Skip to content

Instantly share code, notes, and snippets.

@joachimtingvold

joachimtingvold/seafile_mysql_ssl_v1.diff

Created September 29, 2019 03:03
Show Gist options
  • Save joachimtingvold/339ec21a84e6797b3ca329e7d28cef5d to your computer and use it in GitHub Desktop.
Save joachimtingvold/339ec21a84e6797b3ca329e7d28cef5d to your computer and use it in GitHub Desktop.
Download ZIP
Seafile MySQL SSL (v1)
Raw
seafile_mysql_ssl_v1.diff
diff --git a/conf/ccnet.conf b/conf/ccnet.conf
index 11f7dfe..cd0099e 100644
--- a/conf/ccnet.conf
+++ b/conf/ccnet.conf
@@ -15,4 +15,5 @@ USER = seafile1
PASSWD = secret
DB = seafile1-ccnet
CONNECTION_CHARSET = utf8
+USE_SSL = true
diff --git a/conf/seafevents.conf b/conf/seafevents.conf
index eb88b34..0c07aa1 100644
--- a/conf/seafevents.conf
+++ b/conf/seafevents.conf
@@ -5,7 +5,7 @@ port = 3306
username = seafile1
password = secret
name = seafile1-seahub
-
+ssl_ca = /usr/local/share/ca-certificates/ca.crt
[AUDIT]
diff --git a/conf/seafile.conf b/conf/seafile.conf
index 5315903..5645034 100644
--- a/conf/seafile.conf
+++ b/conf/seafile.conf
@@ -9,4 +9,6 @@ user = seafile1
password = secret
db_name = seafile1-seafile
connection_charset = utf8
+use_ssl = true
+ssl_ca = /usr/local/share/ca-certificates/ca.crt
diff --git a/conf/seahub_settings.py b/conf/seahub_settings.py
index 375dd95..f9ea547 100755
--- a/conf/seahub_settings.py
+++ b/conf/seahub_settings.py
@@ -8,7 +8,8 @@ DATABASES = {
'USER': 'seafile1',
'PASSWORD': 'secret',
'HOST': 'foo.bar.com',
- 'PORT': '3306'
+ 'PORT': '3306',
+ 'OPTIONS': {'ssl': {'ca': '/usr/local/share/ca-certificates/ca.crt'}}
}
}
diff --git a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py
index c550e07..3210b92 100644
--- a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py
@@ -31,6 +31,7 @@ def create_engine_from_conf(config_file):
db_username = seaf_conf.get('database', 'user')
db_passwd = seaf_conf.get('database', 'password')
db_name = seaf_conf.get('database', 'db_name')
+ ssl_ca = seaf_conf.get('database', 'ssl_ca')
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % \
(db_username, quote_plus(db_passwd),
db_server, db_port, db_name)
@@ -39,6 +40,10 @@ def create_engine_from_conf(config_file):
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False)
+ if ssl_ca:
+ ssl = { 'ca': ssl_ca }
+ kwargs['ssl'] = ssl
+
engine = create_engine(db_url, **kwargs)
if not has_event_listener(Pool, 'checkout', ping_connection):
# We use has_event_listener to double check in case we call create_engine
diff --git a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py
index 4c51ce7..dce46fa 100644
--- a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py
@@ -37,14 +37,20 @@ class db(object):
self.db_username = seaf_conf.get('database', 'user')
self.db_passwd = seaf_conf.get('database', 'password')
self.db_name = seaf_conf.get('database', 'db_name')
+ self.ssl_ca = seaf_conf.get('database', 'ssl_ca')
else:
raise RuntimeError("Unknown Database backend: %s" % backend)
def connection(self):
# use seafile conf to connection seafile database
+ kwargs = dict()
+ if self.ssl_ca:
+ ssl = { 'ca': self.ssl_ca }
+ kwargs = dict(ssl=ssl)
+
conn = MySQLdb.connect(host=self.db_server, port=self.db_port,
user=self.db_username, passwd=self.db_passwd,
- db=self.db_name)
+ db=self.db_name, **kwargs)
self.cur = conn.cursor()
def query(self, cmd, param=None):
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py
index e70c496..15b5ee0 100644
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py
@@ -70,6 +70,7 @@ def create_engine_from_conf(config_file, db = 'seafevent'):
username = config.get(db_sec, user)
passwd = config.get(db_sec, 'password')
dbname = config.get(db_sec, db_name)
+ ssl_ca = config.get(db_sec, 'ssl_ca')
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % (username, quote_plus(passwd), host, port, dbname)
logger.info('[seafevents] database: mysql, name: %s', dbname)
elif backend == 'oracle':
@@ -97,6 +98,10 @@ def create_engine_from_conf(config_file, db = 'seafevent'):
# for too long.
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False)
+ if ssl_ca:
+ ssl = { 'ca': ssl_ca }
+ kwargs['ssl'] = ssl
+
engine = create_engine(db_url, **kwargs)
if need_connection_pool_fix and not has_event_listener(Pool, 'checkout', ping_connection):
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py
index 1087dfd..267bc95 100644
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py
@@ -92,10 +92,18 @@ class LdapUserSync(LdapSync):
return
db_passwd = db_infos.get('PASSWORD')
+ ssl_ca = db_infos.get('SSL_CA')
+ kwargs = dict()
+ if ssl_ca:
+ ssl = { 'ca': ssl_ca }
+ kwargs = dict(ssl=ssl)
+
try:
self.db_conn = MySQLdb.connect(host=db_host, port=db_port,
user=db_user, passwd=db_passwd,
- db=db_name, charset='utf8')
+ db=db_name, charset='utf8',
+ **kwargs)
self.db_conn.autocommit(True)
self.cursor = self.db_conn.cursor()
except Exception as e:
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py
index 3e1174b..5beab34 100644
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py
@@ -21,10 +21,17 @@ class DBOper(object):
try:
self.edb_session = scoped_session(settings.session_cls)
+
+ kwargs = dict()
+ if settings.sdb_ssl_ca:
+ ssl = { 'ca': settings.sdb_ssl_ca }
+ kwargs = dict(ssl=ssl)
self.sdb_conn = MySQLdb.connect(host=settings.sdb_host, port=settings.sdb_port,
user=settings.sdb_user, passwd=settings.sdb_passwd,
- db=settings.sdb_name, charset=settings.sdb_charset)
+ db=settings.sdb_name, charset=settings.sdb_charset,
+ **kwargs)
self.sdb_conn.autocommit(True)
self.sdb_cursor = self.sdb_conn.cursor()
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py
index 84e8f6b..e57e692 100644
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py
@@ -164,11 +164,14 @@ class Settings(object):
logger.info('mysql db name is not set in seafile conf, disable virus scan.')
return False
- if cfg.has_option('database', 'CONNECTION_CHARSET'):
- self.sdb_charset = cfg.get('database', 'CONNECTION_CHARSET')
+ if cfg.has_option('database', 'connection_charset'):
+ self.sdb_charset = cfg.get('database', 'connection_charset')
if not self.sdb_charset:
self.sdb_charset = 'utf8'
+ if cfg.has_option('database', 'ssl_ca'):
+ self.sdb_ssl_ca = cfg.get('database', 'ssl_ca')
+
return True
def parse_send_mail_config(self, config_file):
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment