wgDBssl is a bool setting
On Sunday, July 26, 2015, Tim Dunphy <bluethundr(a)gmail.com> wrote:
The database is actually load balanced behind
HA/Proxy. I'm testing from
one webserver currently, the other two web servers have been left out of
the pool.
The connection from the command line as well as the wiki site goes:
web server -> lb1 -> db1
I can log into db1 from both the web server as well as the load balancer
using the SSL account.
I altered my connection string in LocalSettings.php so that it looks like
this:
## Database settings
$wgLBFactoryConf['class'] = 'LBFactorySimple';
$wgDBservers = '';
$wgDBtype = "mysql";
$wgDBserver = "db.example.com";
$wgDBssl = "db.example.com";
$wgDBname = "jfwiki";
$wgDBuser = "admini_ssl";
$wgDBpassword = "secret";
But I'm getting the same error that points to the load balancer IP in the
error message:
(Cannot access the database: Access denied for user 'admini_ssl'@'
ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) (
db.example.com))
'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer.
Any ideas on why this is still happening?
Thanks,
TIm
On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <bluethundr(a)gmail.com
<javascript:;>> wrote:
https://www.mediawiki.org/wiki/Manual:$wgDBssl
Very cool! Thank you! I'll check this out!
On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <emufarmers(a)gmail.com
<javascript:;>>
wrote:
>
https://www.mediawiki.org/wiki/Manual:$wgDBssl
>
> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <bluethundr(a)gmail.com
<javascript:;>> wrote:
> > Hi all,
> >
> > I just added a remote database to my media wiki setup. I can access
> the
> > database from the command line and using that info the wiki site shows
> up
> > in a browser and works.
> >
> > But some of the data is sensitive so I need to add an ssl user to
> access
> > the database.
> >
> > If i add an ssl user to the db, I can also access it from the command
> line
> > of the web server no problem:
> >
> > [root@ops:~] #mysql -uadmin_ssl -p -h
db.example.com -e "SHOW
> DATABASES"
> > Enter password:
> > +--------------------+
> > | Database |
> > +--------------------+
> > | certs |
> > | information_schema |
> > | jfwiki |
> > | mysql |
> > | performance_schema |
> > +--------------------+
> >
> > But with the ssl user in place in LocalSettings.php, I'm getting this
> > response from the browser:
> >
> > Sorry! This site is experiencing technical difficulties.
> >
> > Try waiting a few minutes and reloading.
> >
> > *(Cannot access the database: Access denied for user
> > 'admin_ssl'(a)'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
> > <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password:
> YES)
> > (
db.example.com <http://db.example.com>))*
> >
> > You can try searching via Google in the meantime.
> > Note that their indexes of our content may be out of date.
> >
> > JF Wiki WWW
> >
> > This is what the grant for the user looks like in the database:
> >
> > MariaDB [(none)]> show grants for 'admin_ssl'@'
> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com';
> >
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> > | Grants for
admin_ssl(a)ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
<javascript:;>
> >
> > |
> >
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> > | GRANT ALL PRIVILEGES ON *.* TO
'admin_ssl'@'
> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD
> > '*somePasswordHash' REQUIRE SSL |
> >
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
I was just wondering what I'd need to do to make this work!! All
suggestions welcomed.
Thanks,
Tim
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l