nook24
commented
6 years ago Hi @bshaw, i never thought about this :/
Statusengine Worker (and the UI) are using PDO to connect to the database.
Hopefully it works, if you just patch the PDO connect in https://github.com/statusengine/worker/blob/f59e1785db1df6ca1686f2b12d581e108e3c6b18/src/Backends/MySQL/MySQL.php#L102-L110
Like so:
$this->Connection = new \PDO($this->getDsn(), $config['username'], $config['password'], [
\PDO::ATTR_TIMEOUT => 1,
\PDO::MYSQL_ATTR_SSL_KEY =>'/etc/mysql/ssl/client-key.pem',
\PDO::MYSQL_ATTR_SSL_CERT =>'/etc/mysql/ssl/client-cert.pem',
\PDO::MYSQL_ATTR_SSL_CA =>'/etc/mysql/ssl/ca-cert.pem'
]);See also: http://php.net/manual/en/ref.pdo-mysql.php#pdo-mysql.constants
I found this solution on a quick google search https://stackoverflow.com/a/9768753, but can't test it right now.
bshaw
It seems there's no support to for the worker to connect to a backend MySQL server which requires SSL. ...If I've missed something, please forgive me (and let me know the appropriate config!).
We use a remote database (Azure Database for MySQL), which has an option (default) to require SSL, and we'd like to use it to keep our traffic private. If using the mysql client (or workbench or whatever you use), you would need to pass these options for the client to enforce the connection and verify against the present CA certificate (which matches the server):
In case it's remotely helpful, here's a sample PHP connection string provided by Azure:
A similar condition would exist for other cloud databases, such as AWS RDS MySQL, or people running their own databases with SSL required.
The UI would need support, too (I haven't made it that far yet, but can raise an issue over there, too, if I discover the same conditions).