> > wgDBssl is a bool setting
Ok, thanks for that info! So this is the what I tried. ## Database settings $wgLBFactoryConf['class'] = 'LBFactorySimple'; $wgDBservers = ''; $wgDBtype = "mysql"; $wgDBserver = "xx.xx.xx"; $wgDBssl = 1; $wgDBname = "jfwiki"; $wgDBuser = "admin_ssl"; $wgDBpassword = "secret"; Bingo!! That one put me over the top. The wiki page comes up. Thanks for the help!! All set with SSL connections to the DB. Glad I found out how to do that. Tim On Sun, Jul 26, 2015 at 8:30 PM, John <[email protected]> wrote: > wgDBssl is a bool setting > > On Sunday, July 26, 2015, Tim Dunphy <[email protected]> wrote: > > > The database is actually load balanced behind HA/Proxy. I'm testing from > > one webserver currently, the other two web servers have been left out of > > the pool. > > > > The connection from the command line as well as the wiki site goes: > > > > web server -> lb1 -> db1 > > > > I can log into db1 from both the web server as well as the load balancer > > using the SSL account. > > > > I altered my connection string in LocalSettings.php so that it looks like > > this: > > > > ## Database settings > > $wgLBFactoryConf['class'] = 'LBFactorySimple'; > > $wgDBservers = ''; > > $wgDBtype = "mysql"; > > $wgDBserver = "db.example.com"; > > $wgDBssl = "db.example.com"; > > $wgDBname = "jfwiki"; > > $wgDBuser = "admini_ssl"; > > $wgDBpassword = "secret"; > > > > But I'm getting the same error that points to the load balancer IP in the > > error message: > > > > (Cannot access the database: Access denied for user 'admini_ssl'@' > > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' (using password: YES) ( > > db.example.com)) > > > > > > 'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' is the load balancer. > > > > Any ideas on why this is still happening? > > > > Thanks, > > TIm > > > > On Sun, Jul 26, 2015 at 7:27 PM, Tim Dunphy <[email protected] > > <javascript:;>> wrote: > > > > > https://www.mediawiki.org/wiki/Manual:$wgDBssl > > > > > > > > > Very cool! Thank you! I'll check this out! > > > > > > On Sun, Jul 26, 2015 at 3:37 AM, Benjamin Lees <[email protected] > > <javascript:;>> > > > wrote: > > > > > >> https://www.mediawiki.org/wiki/Manual:$wgDBssl > > >> > > >> On Sat, Jul 25, 2015 at 8:51 PM, Tim Dunphy <[email protected] > > <javascript:;>> wrote: > > >> > Hi all, > > >> > > > >> > I just added a remote database to my media wiki setup. I can > access > > >> the > > >> > database from the command line and using that info the wiki site > shows > > >> up > > >> > in a browser and works. > > >> > > > >> > But some of the data is sensitive so I need to add an ssl user to > > >> access > > >> > the database. > > >> > > > >> > If i add an ssl user to the db, I can also access it from the > command > > >> line > > >> > of the web server no problem: > > >> > > > >> > [root@ops:~] #mysql -uadmin_ssl -p -h db.example.com -e "SHOW > > >> DATABASES" > > >> > Enter password: > > >> > +--------------------+ > > >> > | Database | > > >> > +--------------------+ > > >> > | certs | > > >> > | information_schema | > > >> > | jfwiki | > > >> > | mysql | > > >> > | performance_schema | > > >> > +--------------------+ > > >> > > > >> > But with the ssl user in place in LocalSettings.php, I'm getting > this > > >> > response from the browser: > > >> > > > >> > Sorry! This site is experiencing technical difficulties. > > >> > > > >> > Try waiting a few minutes and reloading. > > >> > > > >> > *(Cannot access the database: Access denied for user > > >> > 'admin_ssl'@'ec2-xx-xx-xxx-xx.compute-1.amazonaws.com > > >> > <http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com>' (using password: > > >> YES) > > >> > (db.example.com <http://db.example.com>))* > > >> > > > >> > You can try searching via Google in the meantime. > > >> > Note that their indexes of our content may be out of date. > > >> > > > >> > JF Wiki WWW > > >> > > > >> > This is what the grant for the user looks like in the database: > > >> > > > >> > MariaDB [(none)]> show grants for 'admin_ssl'@' > > >> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com'; > > >> > > > >> > > > +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ > > >> > | Grants for [email protected] > > <javascript:;> > > >> > > > >> > | > > >> > > > >> > > > +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ > > >> > | GRANT ALL PRIVILEGES ON *.* TO 'admin_ssl'@' > > >> > ec2-xx-xx-xxx-xx.compute-1.amazonaws.com' IDENTIFIED BY PASSWORD > > >> > '*somePasswordHash' REQUIRE SSL | > > >> > > > >> > > > +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ > > >> > 1 row in set (0.00 sec) > > >> > > > >> > I was just wondering what I'd need to do to make this work!! All > > >> > suggestions welcomed. > > >> > > > >> > Thanks, > > >> > Tim > > >> > > > >> > -- > > >> > GPG me!! > > >> > > > >> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > >> > _______________________________________________ > > >> > MediaWiki-l mailing list > > >> > To unsubscribe, go to: > > >> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > > >> > > >> _______________________________________________ > > >> MediaWiki-l mailing list > > >> To unsubscribe, go to: > > >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > > >> > > > > > > > > > > > > -- > > > GPG me!! > > > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > > > > > > > > > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > _______________________________________________ > > MediaWiki-l mailing list > > To unsubscribe, go to: > > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > > > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
