Ok, thanks for that info! So this is the what I tried.
## Database settings
$wgLBFactoryConf['class'] = 'LBFactorySimple';
$wgDBservers = '';
$wgDBtype = "mysql";
$wgDBserver = "xx.xx.xx";
$wgDBssl = 1;
$wgDBname = "jfwiki";
$wgDBuser = "admin_ssl";
$wgDBpassword = "secret";
Bingo!! That one put me over the top. The wiki page comes up.
Thanks for the help!!
All set with SSL connections to the DB. Glad I found out how to do that.
Tim
On Sun, Jul 26, 2015 at 8:30 PM, John <phoenixoverride(a)gmail.com> wrote:
wgDBssl is a bool setting
On Sunday, July 26, 2015, Tim Dunphy <bluethundr(a)gmail.com> wrote:
The database is actually load balanced behind
HA/Proxy. I'm testing from
one webserver currently, the other two web servers have been left out of
the pool.
The connection from the command line as well as the wiki site goes:
web server -> lb1 -> db1
I can log into db1 from both the web server as well as the load balancer
using the SSL account.
I altered my connection string in LocalSettings.php so that it looks like
this:
## Database settings
$wgLBFactoryConf['class'] = 'LBFactorySimple';
$wgDBservers = '';
$wgDBtype = "mysql";
$wgDBserver = "db.example.com";
$wgDBssl = "db.example.com";
$wgDBname = "jfwiki";
$wgDBuser = "admini_ssl";
$wgDBpassword = "secret";
But I'm getting the same error that points to the load balancer IP in the
error message:
(Cannot access the database: Access denied for user 'admini_ssl'@'
ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) (
db.example.com))
'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer.
Any ideas on why this is still happening?
Thanks,
TIm
On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <bluethundr(a)gmail.com
<javascript:;>> wrote:
https://www.mediawiki.org/wiki/Manual:$wgDBssl
Very cool! Thank you! I'll check this out!
On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <emufarmers(a)gmail.com
<javascript:;>>
wrote:
>
https://www.mediawiki.org/wiki/Manual:$wgDBssl
>
> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <bluethundr(a)gmail.com
<javascript:;>> wrote:
>> > Hi all,
>> >
>> > I just added a remote database to my media wiki setup. I can
access
>> the
>> > database from the command line and using that info the wiki site
shows
>> up
>> > in a browser and works.
>> >
>> > But some of the data is sensitive so I need to add an ssl user to
>> access
>> > the database.
>> >
>> > If i add an ssl user to the db, I can also access it from the
command
>> line
>> > of the web server no problem:
>> >
>> > [root@ops:~] #mysql -uadmin_ssl -p -h
db.example.com -e "SHOW
>> DATABASES"
>> > Enter password:
>> > +--------------------+
>> > | Database |
>> > +--------------------+
>> > | certs |
>> > | information_schema |
>> > | jfwiki |
>> > | mysql |
>> > | performance_schema |
>> > +--------------------+
>> >
>> > But with the ssl user in place in LocalSettings.php, I'm getting
this
> >
response from the browser:
> >
> > Sorry! This site is experiencing technical difficulties.
> >
> > Try waiting a few minutes and reloading.
> >
> > *(Cannot access the database: Access denied for user
> > 'admin_ssl'(a)'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
> > <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password:
> YES)
> > (
db.example.com <http://db.example.com>))*
> >
> > You can try searching via Google in the meantime.
> > Note that their indexes of our content may be out of date.
> >
> > JF Wiki WWW
> >
> > This is what the grant for the user looks like in the database:
> >
> > MariaDB [(none)]> show grants for 'admin_ssl'@'
> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com';
> >
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> >
| Grants for admin_ssl(a)ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
<javascript:;>
> >
> > |
> >
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> >
| GRANT ALL PRIVILEGES ON *.* TO 'admin_ssl'@'
> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD
> > '*somePasswordHash' REQUIRE SSL |
> >
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> 1 row in set (0.00 sec)
>
> I was just wondering what I'd need to do to make this work!! All
> suggestions welcomed.
>
> Thanks,
> Tim
>
> --
> GPG me!!
>
> gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l