-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #5344 Add the ability to provide and use a CA file for mysql servers with require_secure_transport=on
#5418
base: master
Are you sure you want to change the base?
Conversation
…ections with a mysql/mariadb server
… details on it's use
// Move CA file to the data directory | ||
if (dbConfig.caFilePath) { | ||
const dataCaFilePath = path.join(Database.dataDir, "mariadb-ca.pem"); | ||
fs.renameSync(dbConfig.caFilePath, dataCaFilePath); |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
user-provided value
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An alternate approach shall be , using a generic CA bundle : Eg: Mozilla. Then provide an env variable to override it, either as a path or the ca bundle content itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My first attempt at implementing this was to manage this entirely through environment variables but then I read from the contibuting.md the following:
I personally do not like something that requires a lot of configuration before you can finally start the app. The goal is to make the Uptime Kuma installation as easy as installing a mobile app.
And
Settings should be configurable in the frontend. Environment variables are discouraged, unless it is related to startup such as DATA_DIR
I believe this is something that should be configured through environment variables but if we want to respect the whishes of the maintainer, the user upload has to be there with all the complications it implies.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again just opinion :)
If we look at various feature requests for external Db, I believe it was not implemented early to keep the simplicity you quoted. A user base who may use a dedicated DB would be certainly having the knowledge and willingness to get it done, by reading docs and Configure As Code , even if there are efforts involved.
In that context, if we add a UI element, theoretically it is cluttering AND/OR complicating the experience of the user base who needs just out of the box experience.
On the other hand, if we do it via configuration those who need it can implement in a CAC fashion, hopefully it is efficient for those user base.
In a nutshell , if we do it via config, we may able to stretch the functionality without affecting the core slogan of simplicity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md#can-i-create-a-pull-request-for-uptime-kuma
Tick the checkbox if you understand [x]:
Description
Fixes #5344
This PR adds the following:
writeDBConfig
function has been modified to move a provided CA file (from either the environment variable or the setup through the UI) to a file namemariadb-ca.pem
inside the data directorydb-config.json
can now contains a new propertycaFilePath
with the path of the CA file to use when using secure connectionsconnect
function has been modified to use secure connections when the propertycaFilePath
is present in thedb-config.json
Type of change
Please delete any options that are not relevant.
Checklist
Screenshots (if any)