The database is actually load balanced behind HA/Proxy. I'm testing from one webserver currently, the other two web servers have been left out of the pool.
The connection from the command line as well as the wiki site goes: web server -> lb1 -> db1 I can log into db1 from both the web server as well as the load balancer using the SSL account. I altered my connection string in LocalSettings.php so that it looks like this: ## Database settings $wgLBFactoryConf['class'] = 'LBFactorySimple'; $wgDBservers = ''; $wgDBtype = "mysql"; $wgDBserver = "db.example.com"; $wgDBssl = "db.example.com"; $wgDBname = "jfwiki"; $wgDBuser = "admini_ssl"; $wgDBpassword = "secret"; But I'm getting the same error that points to the load balancer IP in the error message: (Cannot access the database: Access denied for user 'admini_ssl'@' ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) ( db.example.com)) 'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer. Any ideas on why this is still happening? Thanks, TIm On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <[email protected]> wrote: > https://www.mediawiki.org/wiki/Manual:$wgDBssl > > > Very cool! Thank you! I'll check this out! > > On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <[email protected]> > wrote: > >> https://www.mediawiki.org/wiki/Manual:$wgDBssl >> >> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <[email protected]> wrote: >> > Hi all, >> > >> > I just added a remote database to my media wiki setup. I can access >> the >> > database from the command line and using that info the wiki site shows >> up >> > in a browser and works. >> > >> > But some of the data is sensitive so I need to add an ssl user to >> access >> > the database. >> > >> > If i add an ssl user to the db, I can also access it from the command >> line >> > of the web server no problem: >> > >> > [root@ops:~] #mysql -uadmin_ssl -p -h db.example.com -e "SHOW >> DATABASES" >> > Enter password: >> > +--------------------+ >> > | Database | >> > +--------------------+ >> > | certs | >> > | information_schema | >> > | jfwiki | >> > | mysql | >> > | performance_schema | >> > +--------------------+ >> > >> > But with the ssl user in place in LocalSettings.php, I'm getting this >> > response from the browser: >> > >> > Sorry! This site is experiencing technical difficulties. >> > >> > Try waiting a few minutes and reloading. >> > >> > *(Cannot access the database: Access denied for user >> > 'admin_ssl'@'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com >> > <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password: >> YES) >> > (db.example.com <http://db.example.com>))* >> > >> > You can try searching via Google in the meantime. >> > Note that their indexes of our content may be out of date. >> > >> > JF Wiki WWW >> > >> > This is what the grant for the user looks like in the database: >> > >> > MariaDB [(none)]> show grants for 'admin_ssl'@' >> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com'; >> > >> +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ >> > | Grants for [email protected] >> > >> > | >> > >> +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ >> > | GRANT ALL PRIVILEGES ON *.* TO 'admin_ssl'@' >> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD >> > '*somePasswordHash' REQUIRE SSL | >> > >> +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ >> > 1 row in set (0.00 sec) >> > >> > I was just wondering what I'd need to do to make this work!! All >> > suggestions welcomed. >> > >> > Thanks, >> > Tim >> > >> > -- >> > GPG me!! >> > >> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >> > _______________________________________________ >> > MediaWiki-l mailing list >> > To unsubscribe, go to: >> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >> >> _______________________________________________ >> MediaWiki-l mailing list >> To unsubscribe, go to: >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
