search

directus / v8-archive

Directus Database API — Wraps Custom SQL Databases with a REST/GraphQL API
https://docs.directus.io/api/reference.html
505 stars 204 forks source link

How to provide array to environment #2168

Open jls-tschanzc opened 4 years ago

jls-tschanzc commented 4 years ago

I have deployed Directus on an EKS cluster and connected an RDS MariaDB instance; now I would like to enable SSL connectivity between Directus and the DB.

According to what I found in the repos this should be doable by setting:

// 'driver_options' => [    // Other MYSQL_PDO options. Can be used to connect to the database
//                          // over an encrypted connection. For more information, see
//                          // https://www.php.net/manual/en/ref.pdo-mysql.php#pdo-mysql.constants
//    PDO::MYSQL_ATTR_SSL_CAPATH => '/etc/ssl/certs',
// ]

Currently I have everything configured through env variables and the docs say that the DIRECTUS_DATABASE_DRIVEROPTIONS should be used which should be of type array with a default of []. I am unsure what exactly is expected here. If I simply set:

DIRECTUS_DATABASE_DRIVEROPTIONS=[PDO::MYSQL_ATTR_SSL_CAPATH => '/var/directus/config/certs']

(with the necessary rds-ca-2019.pem file in that folder) Then afaik the value will be interpreted as a string? In what format exactly does Directus expect this environment variable to be? Could you provide an example?

Also, is there a way to validate that the DB driver actually connects to the DB over SSL? Or maybe even force it?

WoLfulus commented 4 years ago

I'd suggest the constant defined by PDO::MYSQL_ATTR_SSL_CAPATH and using it as a suffix for DIRECTUS_DATABASE_DRIVEROPTIONS_

Let me know if that works as I'm unsure if this will conflict with the array parsing.

jls-tschanzc commented 4 years ago

@WoLfulus Do you mean like this?

DIRECTUS_DATABASE_DRIVEROPTIONS_PDO::MYSQL_ATTR_SSL_CAPATH=/etc/ssl/certs
aleprice commented 4 years ago

Hi @jls-tschanzc, do you found a way to solve it? I'm with the same problem right now Regards!

forladolby commented 4 years ago

Hi guys! We're dealing with the same issue. Any doc to how to pass the array with for the pdo driver options? We tried DIRECTUS_DATABASE_DRIVEROPTIONS=[PDO::MYSQL_ATTR_SSL_CAPATH => '/var/directus/config/certs'] but it's not working

Cheers

matias-devoto commented 4 years ago

Hi

With directus 8 running in docker and trying to connect to azure mysql database, I have tried all the combinations with the env var and had no success.

@WoLfulus do you have another recomendation?

right now my env var looks like this DIRECTUS_DATABASE_DRIVEROPTIONS: "['PDO::MYSQL_ATTR_SSL_CA' => '/certs/BaltimoreCyberTrustRoot.crt.pem', 'PDO::MYSQL_ATTR_SSL_CAPATH' => NULL, 'PDO::MYSQL_ATTR_SSL_CIPHER' => 'DHE-RSA-AES256-SHA', 'PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT' => false]"

matias-devoto commented 4 years ago

Hi,

we have fixed it overwritting the file /var/directus/src/core/Directus/Application/CoreServicesProvider.php, setting some env vars and adding some lines on the getDatabase function (line 687)

$options = [ 'driver_options' => [ \PDO::MYSQL_ATTR_SSL_CA => getenv('MYSQL_ATTR_SSL_CA'), \PDO::MYSQL_ATTR_SSL_CIPHER => getenv('MYSQL_ATTR_SSL_CIPHER'), \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => getenv('MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'), \PDO::MYSQL_ATTR_SSL_CAPATH => getenv('MYSQL_ATTR_SSL_CAPATH') ] ];

$dbConfig = array_merge($dbConfig, $options);

I think the problem is that the DRIVEROPTIONS env var is not parsed anywhere or something and it fails to set the params.

If someone can tell me where is this set and parse i can contribute doing the fix

Thanks

matias-devoto commented 4 years ago

Hi,

we have fixed it overwritting the file /var/directus/src/core/Directus/Application/CoreServicesProvider.php, setting some env vars and adding some lines on the getDatabase function (line 687)

$options = [ 'driver_options' => [ \PDO::MYSQL_ATTR_SSL_CA => getenv('MYSQL_ATTR_SSL_CA'), \PDO::MYSQL_ATTR_SSL_CIPHER => getenv('MYSQL_ATTR_SSL_CIPHER'), \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => getenv('MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'), \PDO::MYSQL_ATTR_SSL_CAPATH => getenv('MYSQL_ATTR_SSL_CAPATH') ] ];

$dbConfig = array_merge($dbConfig, $options);

I think the problem is that the DRIVEROPTIONS env var is not parsed anywhere or something and it fails to set the params.

If someone can tell me where is this set and parse i can contribute doing the fix

Thanks

I had some problems initialization the database so i uploded a dump and now its throwing an error saying that de ssl connection is required.

It doesnt make sense if first says that a tables is missing (i think that is like it can connecto to the database ok) and then when you load a dump it says that you need the ssl

botzill commented 4 years ago

I did a search of DIRECTUS_DATABASE_DRIVEROPTIONS into directus project but I don't see any place where it's used.

Any updates?