I use Nginx for my webserver, and have MariaDB installed with PhpMyAdmin as webgui. The server which it runs is public, and not a private local ip home server. I have also binded a domain to this server. To run everything, I've chosen to use Docker containers. Everything is setting up really well from getting images and so ever. At the moment, I have Nginx working with my main domain and subdomains. Surely, I came at a breakpoint. I wanted, for my (remote) connection to PhpMyAdmin to use tls certificates between PMA itself and MariaDB. In this case, it is needed for PMA to let me know that it is secured. So, that this message is gone:
And after the login, under database as Server Connection: SSL not being used - that also changes.
But, the important thing is that I have a my.cnf for my MariaDB instance. In that file, I have a couple lines of what's needed:
[mysqld]
### MySQL Server ###
## Securing the Database with ssl option and certificates ##
ssl = true
ssl-ca = /etc/mysql/ssl/ca-cert.pem
ssl-cert = /etc/mysql/ssl/server-cert.pem
ssl-key = /etc/mysql/ssl/server-key.pem
ssl-cipher = DHE-RSA-AES256-SHA
My cert files are correctly in that path, and inside the MariaDB container listed with the cipher:
But, it says yes for the have_openssl and for the have_ssl that it is disabled. I've done research about this problem in the past days and I cannot get it to work properly. Also, I checked the permissions on the files and made sure there are execute rights. I readed somewhere else that in normal situation without the containers, it needs the permissions set to be for the mysql user. Since I do not have a mysql user, do I ask if it is needed to make one.
How can I fix this issue, that MariaDB has 'have_ssl' on yes and it is configured right? Also, if MariaDB is set up. Do I need to fill in the config for PMA with the files or?
Related
I've set up MySQL to be accessible by TLS authenticated connections only. However, when attempting to access the connection to the server,
having specified the [client] connection in .my.cnf on the client the connection fails to use them to authenticate
but if they are not specified in /my.cnf but just dumped (as they were before) in /etc/ssl/certs/ then the connection picks them up.
The guide I've been working through is https://openvpn.net/vpn-server-resources/configuration-database-management-and-backups/#create-ssl-connection-to-mysql using the on-prem stream. However to test it explicitly I've been connecting from the host at the command line. I've been consulting https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html
I've confirmed that the connection uses the certificates using \s in MySQL from the connection at the command line. However I don't know how I can force the certificates to be the specified ones in .my.cnf, to make the deployment explicit. So the question is explicitly: Why is MySQL picking up the certificates automatically yet can't when they are specified in .my.cnf.
I have managed to have turned on SSL connection (require_secure_transport=ON) on MySQL server 5.7. It works fine for both remote and localhost users. However, I don't want the localhost users connected via SSL connection. However can I exempt the local user from the SSL requirement? thanks
I believe the only way to do this would be to update the global configuration to require_secure_transport=OFF and then for every remote user set REQUIRE SSL flag. Essentially switching to an opt-in type of setup for SSL.
The issue with this is you'd have to remember to add this flag every time you add a new remote user, and could easily be forgotten. May be safer bet to resolve any issues with connecting over SSL locally instead.
I just use IDEA recently and want to use IDEA to connect MySQL(8.0.12).but the IDEA indicate below
However, I use cmd could connect to my database,thus I did not configure out the problem.
I am in serah of many ways to solve this problem on tech forum but those are not working.
change mysql to lower version driver
set time_zone
add properties on url
There are a couple of things to check to solve the 'Communications links' failure.
One thing in particular is to check whether your MySQL server accepts TCP connections. In your terminal, it looks like you are using named pipes.
Make sure your MySQL server allows TCP connections; check for the bind-address configuration in mysql.ini under [mysqld] section. Its value should be at least 127.0.0.1, or set it as * to bind to all (not always a good idea).
Another point is the skip_networking configuration. Check if you have that, and remove and restart MySQL server. I believe this is set by default when you are installing MySQL.
(Also note that 8.0.17 is 'ancient' already).
I've run into a problem. I have a Google Cloud SQL instance (Second Generation) and I use it as a master to run my own replication slave from. It all works fine, but I'm trying to change the connection to use SSL and failing. I have followed a variety of guides...
I've tried putting this in my.cnf
[client]
ssl-ca=server-ca.pem
ssl-cert=client-cert.pem
ssl-key=client-key.pem
I've also tried putting those lines under the [mysqld] heading. I've changed the slave to use SSL using
CHANGE MASTER TO MASTER_SSL=1;
I've put the word ssl in my.cnf (this causes the connection to fail). I've also tried to change the slave using
CHANGE MASTER TO MASTER_SSL=1, MASTER_SSL_CA = 'ca-cert.pem', MASTER_SSL_CERT = 'client-cert.pem', MASTER_SSL_KEY = 'client-key.pem';
Nothing will make it use SSL. If I query the slave is says SSL is disabled but putting ssl in the [mysqld] section stops replication working.
The certificates themselves are all downloaded from the instance and work fine in a PHP database class I use to connect from a different server.
Does anyone have any experience with this? I know it's failing as I've used tcpdump to watch the port and also \s in the MySQL console says SSL is off.
MySQL on the slave is version: 5.6.38-log MySQL Community Server (GPL).
On Google it reports MySQL 5.6
Thanks in advance!
Found the issue, I hadn't installed mysql-devel, now working
I use WampServer (Apache, PHP, MySQL) and have no problems when some kind of network adapter(wireless or lan) is connected (i.e. Local Area Connection has status connected) even if i am not connected to the internet (for example when i am connected to the router but that is not connected to the internet).
When there is no network connection, I get a php error like MySQL could not connect to 127.0.0.1 on port 3306.
Interestingly, telnet 127.0.0.1 3306 says that it could not connect to the port, even when the server and MySQL are running fine (i.e. when some kind of local area connection is connected).
So I turned off all kinds of firewall (antivirus and Windows) but still no difference in anything. And that is why this issue is quite puzzling.
Things I have already tried (will update this list along the way):
The skip-networking directive in my.ini.
You could modify your MySQL server and client configuration to connect to one another using a named pipe instead of a TCP/IP loopback connection. That way, the current state of the network connection should have less impact.
To do so, start the server with --enable-named-pipe or the corresponding config file setting, and execute the client with --pipe or --protocol=PIPE. Similar configurations should be available for your PHP connector as well. It may depend on which library you use there, and whether or not it will take the mentioned configuration settings from the my.ini file (settings without leading -- there).