Open jls-tschanzc opened 4 years ago
I'd suggest the constant defined by PDO::MYSQL_ATTR_SSL_CAPATH
and using it as a suffix for DIRECTUS_DATABASE_DRIVEROPTIONS_
Let me know if that works as I'm unsure if this will conflict with the array parsing.
@WoLfulus Do you mean like this?
DIRECTUS_DATABASE_DRIVEROPTIONS_PDO::MYSQL_ATTR_SSL_CAPATH=/etc/ssl/certs
Hi @jls-tschanzc, do you found a way to solve it? I'm with the same problem right now Regards!
Hi guys! We're dealing with the same issue. Any doc to how to pass the array with for the pdo driver options?
We tried DIRECTUS_DATABASE_DRIVEROPTIONS=[PDO::MYSQL_ATTR_SSL_CAPATH => '/var/directus/config/certs']
but it's not working
Cheers
Hi
With directus 8 running in docker and trying to connect to azure mysql database, I have tried all the combinations with the env var and had no success.
@WoLfulus do you have another recomendation?
right now my env var looks like this DIRECTUS_DATABASE_DRIVEROPTIONS: "['PDO::MYSQL_ATTR_SSL_CA' => '/certs/BaltimoreCyberTrustRoot.crt.pem', 'PDO::MYSQL_ATTR_SSL_CAPATH' => NULL, 'PDO::MYSQL_ATTR_SSL_CIPHER' => 'DHE-RSA-AES256-SHA', 'PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT' => false]"
Hi,
we have fixed it overwritting the file /var/directus/src/core/Directus/Application/CoreServicesProvider.php, setting some env vars and adding some lines on the getDatabase function (line 687)
$options = [ 'driver_options' => [ \PDO::MYSQL_ATTR_SSL_CA => getenv('MYSQL_ATTR_SSL_CA'), \PDO::MYSQL_ATTR_SSL_CIPHER => getenv('MYSQL_ATTR_SSL_CIPHER'), \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => getenv('MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'), \PDO::MYSQL_ATTR_SSL_CAPATH => getenv('MYSQL_ATTR_SSL_CAPATH') ] ];
$dbConfig = array_merge($dbConfig, $options);
I think the problem is that the DRIVEROPTIONS env var is not parsed anywhere or something and it fails to set the params.
If someone can tell me where is this set and parse i can contribute doing the fix
Thanks
Hi,
we have fixed it overwritting the file /var/directus/src/core/Directus/Application/CoreServicesProvider.php, setting some env vars and adding some lines on the getDatabase function (line 687)
$options = [ 'driver_options' => [ \PDO::MYSQL_ATTR_SSL_CA => getenv('MYSQL_ATTR_SSL_CA'), \PDO::MYSQL_ATTR_SSL_CIPHER => getenv('MYSQL_ATTR_SSL_CIPHER'), \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => getenv('MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'), \PDO::MYSQL_ATTR_SSL_CAPATH => getenv('MYSQL_ATTR_SSL_CAPATH') ] ];
$dbConfig = array_merge($dbConfig, $options);
I think the problem is that the DRIVEROPTIONS env var is not parsed anywhere or something and it fails to set the params.
If someone can tell me where is this set and parse i can contribute doing the fix
Thanks
I had some problems initialization the database so i uploded a dump and now its throwing an error saying that de ssl connection is required.
It doesnt make sense if first says that a tables is missing (i think that is like it can connecto to the database ok) and then when you load a dump it says that you need the ssl
I did a search of DIRECTUS_DATABASE_DRIVEROPTIONS
into directus
project but I don't see any place where it's used.
Any updates?
I have deployed Directus on an EKS cluster and connected an RDS MariaDB instance; now I would like to enable SSL connectivity between Directus and the DB.
According to what I found in the repos this should be doable by setting:
Currently I have everything configured through env variables and the docs say that the
DIRECTUS_DATABASE_DRIVEROPTIONS
should be used which should be of typearray
with a default of[]
. I am unsure what exactly is expected here. If I simply set:(with the necessary
rds-ca-2019.pem
file in that folder) Then afaik the value will be interpreted as a string? In what format exactly does Directus expect this environment variable to be? Could you provide an example?Also, is there a way to validate that the DB driver actually connects to the DB over SSL? Or maybe even force it?