From 1a4c2c3dc90ffdbda635bd3c0c4fad1ef2d4f3b0 Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Thu, 6 Feb 2025 15:14:57 +0100 Subject: [PATCH] fix(ssl): fix MariaDB and MySQL need CA cert --- app/Actions/Database/StartMariadb.php | 17 +++++++++++++++++ app/Actions/Database/StartMysql.php | 19 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php index cd001ae45..f97d732c9 100644 --- a/app/Actions/Database/StartMariadb.php +++ b/app/Actions/Database/StartMariadb.php @@ -143,6 +143,7 @@ class StartMariadb $persistent_storages ); } + if (count($persistent_file_volumes) > 0) { $docker_compose['services'][$container_name]['volumes'] = array_merge( $docker_compose['services'][$container_name]['volumes'], @@ -151,6 +152,21 @@ class StartMariadb })->toArray() ); } + + if ($this->database->enable_ssl) { + $docker_compose['services'][$container_name]['volumes'] = array_merge( + $docker_compose['services'][$container_name]['volumes'] ?? [], + [ + [ + 'type' => 'bind', + 'source' => '/data/coolify/ssl/coolify-ca.crt', + 'target' => '/etc/mysql/certs/ca.crt', + 'read_only' => true, + ], + ] + ); + } + if (! is_null($this->database->mariadb_conf) || ! empty($this->database->mariadb_conf)) { $docker_compose['services'][$container_name]['volumes'] = array_merge( $docker_compose['services'][$container_name]['volumes'], @@ -173,6 +189,7 @@ class StartMariadb 'mysqld', '--ssl-cert=/etc/mysql/certs/server.crt', '--ssl-key=/etc/mysql/certs/server.key', + '--ssl-ca=/etc/mysql/certs/ca.crt', '--require-secure-transport=1', ]; } diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php index b7b18361e..cbdda3381 100644 --- a/app/Actions/Database/StartMysql.php +++ b/app/Actions/Database/StartMysql.php @@ -118,6 +118,7 @@ class StartMysql ], ], ]; + if (! is_null($this->database->limits_cpuset)) { data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset); } @@ -138,6 +139,7 @@ class StartMysql $persistent_storages ); } + if (count($persistent_file_volumes) > 0) { $docker_compose['services'][$container_name]['volumes'] = array_merge( $docker_compose['services'][$container_name]['volumes'] ?? [], @@ -146,9 +148,25 @@ class StartMysql })->toArray() ); } + if (count($volume_names) > 0) { $docker_compose['volumes'] = $volume_names; } + + if ($this->database->enable_ssl) { + $docker_compose['services'][$container_name]['volumes'] = array_merge( + $docker_compose['services'][$container_name]['volumes'] ?? [], + [ + [ + 'type' => 'bind', + 'source' => '/data/coolify/ssl/coolify-ca.crt', + 'target' => '/etc/mysql/certs/ca.crt', + 'read_only' => true, + ], + ] + ); + } + if (! is_null($this->database->mysql_conf) || ! empty($this->database->mysql_conf)) { $docker_compose['services'][$container_name]['volumes'] = array_merge( $docker_compose['services'][$container_name]['volumes'] ?? [], @@ -172,6 +190,7 @@ class StartMysql 'mysqld', '--ssl-cert=/etc/mysql/certs/server.crt', '--ssl-key=/etc/mysql/certs/server.key', + '--ssl-ca=/etc/mysql/certs/ca.crt', '--require-secure-transport=1', ]; }