Ok, thanks for that info! So this is the what I tried.
## Database settings
$wgLBFactoryConf['class'] = 'LBFactorySimple';
$wgDBservers = '';
$wgDBtype = "mysql";
$wgDBserver = "xx.xx.xx";
$wgDBssl = 1;
$wgDBname = "jfwiki";
$wgDBuser = "admin_ssl";
$wgDBpassword = "secret";
Bingo!! That one put me over the top. The wiki page comes up.
Thanks for the help!!
All set with SSL connections to the DB. Glad I found out how to do that.
Tim
On Sun, Jul 26, 2015 at 8:30 PM, John <phoenixoverride(a)gmail.com> wrote:
wgDBssl is a bool setting
On Sunday, July 26, 2015, Tim Dunphy <bluethundr(a)gmail.com> wrote:
The database is actually load balanced behind
HA/Proxy. I'm testing from
one webserver currently, the other two web servers have been left out of
the pool.
The connection from the command line as well as the wiki site goes:
web server -> lb1 -> db1
I can log into db1 from both the web server as well as the load balancer
using the SSL account.
I altered my connection string in LocalSettings.php so that it looks like
this:
## Database settings
$wgLBFactoryConf['class'] = 'LBFactorySimple';
$wgDBservers = '';
$wgDBtype = "mysql";
$wgDBserver = "db.example.com";
$wgDBssl = "db.example.com";
$wgDBname = "jfwiki";
$wgDBuser = "admini_ssl";
$wgDBpassword = "secret";
But I'm getting the same error that points to the load balancer IP in the
error message:
(Cannot access the database: Access denied for user 'admini_ssl'@'
ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) (
db.example.com))
'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer.
Any ideas on why this is still happening?
Thanks,
TIm
On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <bluethundr(a)gmail.com
<javascript:;>> wrote:
https://www.mediawiki.org/wiki/Manual:$wgDBssl
Very cool! Thank you! I'll check this out!
On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <emufarmers(a)gmail.com
<javascript:;>>
wrote:
>
https://www.mediawiki.org/wiki/Manual:$wgDBssl
>
> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <bluethundr(a)gmail.com
<javascript:;>> wrote:
>>> Hi all,
>>>
>>> I just added a remote database to my media wiki setup. I can
access
>> the
>>> database from the command line and using that info the wiki site
shows
>> up
>>> in a browser and works.
>>>
>>> But some of the data is sensitive so I need to add an ssl user to
>> access
>>> the database.
>>>
>>> If i add an ssl user to the db, I can also access it from the
command
>> line
>>> of the web server no problem:
>>>
>>> [root@ops:~] #mysql -uadmin_ssl -p -h
db.example.com -e "SHOW
>> DATABASES"
>>> Enter password:
>>> +--------------------+
>>> | Database |
>>> +--------------------+
>>> | certs |
>>> | information_schema |
>>> | jfwiki |
>>> | mysql |
>>> | performance_schema |
>>> +--------------------+
>>>
>>> But with the ssl user in place in LocalSettings.php, I'm getting
this
>>
response from the browser:
>>
>> Sorry! This site is experiencing technical difficulties.
>>
>> Try waiting a few minutes and reloading.
>>
>> *(Cannot access the database: Access denied for user
>> 'admin_ssl'(a)'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
>> <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password:
> YES)
>> (
db.example.com <http://db.example.com>))*
>>
>> You can try searching via Google in the meantime.
>> Note that their indexes of our content may be out of date.
>>
>> JF Wiki WWW
>>
>> This is what the grant for the user looks like in the database:
>>
>> MariaDB [(none)]> show grants for 'admin_ssl'@'
>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com';
>>
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> |
Grants for admin_ssl(a)ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
<javascript:;>
>>
>> |
>>
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> |
GRANT ALL PRIVILEGES ON *.* TO 'admin_ssl'@'
>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD
>> '*somePasswordHash' REQUIRE SSL |
>>
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> 1
row in set (0.00 sec)
>>
>> I was just wondering what I'd need to do to make this work!! All
>> suggestions welcomed.
>>
>> Thanks,
>> Tim
>>
>> --
>> GPG me!!
>>
>> gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to: