I'm glad this works but I'd recommend using =true instead of =1 since 1 is not a boolean, it's an integer.
This may work now but could unexpectedly break in a minor update. — Krinkle > On 26 Jul 2015, at 18:47, Tim Dunphy <[email protected]> wrote: > >> >> wgDBssl is a bool setting > > > Ok, thanks for that info! So this is the what I tried. > > > ## Database settings > $wgLBFactoryConf['class'] = 'LBFactorySimple'; > $wgDBservers = ''; > $wgDBtype = "mysql"; > $wgDBserver = "xx.xx.xx"; > $wgDBssl = 1; > $wgDBname = "jfwiki"; > $wgDBuser = "admin_ssl"; > $wgDBpassword = "secret"; > > Bingo!! That one put me over the top. The wiki page comes up. > > Thanks for the help!! > > All set with SSL connections to the DB. Glad I found out how to do that. > > Tim > > > > > On Sun, Jul 26, 2015 at 8:30 PM, John <[email protected]> wrote: > >> wgDBssl is a bool setting >> >> On Sunday, July 26, 2015, Tim Dunphy <[email protected]> wrote: >> >>> The database is actually load balanced behind HA/Proxy. I'm testing from >>> one webserver currently, the other two web servers have been left out of >>> the pool. >>> >>> The connection from the command line as well as the wiki site goes: >>> >>> web server -> lb1 -> db1 >>> >>> I can log into db1 from both the web server as well as the load balancer >>> using the SSL account. >>> >>> I altered my connection string in LocalSettings.php so that it looks like >>> this: >>> >>> ## Database settings >>> $wgLBFactoryConf['class'] = 'LBFactorySimple'; >>> $wgDBservers = ''; >>> $wgDBtype = "mysql"; >>> $wgDBserver = "db.example.com"; >>> $wgDBssl = "db.example.com"; >>> $wgDBname = "jfwiki"; >>> $wgDBuser = "admini_ssl"; >>> $wgDBpassword = "secret"; >>> >>> But I'm getting the same error that points to the load balancer IP in the >>> error message: >>> >>> (Cannot access the database: Access denied for user 'admini_ssl'@' >>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) ( >>> db.example.com)) >>> >>> >>> 'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer. >>> >>> Any ideas on why this is still happening? >>> >>> Thanks, >>> TIm >>> >>> On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <[email protected] >>> <javascript:;>> wrote: >>> >>>> https://www.mediawiki.org/wiki/Manual:$wgDBssl >>>> >>>> >>>> Very cool! Thank you! I'll check this out! >>>> >>>> On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <[email protected] >>> <javascript:;>> >>>> wrote: >>>> >>>>> https://www.mediawiki.org/wiki/Manual:$wgDBssl >>>>> >>>>> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <[email protected] >>> <javascript:;>> wrote: >>>>>> Hi all, >>>>>> >>>>>> I just added a remote database to my media wiki setup. I can >> access >>>>> the >>>>>> database from the command line and using that info the wiki site >> shows >>>>> up >>>>>> in a browser and works. >>>>>> >>>>>> But some of the data is sensitive so I need to add an ssl user to >>>>> access >>>>>> the database. >>>>>> >>>>>> If i add an ssl user to the db, I can also access it from the >> command >>>>> line >>>>>> of the web server no problem: >>>>>> >>>>>> [root@ops:~] #mysql -uadmin_ssl -p -h db.example.com -e "SHOW >>>>> DATABASES" >>>>>> Enter password: >>>>>> +--------------------+ >>>>>> | Database | >>>>>> +--------------------+ >>>>>> | certs | >>>>>> | information_schema | >>>>>> | jfwiki | >>>>>> | mysql | >>>>>> | performance_schema | >>>>>> +--------------------+ >>>>>> >>>>>> But with the ssl user in place in LocalSettings.php, I'm getting >> this >>>>>> response from the browser: >>>>>> >>>>>> Sorry! This site is experiencing technical difficulties. >>>>>> >>>>>> Try waiting a few minutes and reloading. >>>>>> >>>>>> *(Cannot access the database: Access denied for user >>>>>> 'admin_ssl'@'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com >>>>>> <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password: >>>>> YES) >>>>>> (db.example.com <http://db.example.com>))* >>>>>> >>>>>> You can try searching via Google in the meantime. >>>>>> Note that their indexes of our content may be out of date. >>>>>> >>>>>> JF Wiki WWW >>>>>> >>>>>> This is what the grant for the user looks like in the database: >>>>>> >>>>>> MariaDB [(none)]> show grants for 'admin_ssl'@' >>>>>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com'; >>>>>> >>>>> >>> >> +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ >>>>>> | Grants for [email protected] >>> <javascript:;> >>>>>> >>>>>> | >>>>>> >>>>> >>> >> +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ >>>>>> | GRANT ALL PRIVILEGES ON *.* TO 'admin_ssl'@' >>>>>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD >>>>>> '*somePasswordHash' REQUIRE SSL | >>>>>> >>>>> >>> >> +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ >>>>>> 1 row in set (0.00 sec) >>>>>> >>>>>> I was just wondering what I'd need to do to make this work!! All >>>>>> suggestions welcomed. >>>>>> >>>>>> Thanks, >>>>>> Tim >>>>>> >>>>>> -- >>>>>> GPG me!! >>>>>> >>>>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >>>>>> _______________________________________________ >>>>>> MediaWiki-l mailing list >>>>>> To unsubscribe, go to: >>>>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >>>>> >>>>> _______________________________________________ >>>>> MediaWiki-l mailing list >>>>> To unsubscribe, go to: >>>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >>>>> >>>> >>>> >>>> >>>> -- >>>> GPG me!! >>>> >>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >>>> >>>> >>> >>> >>> -- >>> GPG me!! >>> >>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >>> _______________________________________________ >>> MediaWiki-l mailing list >>> To unsubscribe, go to: >>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >>> >> _______________________________________________ >> MediaWiki-l mailing list >> To unsubscribe, go to: >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
