-
I have a fairly simple deployment I am trying to test:
However I am repeatedly getting "Access denied" on the DB attempts. After talking to IT, they require SSL over 3306. However I dont see an easy way to tell yourls to do this. Is this possible? If so, what's the best way to do this? EDIT - RESOLVED |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 17 replies
-
Best I can tell, connecting to a database over SSL/TLS (still) requires adding a "must-use" plugin in <?php
/*
Plugin Name: Secure MySQL
Plugin URI: https://github.com/YOURLS/YOURLS/issues/2783
Description: SSL/TLS PDO Connection
Version: 1.0
Author: YOURLS
Author URI: https://yourls.org/
*/
// No direct call
if( !defined( 'YOURLS_ABSPATH' ) ) die();
// Add custom cert
yourls_add_filter( 'db_connect_driver_option', function ( $options ) {
// Add your certificate paths
// https://secure.php.net/manual/ref.pdo-mysql.php
return $options + [ PDO::MYSQL_ATTR_SSL_CA => '/etc/ssl/certs/db-ca.crt' ];
} );
// Load DB layer as usual
require_once YOURLS_INC.'/class-mysql.php';
yourls_db_connect(); |
Beta Was this translation helpful? Give feedback.
-
I added my first ever pull request to an open source project! I have implemented a fix in docker-entrypoint.sh that checks for the db-ca.crt to exist in /etc/ssl/certs/db-ca.crt and this has to be mounted using additionally added a "db.php" file that uses a ca.crt instead of "Verify" being set to false. Since we have the CA crt anyways, we should use it. This of course would also need to be mounted (file is included in the root of the project):
|
Beta Was this translation helpful? Give feedback.
Best I can tell, connecting to a database over SSL/TLS (still) requires adding a "must-use" plugin in
user/db.php
. See #2783 for the discussion, but the gist is something like (modify with your own certificate path):