I'm trying to deploy mediawiki to Azure Web App. I created the app using Linux and PHP 7.3. I unpacked WikiMedia 1.35.1 into wwwroot and used the browser to run the installation
I want to use MySQL for Azure as the database. So I enter the mysql.database.azure.com parameters and press install.
The error I get is
Cannot access the database: :real_connect(): (HY000/9002): SSL connection is required.
The docs say I need to set $wgDBssl to true in LocalSettings.php.
The problem is that LocalSettings.php does not exist yet. How do I specify an SSL connection during installation?
I am trying to figure out the same dilemma and hoping someone with more PHP knowledge can provide a better answer. As a work around, you can disable "Enforce SSL" on your MySQL database in Azure. Then you can run the setup, create the localSettings.php file. After which you can add the settings for $wgDBssl and re-enable enforce ssl setting.
To my knowledge, a connection to the database is being using the "/includes/installer/MysqlInstaller.php" when running the setup. In the "DatabaseMysqli.php" and "Database.php" of /includes/libs/rdbms/database/ directory these two files are used for connecting to the database when running any query.
I am trying to see if there is a way to set the SSL setting in these 3 files first then run the setup and application. Apologies that I've entered this as an answer also. I am new to StackOverflow and cannot create comments yet.
I was able to work around this issue by forcing the following clause in /includes/libs/rdbms/database/DatabaseMysqli.php to always be true by adding || true at the right place between the two closing parentheses:
if ( $this->getFlag( self::DBO_SSL ) || true ) {
$flags |= MYSQLI_CLIENT_SSL;
$mysqli->ssl_set(
$this->sslKeyPath,
$this->sslCertPath,
$this->sslCAFile,
$this->sslCAPath,
$this->sslCiphers
);
}
Maybe there's a more elegant way to make the original condition $this->getFlag( self::DBO_SSL ) to evaluate as true naturally?
Related
During installation of Kamailio SIP-server I run into the problem. After I Wrote /usr/local/sbin/kamdbctl create appears just ERROR: database engine not specified, please setup one in the config script. Know anyone possible reason?
Thank you very much
Change MYLIBDIR in kamdbctl to point to the path where the mysql file is available. That should allow it to find the right MySQL Engine.
One additional step i did prior was
apt-get install kamailio kamailio-mysql-modules
Defining the DBENGINE in /etc/kamailio/kamctlrc resolved an issue with the same "error message" on Debian 8 Jessie.
Hope that helps!
//Fredrik
"""
Kamctlrc
The /etc/kamailio/kamctlrc is the configuration file for kamctl and kamdbctl. You need to edit it and set the SIP_DOMAIN to your SIP service domain (or IP address if you don't have a DNS hostname associated with your SIP service).
Set also the DBENGINE to be MYSQL and adjust other setting as you want.
"""
I have done many changes in my /etc/kamailio/kamctlrc file to solve the problem but ERROR: database engine not specified, please setup one in the config script appears every time.
Then a simple thought that '#' is for comment solved the problem.
## database name (for ORACLE this is TNS name)
# DBNAME=MYSQL
Above was written in my /etc/kamailio/kamctlrc file and just removing the '#' created the database structure needed by Kamailio.
## database name (for ORACLE this is TNS name)
DBNAME=MYSQL
Just check that HASHTAG. ;)
I'm trying to host a cakephp2 application on an old managed server that has pdo_mysql disabled. Politics dictates that I'm unable to rectify this problem, so I'm looking for connection alternatives.
cakephp is producing the following error:
"A Database connection using "Mysql" was missing or unable to connect.
The database server returned this error: Selected driver is not enabled"
Is there a way to connect to the database using the older mysql database extension?
There's no easy way to do it.
If you want to, you could write your own DboSource class, you could reuse the the existing one and use the old-deprecated mysql database extension. (Or if you're lucky you could find one on the internet, but i doubt it)
Then you'll only need to change the DboSource in your settings to use your own class
Hope this helps
I've got an AWS EC2 instance, with the usual keypair access technique (and not password access), and am using Coda to do site development on it. I've been able to configure my .ssh stuff so that Coda can connect to the site's files, and I can see them in the Remote Files pane. However, I haven't been able to get through to the database. I'm trying to set up a MySQL pane with "Connect to MySQL Server via SSH", but, regardless of what I use for parameters in that panel, I keep getting one varient or another of "The SSH Tunnel has unexpectedly closed." Has anybody been able to get database access to work? I've got a phpMyAdmin installation working on the site, but I've kinda gotten use to the Coda interface... Thanks!
The trick is to use ~/.ssh/config. Use it to create an alias with all your settings (host, port, username, password, private key, etc) and then just point to the alias.
Helpful post: http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/
The yii requirements page says PDO extension + the mysql driver works, phpinfo() says that PDO and the MySQL driver is installed, I have configured the 'db' component in the main config file for my project generated with yiic webapp, checked and double checked that the settings are correct (and yes, I am using mysql).
I have made a new migration script in /[mywebapp]/protected/migrations and now I'm trying to run the ./protected/yiic migrate command, but i just get an exception:
exception 'CDbException' with message 'CDbConnection failed to open the DB connection: could not find driver'
I have no idea what is wrong. I have been googling for 2 hours now and i find a lot of other users experiencing the same problems, but usually they are missing the drivers or something obvious. Is there anything i'm completely overlooking?
Despite the real answer being in the comments for this question, I am answering it here so that it appears as an answer. Yiic.php migrate uses the configuration stored in console.php. You need to set your database connection in there to use yiic.
Where do you store you credentials like secret key , mail passwords, db passwords?
I made a post on https://security.stackexchange.com/questions/19785/security-concerns-about-my-webapp/19786#19786
And it seems the best way to store the credentials is on an external server.
But play2 uses the application.conf to do this.
So how and where do you store your credentials in play2?
Update 1:
Okay I am using heroku.
I set my enviroment variable like this:
heroku config:add test=ITWORKS
in application.conf I added
sometest=${test}
I trying to access it like this:
Logger.info(Play.application().configuration().getString("sometest"));
But I get the following error:
UnresolvedSubstitution: conf\application.conf: 54: Could not resolve substitution to a value: ${test}
So I guess play2 doesn't find the variable test because it is on heroku. But then I also added it in my local windows environment -> still the same error.
Any idea what is wrong?
Update2:
Okay it works, I just have to reboot after I added an env variable.
Last question:
It's kinda annoying to add the system variable everytime on my local machine. Is there a dev mode?
application.conf supports environment variables, e.g. db.default.user=${DB_USER}. You can pass it as a console parameter (which is not safe since it appears in ps), or more safely set it as an environment variable.
On Heroku, set the environment variable via heroku config, e.g. heroku config:add DB_USER=MyDBAdmin.
Locally you can set them via export DB_USER=MyDBAdmin, or add them to your ~/.bash_profile (if you use bash).
ad. 3: In Play application.conf is not accesible via any route or other kind of path so it can not be considered as 'placed in webroot'. Terry's advice is proper in PHP, but doesn't fit to Play (he warned, that he don't know the framework of course). He gives a sample of PHP script, but believe me, the diffrence between access to http://somdomain.tld/config.php and Play's conf/application.conf is huge. They can't be compared directly.
Storing credentials in application.conf is the safest (and fastest) way for now, I can't imagine a way to decompile the file in browser even if parser would die (which isn't possible as it's not PHP). If you'll decide to store credentials in some distant location, you'll gain the new risk, as you will need to additionally check if client has permissions to get the config, time required for application's start will rise etc, etc.
Update 1:
Using environment variables is not a secure way - as Marius pointed, it will appear in the process list, so you will show your credentials to each admin and I'm pretty sure that you don't want do that with ie. your email.
In Heroku of course it's a way for passing their DB connection URL, but other credentials should be stored in config file. Finally remember that Procfile command length is limited to 255 chars, so placing all credential in it will cause, that your app won't start some day.
Resolution in this case is using alernative configuration files, scenario is quite simple
in your application.conf keep an URL to your production database If it's Heroku most probably db.default.user and db.default.password should be commented as common heroku URL contains credentials in it.
For your local version create a file ie: conf/local_postgres.conf include application.conf at the beginning and override/add all required configuration keys like credentials to your local Postgres DB. Additionally you can set there other things, change logging levels, enable smtp.mock, etc.
Run your app locally with this conf. (note, I had some problem with -Dconfig.resource so I had to use -Dconfig.file syntax instead, you have to find which method will be working good in your system) ie.
play -Dconfig.resource=local_postgres.conf "~run 9123"
Tip: Using non default port is the easiest way to "demonstrate" that you're working with local config. If you'll forget that you have alternative config and will start your app with common play ~run command, your app in location http://localhost:9123 will be just unavailable.
Create a bash script run-local (or run-local.bat file in Windows) and place there command from previous point. Ignore it in .gitignore file.
From now you'll be running the application for local development with the script from point 4. While pushing to Heroku it will deploy your app with values from application.conf as you don't set alternative config in the Procfile. What's more with some other combinations you can run locally your application with Heroku's SQL to perform evolutions without pushing it to deployment, or check newest fix-pack. Of course you have to always make sure that you're developing on the local version of database, otherwise there's a risk that you accidentally change/destroy your life data.
Update 2:
Finally using *.conf files is better than storing it in separate classes in case when you have to change configuration for different locations (as mentioned yet, team working on the same code, dev/prod environments etc.)
Of course can be shortened to:
import play.Configuration;
import play.Play;
// ...
Configuration cfg = Play.application().configuration();
cfg.getString("smtp.password");
cfg.getBoolean("smtp.mock");
cfg.getInt("smtp.port");