This commit adds the ability to use SSL with MySQL. The docker-entry…#99
This commit adds the ability to use SSL with MySQL. The docker-entry…#99icsy7867 wants to merge 2 commits intoYOURLS:mainfrom
Conversation
…oint.sh script has been modified to use mysqli and real_connect instead of the mysqli function itself. This was done so that we can add support for adding a path /etc/ssl/certs/db-ca.crt. The PHP uses a file_exists function to verify it exists before adding it into the code. This cert needs to be mounted to the docker container using a volume mount: -v /path/to/cert/ca.crt:/etc/ssl/certs/db-ca.crt Additionally, the yourls code needs an additional piece to tell the PDO driver to use the same cert for verification. This file was included as db.php and must also be mounted with a volume mount: -v /path/to/db.php:/var/www/html/user/db.php
|
Also created a pull request on the main YOURLS code. If this is implemented, then the db.php file and settings can safely be ignored. (Unless the option to verify a SQL SSL Connection with a CA cert is still desired) |
LeoColomb
left a comment
There was a problem hiding this comment.
Thanks for the pull request @icsy7867!
That there is few points to review first to establish the value of these additions.
Don't forget that the main priority is to keep things simple and not enforce any custom settings, especially on the operating side (MySQL, behaviors, etc.).
| @@ -0,0 +1,22 @@ | |||
| <?php | |||
There was a problem hiding this comment.
Is it worth adding this whole file for all docker deployments?
What is the value compared to a volume mount?
There was a problem hiding this comment.
More for reference. The forums had some examples but nothing in detail. You could just as.easily add a blurb on the docker hub page. I don't think the actual file will be pulled into the docker container as it's not referenced in the Dockerfile.
There was a problem hiding this comment.
Ah ok, good.
If not inside the Docker image, it should not live inside this repository.
Probably better to suggest a documentation update if so, indeed.
There was a problem hiding this comment.
Would you like for me to make a stab at a documentation addition? If so, how would you like to receive that?
100% your project! Just glad to share my specific use case
Co-authored-by: Léo Colombaro <git@colombaro.fr>
|
Ok, I reviewed the situation here and I have updated the entrypoint script to remove the mysql part (see #101). The only thing left to cover 100% of your report is the For these reasons, I'm closing this pull request. |
…point.sh script has been modified to use mysqli and real_connect instead of the mysqli function itself. This was done so that we can add support for adding a path /etc/ssl/certs/db-ca.crt. The PHP uses a file_exists function to verify it exists before adding it into the code. This cert needs to be mounted to the docker container using a volume mount:
Additionally, the yourls code needs an additional piece to tell the PDO driver to use the same cert for verification. This file was included as db.php and must also be mounted with a volume mount: