search

Leantime / leantime

Leantime is a goals focused project management system for non-project managers. Building with ADHD, Autism, and dyslexia in mind.
https://leantime.io
GNU Affero General Public License v3.0
4.44k stars 582 forks source link

MySQL SSL connection required #899

Open leogaggl opened 2 years ago

leogaggl commented 2 years ago

I have been trying to find any information on how to change the SSLMode of the database connection using a docker image to connect to a database server that is configured with SSLMODE=required.

I can connect to the database from the docker container and credentials using the --ssl flag in the MySQL CLI.

There does not seem to be any way to use either ENV variables (there is no DB_SSL_MODE) or the configuration.php to set this correctly.

Am I missing anything here?

marcelfolaron commented 2 years ago

Thanks for bringing that up. Right now there is no way that I could think of (short of going into the docker instance and changing the db call)

it seems we could just add a string for additional parameters that would allow you to add sslmode. I am not sure where you’d put the certificate though.

On Sun, Aug 21, 2022 at 9:11 PM Leo Gaggl @.***> wrote:

I have been trying to find any information on how to change the SSLMode of the database connection using a docker image to connect to a database server that is configured with SSLMODE=required.

I can connect to the database from the docker container and credentials using the --ssl flag in the MySQL CLI.

There does not seem to be any way to use either ENV variables (there is no DB_SSL_MODE) or the configuration.php to set this correctly.

Am I missing anything here?

— Reply to this email directly, view it on GitHub https://github.com/Leantime/leantime/issues/899, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALG4EFWJ4B2ZJUCOGZCIPFLV2LHS3ANCNFSM57F33KAQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

leogaggl commented 2 years ago

Hi @marcelfolaron

The certificates should probably just go into the default Laravel /resources/certificates folder (which currently does not exist) I assume. That is if they are needed. For LetsEncrypt and other popular CA's it would probably not be needed.

The main issue is you can not set the parameters and SSL options in the configuration.php and there is no database.php used in Leantime.

This is a database.php config example for Laravel using SSL connection to MySQL

   'mysql' => [
        'driver' => 'mysql',
        'host' => env('DB_HOST', '127.0.0.1'),
        'port' => env('DB_PORT', '3306'),
        'database' => env('DB_DATABASE', 'forge'),
        'username' => env('DB_USERNAME', 'forge'),
        'password' => env('DB_PASSWORD', ''),
        'unix_socket' => env('DB_SOCKET', ''),
        'charset' => 'utf8mb4',
        'collation' => 'utf8mb4_unicode_ci',
        'prefix' => '',
        'strict' => true,
        'engine' => null,
        'sslmode' => 'require',
        'options'   => array(
            PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
            PDO::MYSQL_ATTR_SSL_KEY => '/certs/client-key.pem',
            PDO::MYSQL_ATTR_SSL_CERT => '/certs/client-cert.pem',
            PDO::MYSQL_ATTR_SSL_CA => '/certs/ca.pem',
        ),
    ],
leogaggl commented 1 year ago

Hi @marcelfolaron,

Will this be looked at? It's becoming a bit of a showstopper for us.

leogaggl commented 1 year ago

This seems to be the helpful https://callisto.digital/posts/php/enable-mysql-over-ssl-in-php-pdo/