Do you know what version of MySQL server is in use? My understanding is that the MySQL JDBC driver will automatically use TLS to connect to any MySQL server configured to use TLS, with the exception of very old versions of MySQL.
- Mike On Thu, Mar 5, 2020, 17:39 Marcus Adams <[email protected]> wrote: > Background > Apache guacamole running under docker using the default guacamole images. > External Microsoft Azure-managed MySQL database. > Azure by default requires SSL connections to the managed db service. > This can be disabled but that is not an option for this environment. > Settings > Docker-compose.yml has the following section: > > environment: > - "GUACD_HOSTNAME=127.0.0.1" > - "GUACD_PORT=4822" > - "MYSQL_PORT=3306" > - "MYSQL_DATABASE=guacamole" > - "GUACAMOLE_HOME=/data" > - "MYSQL_USER=******************" > - "MYSQL_PASSWORD=******************" > - "MYSQL_HOSTNAME=******************" > Issue > With it enabled in Azure I get the following: > > guacamole | 09:34:53.998 [http-nio-8080-exec-5] WARN > o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider > has encountered an internal error which will halt the authentication > process. If this is unexpected or you are the developer of this > authentication provider, you may wish to enable debug-level logging. If > this is expected and you wish to ignore such failures in the future, please > set "skip-if-unavailable: mysql" within your guacamole.properties. > guacamole | 09:34:53.999 [http-nio-8080-exec-5] ERROR > o.a.g.rest.RESTExceptionMapper - Unexpected internal error: > guacamole | ### Error querying database. Cause: java.sql.SQLException: > SSL connection is required. Please specify SSL options and retry. > guacamole | ### The error may exist in > org/apache/guacamole/auth/jdbc/user/UserMapper.xml > guacamole | ### The error may involve > org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne > guacamole | ### The error occurred while executing a query > guacamole | ### Cause: java.sql.SQLException: SSL connection is > required. Please specify SSL options and retry. > I know that (outside of docker) if i do a mysql client command line > connection I can use the option --ssl and then everything connects ok. > > But as i’m very new to docker I’m stumped as to how to set that option in > my docker-compose file. > > And my google fu has failed me and is taking me down rabbit holes about > TLS access to the docker containers or setting https for websites. > > How do I enable the mysql connection to use ssl in my docker-compose.yml? > Regards > Marcus > >
