I'm glad this works but I'd recommend using =true instead of =1 since 1 is not a boolean, it's an integer.
This may work now but could unexpectedly break in a minor update. — Krinkle Cool! Just took your advice. Thanks for the tip! On Tue, Jul 28, 2015 at 10:42 PM, Krinkle <[email protected]> wrote: > I'm glad this works but I'd recommend using =true instead of =1 since 1 is > not a boolean, it's an integer. > > This may work now but could unexpectedly break in a minor update. > > — Krinkle > > > On 26 Jul 2015, at 18:47, Tim Dunphy <[email protected]> wrote: > > > >> > >> wgDBssl is a bool setting > > > > > > Ok, thanks for that info! So this is the what I tried. > > > > > > ## Database settings > > $wgLBFactoryConf['class'] = 'LBFactorySimple'; > > $wgDBservers = ''; > > $wgDBtype = "mysql"; > > $wgDBserver = "xx.xx.xx"; > > $wgDBssl = 1; > > $wgDBname = "jfwiki"; > > $wgDBuser = "admin_ssl"; > > $wgDBpassword = "secret"; > > > > Bingo!! That one put me over the top. The wiki page comes up. > > > > Thanks for the help!! > > > > All set with SSL connections to the DB. Glad I found out how to do that. > > > > Tim > > > > > > > > > > On Sun, Jul 26, 2015 at 8:30 PM, John <[email protected]> wrote: > > > >> wgDBssl is a bool setting > >> > >> On Sunday, July 26, 2015, Tim Dunphy <[email protected]> wrote: > >> > >>> The database is actually load balanced behind HA/Proxy. I'm testing > from > >>> one webserver currently, the other two web servers have been left out > of > >>> the pool. > >>> > >>> The connection from the command line as well as the wiki site goes: > >>> > >>> web server -> lb1 -> db1 > >>> > >>> I can log into db1 from both the web server as well as the load > balancer > >>> using the SSL account. > >>> > >>> I altered my connection string in LocalSettings.php so that it looks > like > >>> this: > >>> > >>> ## Database settings > >>> $wgLBFactoryConf['class'] = 'LBFactorySimple'; > >>> $wgDBservers = ''; > >>> $wgDBtype = "mysql"; > >>> $wgDBserver = "db.example.com"; > >>> $wgDBssl = "db.example.com"; > >>> $wgDBname = "jfwiki"; > >>> $wgDBuser = "admini_ssl"; > >>> $wgDBpassword = "secret"; > >>> > >>> But I'm getting the same error that points to the load balancer IP in > the > >>> error message: > >>> > >>> (Cannot access the database: Access denied for user 'admini_ssl'@' > >>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) ( > >>> db.example.com)) > >>> > >>> > >>> 'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer. > >>> > >>> Any ideas on why this is still happening? > >>> > >>> Thanks, > >>> TIm > >>> > >>> On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <[email protected] > >>> <javascript:;>> wrote: > >>> > >>>> https://www.mediawiki.org/wiki/Manual:$wgDBssl > >>>> > >>>> > >>>> Very cool! Thank you! I'll check this out! > >>>> > >>>> On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <[email protected] > >>> <javascript:;>> > >>>> wrote: > >>>> > >>>>> https://www.mediawiki.org/wiki/Manual:$wgDBssl > >>>>> > >>>>> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <[email protected] > >>> <javascript:;>> wrote: > >>>>>> Hi all, > >>>>>> > >>>>>> I just added a remote database to my media wiki setup. I can > >> access > >>>>> the > >>>>>> database from the command line and using that info the wiki site > >> shows > >>>>> up > >>>>>> in a browser and works. > >>>>>> > >>>>>> But some of the data is sensitive so I need to add an ssl user to > >>>>> access > >>>>>> the database. > >>>>>> > >>>>>> If i add an ssl user to the db, I can also access it from the > >> command > >>>>> line > >>>>>> of the web server no problem: > >>>>>> > >>>>>> [root@ops:~] #mysql -uadmin_ssl -p -h db.example.com -e "SHOW > >>>>> DATABASES" > >>>>>> Enter password: > >>>>>> +--------------------+ > >>>>>> | Database | > >>>>>> +--------------------+ > >>>>>> | certs | > >>>>>> | information_schema | > >>>>>> | jfwiki | > >>>>>> | mysql | > >>>>>> | performance_schema | > >>>>>> +--------------------+ > >>>>>> > >>>>>> But with the ssl user in place in LocalSettings.php, I'm getting > >> this > >>>>>> response from the browser: > >>>>>> > >>>>>> Sorry! This site is experiencing technical difficulties. > >>>>>> > >>>>>> Try waiting a few minutes and reloading. > >>>>>> > >>>>>> *(Cannot access the database: Access denied for user > >>>>>> 'admin_ssl'@'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com > >>>>>> <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password: > >>>>> YES) > >>>>>> (db.example.com <http://db.example.com>))* > >>>>>> > >>>>>> You can try searching via Google in the meantime. > >>>>>> Note that their indexes of our content may be out of date. > >>>>>> > >>>>>> JF Wiki WWW > >>>>>> > >>>>>> This is what the grant for the user looks like in the database: > >>>>>> > >>>>>> MariaDB [(none)]> show grants for 'admin_ssl'@' > >>>>>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com'; > >>>>>> > >>>>> > >>> > >> > +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ > >>>>>> | Grants for [email protected] > >>> <javascript:;> > >>>>>> > >>>>>> | > >>>>>> > >>>>> > >>> > >> > +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ > >>>>>> | GRANT ALL PRIVILEGES ON *.* TO 'admin_ssl'@' > >>>>>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD > >>>>>> '*somePasswordHash' REQUIRE SSL | > >>>>>> > >>>>> > >>> > >> > +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ > >>>>>> 1 row in set (0.00 sec) > >>>>>> > >>>>>> I was just wondering what I'd need to do to make this work!! All > >>>>>> suggestions welcomed. > >>>>>> > >>>>>> Thanks, > >>>>>> Tim > >>>>>> > >>>>>> -- > >>>>>> GPG me!! > >>>>>> > >>>>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > >>>>>> _______________________________________________ > >>>>>> MediaWiki-l mailing list > >>>>>> To unsubscribe, go to: > >>>>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > >>>>> > >>>>> _______________________________________________ > >>>>> MediaWiki-l mailing list > >>>>> To unsubscribe, go to: > >>>>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> GPG me!! > >>>> > >>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > >>>> > >>>> > >>> > >>> > >>> -- > >>> GPG me!! > >>> > >>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > >>> _______________________________________________ > >>> MediaWiki-l mailing list > >>> To unsubscribe, go to: > >>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > >>> > >> _______________________________________________ > >> MediaWiki-l mailing list > >> To unsubscribe, go to: > >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > >> > > > > > > > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > _______________________________________________ > > MediaWiki-l mailing list > > To unsubscribe, go to: > > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
