Hi,
is it possible to make a ssl connection to mariadb application running on NS8?
If so, could you please guide me a little bit how to accomplis this?
Thanks
I didn’t test it but it should be possible.
The ns8-mariadb app has a volume mysql-conf.d for additional configurations which can be used to put the certs and configs there (hopefully)
[root@ns8rockytest ~]# runagent -m mariadb2
runagent: [INFO] starting bash -l
runagent: [INFO] working directory: /home/mariadb2/.config/state
[mariadb2@ns8rockytest state]$ podman volume ls
DRIVER VOLUME NAME
local mysql-conf.d
To get the volume directory:
[mariadb2@ns8rockytest state]$ podman volume inspect mysql-conf.d --format "{{.Mountpoint}}"
/home/mariadb2/.local/share/containers/storage/volumes/mysql-conf.d/_data
Here’s a tutorial to setup SSL for mariadb: https://www.cyberciti.biz/faq/how-to-setup-mariadb-ssl-and-secure-connections-from-clients/
Certificates need to be created (in the volume directory) as explained in the tutorial from step 4 onwards.
A file named for example include.cnf including the ssl options (pointing to the certs created in the previous step) for both, server and client as explained in step 7 of the turorial needs to be created in the volume directory.
podman unshare nano $(podman volume inspect mysql-conf.d --format "{{.Mountpoint}}")/include.conf
Restart the service to apply the config (just to be sure)
systemctl --user restart mariadb
Link to mariadb docs including more options like verify ssl cert: Securing Connections for Client and Server - MariaDB Knowledge Base
Thanks for the advice. Our database developer has since found a solution that doesn’t necessarily require ssl access to mariadb as he initially requested, so I don’t have to deal with it urgently. Maybe I’ll try later. Thanks anyway.
1 Like