I'm glad this works but I'd recommend using =true instead of =1 since 1 is
not a boolean, it's an integer.
This may work now but could unexpectedly break in a minor update.
— Krinkle
Cool! Just took your advice. Thanks for the tip!
On Tue, Jul 28, 2015 at 10:42 PM, Krinkle <krinklemail(a)gmail.com> wrote:
I'm glad this works but I'd recommend using
=true instead of =1 since 1 is
not a boolean, it's an integer.
This may work now but could unexpectedly break in a minor update.
— Krinkle
On 26 Jul 2015, at 18:47, Tim Dunphy
<bluethundr(a)gmail.com> wrote:
wgDBssl is a bool setting
Ok, thanks for that info! So this is the what I tried.
## Database settings
$wgLBFactoryConf['class'] = 'LBFactorySimple';
$wgDBservers = '';
$wgDBtype = "mysql";
$wgDBserver = "xx.xx.xx";
$wgDBssl = 1;
$wgDBname = "jfwiki";
$wgDBuser = "admin_ssl";
$wgDBpassword = "secret";
Bingo!! That one put me over the top. The wiki page comes up.
Thanks for the help!!
All set with SSL connections to the DB. Glad I found out how to do that.
Tim
On Sun, Jul 26, 2015 at 8:30 PM, John <phoenixoverride(a)gmail.com> wrote:
> wgDBssl is a bool setting
>
> On Sunday, July 26, 2015, Tim Dunphy <bluethundr(a)gmail.com> wrote:
>
>> The database is actually load balanced behind HA/Proxy. I'm testing
from
>> one webserver currently, the other two
web servers have been left out
of
>> the pool.
>>
>> The connection from the command line as well as the wiki site goes:
>>
>> web server -> lb1 -> db1
>>
>> I can log into db1 from both the web server as well as the load
balancer
>> using the SSL account.
>>
>> I altered my connection string in LocalSettings.php so that it looks
like
>> this:
>>
>> ## Database settings
>> $wgLBFactoryConf['class'] = 'LBFactorySimple';
>> $wgDBservers = '';
>> $wgDBtype = "mysql";
>> $wgDBserver = "db.example.com";
>> $wgDBssl = "db.example.com";
>> $wgDBname = "jfwiki";
>> $wgDBuser = "admini_ssl";
>> $wgDBpassword = "secret";
>>
>> But I'm getting the same error that points to the load balancer IP in
the
>> error message:
>>
>> (Cannot access the database: Access denied for user 'admini_ssl'@'
>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) (
>> db.example.com))
>>
>>
>> 'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer.
>>
>> Any ideas on why this is still happening?
>>
>> Thanks,
>> TIm
>>
>> On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <bluethundr(a)gmail.com
>> <javascript:;>> wrote:
>>
>>>
https://www.mediawiki.org/wiki/Manual:$wgDBssl
>>>
>>>
>>> Very cool! Thank you! I'll check this out!
>>>
>>> On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <emufarmers(a)gmail.com
>> <javascript:;>>
>>> wrote:
>>>
>>>>
https://www.mediawiki.org/wiki/Manual:$wgDBssl
>>>>
>>>> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <bluethundr(a)gmail.com
>> <javascript:;>> wrote:
>>>>> Hi all,
>>>>>
>>>>> I just added a remote database to my media wiki setup. I can
> access
>>>> the
>>>>> database from the command line and using that info the wiki site
> shows
>>>> up
>>>>> in a browser and works.
>>>>>
>>>>> But some of the data is sensitive so I need to add an ssl user to
>>>> access
>>>>> the database.
>>>>>
>>>>> If i add an ssl user to the db, I can also access it from the
> command
>>>> line
>>>>> of the web server no problem:
>>>>>
>>>>> [root@ops:~] #mysql -uadmin_ssl -p -h
db.example.com -e "SHOW
>>>> DATABASES"
>>>>> Enter password:
>>>>> +--------------------+
>>>>> | Database |
>>>>> +--------------------+
>>>>> | certs |
>>>>> | information_schema |
>>>>> | jfwiki |
>>>>> | mysql |
>>>>> | performance_schema |
>>>>> +--------------------+
>>>>>
>>>>> But with the ssl user in place in LocalSettings.php, I'm getting
> this
>>>>> response from the browser:
>>>>>
>>>>> Sorry! This site is experiencing technical difficulties.
>>>>>
>>>>> Try waiting a few minutes and reloading.
>>>>>
>>>>> *(Cannot access the database: Access denied for user
>>>>> 'admin_ssl'(a)'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
>>>>> <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using
password:
>>>> YES)
>>>>> (
db.example.com <http://db.example.com>))*
>>>>>
>>>>> You can try searching via Google in the meantime.
>>>>> Note that their indexes of our content may be out of date.
>>>>>
>>>>> JF Wiki WWW
>>>>>
>>>>> This is what the grant for the user looks like in the database:
>>>>>
>>>>> MariaDB [(none)]> show grants for 'admin_ssl'@'
>>>>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com';
>>>>>
>>>>
>>
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>>>>> | Grants for
admin_ssl(a)ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
>> <javascript:;>
>>>>>
>>>>> |
>>>>>
>>>>
>>
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>>>>> | GRANT ALL PRIVILEGES ON *.*
TO 'admin_ssl'@'
>>>>> ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD
>>>>> '*somePasswordHash' REQUIRE SSL |
>>>>>
>>>>
>>
>
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>>> 1 row in set (0.00 sec)
>>>
>>> I was just wondering what I'd need to do to make this work!! All
>>> suggestions welcomed.
>>>
>>> Thanks,
>>> Tim
>>>
>>> --
>>> GPG me!!
>>>
>>> gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
>>> _______________________________________________
>>> MediaWiki-l mailing list
>>> To unsubscribe, go to:
>>>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
>
>
>
> --
> GPG me!!
>
> gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
>
>
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--
GPG me!!
gpg --keyserver
pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l