they are needed. For LetsEncrypt and other popular CA's it would probably not be needed.

The main issue is you can not set the parameters and SSL options in the configuration.php and there is no database.php used in Leantime.

This is a database.php config example for Laravel using SSL connection to MySQL

   'mysql' => [
        'driver' => 'mysql',
        'host' => env('DB_HOST', '127.0.0.1'),
        'port' => env('DB_PORT', '3306'),
        'database' => env('DB_DATABASE', 'forge'),
        'username' => env('DB_USERNAME', 'forge'),
        'password' => env('DB_PASSWORD', ''),
        'unix_socket' => env('DB_SOCKET', ''),
        'charset' => 'utf8mb4',
        'collation' => 'utf8mb4_unicode_ci',
        'prefix' => '',
        'strict' => true,
        'engine' => null,
        'sslmode' => 'require',
        'options'   => array(
            PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
            PDO::MYSQL_ATTR_SSL_KEY => '/certs/client-key.pem',
            PDO::MYSQL_ATTR_SSL_CERT => '/certs/client-cert.pem',
            PDO::MYSQL_ATTR_SSL_CA => '/certs/ca.pem',
        ),
    ],

leogaggl avatar Aug 22 '22 03:08 leogaggl

Hi @marcelfolaron,

Will this be looked at? It's becoming a bit of a showstopper for us.

leogaggl avatar Jul 16 '23 07:07 leogaggl

This seems to be the helpful https://callisto.digital/posts/php/enable-mysql-over-ssl-in-php-pdo/

leogaggl avatar Jul 16 '23 23:07 leogaggl