New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add FAQ for how to use SSL connections to MySQL #12636
Comments
For reference, my config looked like this using the AWS RDS version of MySQL:
Where |
Good to know @fitzoh, guess the faq should have links to cloud provider docs, maybe AWS, Azure & Google (if required for Google). |
Thanks @diosmosis @fitzoh
What do you mean by this @diosmosis ? |
Details for the following:
I think cloud providers require less setup than using a self signed certificate. Might be one or two settings, could link to their pages, eg: AWS: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport
If the MySQL server requires ssl connections, then you can't install Matomo through the UI, since there will be no config.ini.php to store the SSL options. New fields would have to be added to the db setup page (and maybe a file uploader for the certificate files). But I don't think this is super important, azure, eg, will let you require ssl later. |
@diosmosis I just wasted more than an hour until I found this -.- Could you please make that more explicit in the FAQ or even better provide full support for a secure-by-default setup? 😠 |
Hi @hameno, sorry it took you more than an hour to search for this. I can add more details to the faq, but I'm not in charge of prioritizing work in matomo, so I can't say if/when installing w/ an SSL connection to mysql will be supported. |
Updated the FAQ https://matomo.org/faq/how-to-install/faq_26273/ with:
@hameno feel free to create a new issue here to add support for installing over SSL (although we won't work on it anytime soon, there may be someone else who is interested and creates a pull request, which we would then review and try to merge) |
After adding the FAQ, change the link in
DbOverSSLCheck.php
.Steps to using an SSL connection to MySQL include:
[database]
section, set thessl_cert
,ssl_key
,ssl_ca
to absolute paths to the required files (and make sure PHP can read those files or you'll get strange MySQL errors)ssl_cipher
to your desired cipherssl_no_verify
option to1
.Not sure if this is accurate for cloud providers, and this doesn't work if the MySQL instance requires SSL, since in that case you won't be able to actually install Piwik (at least not through the web UI). We should add links to the cloud provider docs for obtaining required files as well.
Refs #10866
The text was updated successfully, but these errors were encountered: