mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-10-13 16:00:13 +00:00
Merge pull request #3393 from bpatath/feature/add-ssl-to-mysql
Add SSL conf to MySQL and LDAP
This commit is contained in:
James Cole
GitHub
19
.env.example
19
.env.example
@@ -65,6 +65,17 @@ DB_DATABASE=firefly
|
|||||||
DB_USERNAME=firefly
|
DB_USERNAME=firefly
|
||||||
DB_PASSWORD=secret_firefly_password
|
DB_PASSWORD=secret_firefly_password
|
||||||
|
|
||||||
|
# MySQL supports SSL. You can configure it here.
|
||||||
|
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
|
||||||
|
MYSQL_USE_SSL=false
|
||||||
|
MYSQL_SSL_VERIFY_SERVER_CERT=true
|
||||||
|
# You need to set at least of these options
|
||||||
|
MYSQL_SSL_CAPATH=/etc/ssl/certs/
|
||||||
|
MYSQL_SSL_CA=
|
||||||
|
MYSQL_SSL_CERT=
|
||||||
|
MYSQL_SSL_KEY=
|
||||||
|
MYSQL_SSL_CIPHER=
|
||||||
|
|
||||||
# PostgreSQL supports SSL. You can configure it here.
|
# PostgreSQL supports SSL. You can configure it here.
|
||||||
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
|
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
|
||||||
PGSQL_SSL_MODE=prefer
|
PGSQL_SSL_MODE=prefer
|
||||||
@@ -170,8 +181,16 @@ ADLDAP_PORT=389
|
|||||||
ADLDAP_TIMEOUT=5
|
ADLDAP_TIMEOUT=5
|
||||||
ADLDAP_BASEDN=""
|
ADLDAP_BASEDN=""
|
||||||
ADLDAP_FOLLOW_REFFERALS=false
|
ADLDAP_FOLLOW_REFFERALS=false
|
||||||
|
|
||||||
|
# SSL/TLS settings
|
||||||
ADLDAP_USE_SSL=false
|
ADLDAP_USE_SSL=false
|
||||||
ADLDAP_USE_TLS=false
|
ADLDAP_USE_TLS=false
|
||||||
|
ADLDAP_SSL_CACERTDIR=
|
||||||
|
ADLDAP_SSL_CACERTFILE=
|
||||||
|
ADLDAP_SSL_CERTFILE=
|
||||||
|
ADLDAP_SSL_KEYFILE=
|
||||||
|
ADLDAP_SSL_CIPHER_SUITE=
|
||||||
|
ADLDAP_SSL_REQUIRE_CERT=
|
||||||
|
|
||||||
# You can set the following variables from a file by appending them with _FILE:
|
# You can set the following variables from a file by appending them with _FILE:
|
||||||
ADLDAP_ADMIN_USERNAME=
|
ADLDAP_ADMIN_USERNAME=
|
||||||
|
|||||||
@@ -39,6 +39,26 @@ if (!(false === $databaseUrl)) {
|
|||||||
$database = substr($options['path'] ?? '/firefly', 1);
|
$database = substr($options['path'] ?? '/firefly', 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get SSL parameters from .env file.
|
||||||
|
*/
|
||||||
|
$mysql_ssl_ca_dir = envNonEmpty('MYSQL_SSL_CAPATH', null);
|
||||||
|
$mysql_ssl_ca_file = envNonEmpty('MYSQL_SSL_CA', null);
|
||||||
|
$mysql_ssl_cert = envNonEmpty('MYSQL_SSL_CERT', null);
|
||||||
|
$mysql_ssl_key = envNonEmpty('MYSQL_SSL_KEY', null);
|
||||||
|
$mysql_ssl_ciphers = envNonEmpty('MYSQL_SSL_CIPHER', null);
|
||||||
|
$mysql_ssl_verify = envNonEmpty('MYSQL_SSL_VERIFY_SERVER_CERT', null);
|
||||||
|
|
||||||
|
$mysql_ssl_options = [];
|
||||||
|
if (!(false === envNonEmpty('MYSQL_USE_SSL', false))) {
|
||||||
|
if ($mysql_ssl_ca_dir !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CAPATH ] = $mysql_ssl_ca_dir;
|
||||||
|
if ($mysql_ssl_ca_file !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CA ] = $mysql_ssl_ca_file;
|
||||||
|
if ($mysql_ssl_cert !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CERT ] = $mysql_ssl_cert;
|
||||||
|
if ($mysql_ssl_key !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_KEY ] = $mysql_ssl_key;
|
||||||
|
if ($mysql_ssl_ciphers !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CIPHER ] = $mysql_ssl_ciphers;
|
||||||
|
if ($mysql_ssl_verify !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $mysql_ssl_verify;
|
||||||
|
}
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'default' => envNonEmpty('DB_CONNECTION', 'pgsql'),
|
'default' => envNonEmpty('DB_CONNECTION', 'pgsql'),
|
||||||
'connections' => [
|
'connections' => [
|
||||||
@@ -60,6 +80,7 @@ return [
|
|||||||
'prefix' => '',
|
'prefix' => '',
|
||||||
'strict' => true,
|
'strict' => true,
|
||||||
'engine' => 'InnoDB',
|
'engine' => 'InnoDB',
|
||||||
|
'options' => $mysql_ssl_options,
|
||||||
],
|
],
|
||||||
'pgsql' => [
|
'pgsql' => [
|
||||||
'driver' => 'pgsql',
|
'driver' => 'pgsql',
|
||||||
|
|||||||
@@ -38,6 +38,24 @@ if ('ActiveDirectory' === envNonEmpty('ADLDAP_CONNECTION_SCHEME', 'OpenLDAP')) {
|
|||||||
$schema = ActiveDirectory::class;
|
$schema = ActiveDirectory::class;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get SSL parameters from .env file.
|
||||||
|
*/
|
||||||
|
$ssl_ca_dir = envNonEmpty('ADLDAP_SSL_CACERTDIR', null);
|
||||||
|
$ssl_ca_file = envNonEmpty('ADLDAP_SSL_CACERTFILE', null);
|
||||||
|
$ssl_cert = envNonEmpty('ADLDAP_SSL_CERTFILE', null);
|
||||||
|
$ssl_key = envNonEmpty('ADLDAP_SSL_KEYFILE', null);
|
||||||
|
$ssl_ciphers = envNonEmpty('ADLDAP_SSL_CIPHER_SUITE', null);
|
||||||
|
$ssl_require = envNonEmpty('ADLDAP_SSL_REQUIRE_CERT', null);
|
||||||
|
|
||||||
|
$ssl_options = [];
|
||||||
|
if ($ssl_ca_dir !== null) $ssl_options[LDAP_OPT_X_TLS_CACERTDIR ] = $ssl_ca_dir;
|
||||||
|
if ($ssl_ca_file !== null) $ssl_options[LDAP_OPT_X_TLS_CACERTFILE ] = $ssl_ca_file;
|
||||||
|
if ($ssl_cert !== null) $ssl_options[LDAP_OPT_X_TLS_CERTFILE ] = $ssl_cert;
|
||||||
|
if ($ssl_key !== null) $ssl_options[LDAP_OPT_X_TLS_KEYFILE ] = $ssl_key;
|
||||||
|
if ($ssl_ciphers !== null) $ssl_options[LDAP_OPT_X_TLS_CIPHER_SUITE] = $ssl_ciphers;
|
||||||
|
if ($ssl_require !== null) $ssl_options[LDAP_OPT_X_TLS_REQUIRE_CERT] = $ssl_require;
|
||||||
|
|
||||||
return [
|
return [
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
@@ -254,6 +272,7 @@ return [
|
|||||||
'use_ssl' => env('ADLDAP_USE_SSL', false),
|
'use_ssl' => env('ADLDAP_USE_SSL', false),
|
||||||
'use_tls' => env('ADLDAP_USE_TLS', false),
|
'use_tls' => env('ADLDAP_USE_TLS', false),
|
||||||
|
|
||||||
|
'custom_options' => $ssl_options,
|
||||||
],
|
],
|
||||||
|
|
||||||
],
|
],
|
||||||
|
|||||||
Reference in New Issue
Block a user