Created
September 29, 2019 03:03
-
-
Save joachimtingvold/339ec21a84e6797b3ca329e7d28cef5d to your computer and use it in GitHub Desktop.
Seafile MySQL SSL (v1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/conf/ccnet.conf b/conf/ccnet.conf | |
index 11f7dfe..cd0099e 100644 | |
--- a/conf/ccnet.conf | |
+++ b/conf/ccnet.conf | |
@@ -15,4 +15,5 @@ USER = seafile1 | |
PASSWD = secret | |
DB = seafile1-ccnet | |
CONNECTION_CHARSET = utf8 | |
+USE_SSL = true | |
diff --git a/conf/seafevents.conf b/conf/seafevents.conf | |
index eb88b34..0c07aa1 100644 | |
--- a/conf/seafevents.conf | |
+++ b/conf/seafevents.conf | |
@@ -5,7 +5,7 @@ port = 3306 | |
username = seafile1 | |
password = secret | |
name = seafile1-seahub | |
- | |
+ssl_ca = /usr/local/share/ca-certificates/ca.crt | |
[AUDIT] | |
diff --git a/conf/seafile.conf b/conf/seafile.conf | |
index 5315903..5645034 100644 | |
--- a/conf/seafile.conf | |
+++ b/conf/seafile.conf | |
@@ -9,4 +9,6 @@ user = seafile1 | |
password = secret | |
db_name = seafile1-seafile | |
connection_charset = utf8 | |
+use_ssl = true | |
+ssl_ca = /usr/local/share/ca-certificates/ca.crt | |
diff --git a/conf/seahub_settings.py b/conf/seahub_settings.py | |
index 375dd95..f9ea547 100755 | |
--- a/conf/seahub_settings.py | |
+++ b/conf/seahub_settings.py | |
@@ -8,7 +8,8 @@ DATABASES = { | |
'USER': 'seafile1', | |
'PASSWORD': 'secret', | |
'HOST': 'foo.bar.com', | |
- 'PORT': '3306' | |
+ 'PORT': '3306', | |
+ 'OPTIONS': {'ssl': {'ca': '/usr/local/share/ca-certificates/ca.crt'}} | |
} | |
} | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
index c550e07..3210b92 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
@@ -31,6 +31,7 @@ def create_engine_from_conf(config_file): | |
db_username = seaf_conf.get('database', 'user') | |
db_passwd = seaf_conf.get('database', 'password') | |
db_name = seaf_conf.get('database', 'db_name') | |
+ ssl_ca = seaf_conf.get('database', 'ssl_ca') | |
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % \ | |
(db_username, quote_plus(db_passwd), | |
db_server, db_port, db_name) | |
@@ -39,6 +40,10 @@ def create_engine_from_conf(config_file): | |
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False) | |
+ if ssl_ca: | |
+ ssl = { 'ca': ssl_ca } | |
+ kwargs['ssl'] = ssl | |
+ | |
engine = create_engine(db_url, **kwargs) | |
if not has_event_listener(Pool, 'checkout', ping_connection): | |
# We use has_event_listener to double check in case we call create_engine | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
index 4c51ce7..dce46fa 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
@@ -37,14 +37,20 @@ class db(object): | |
self.db_username = seaf_conf.get('database', 'user') | |
self.db_passwd = seaf_conf.get('database', 'password') | |
self.db_name = seaf_conf.get('database', 'db_name') | |
+ self.ssl_ca = seaf_conf.get('database', 'ssl_ca') | |
else: | |
raise RuntimeError("Unknown Database backend: %s" % backend) | |
def connection(self): | |
# use seafile conf to connection seafile database | |
+ kwargs = dict() | |
+ if self.ssl_ca: | |
+ ssl = { 'ca': self.ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
+ | |
conn = MySQLdb.connect(host=self.db_server, port=self.db_port, | |
user=self.db_username, passwd=self.db_passwd, | |
- db=self.db_name) | |
+ db=self.db_name, **kwargs) | |
self.cur = conn.cursor() | |
def query(self, cmd, param=None): | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
index e70c496..15b5ee0 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
@@ -70,6 +70,7 @@ def create_engine_from_conf(config_file, db = 'seafevent'): | |
username = config.get(db_sec, user) | |
passwd = config.get(db_sec, 'password') | |
dbname = config.get(db_sec, db_name) | |
+ ssl_ca = config.get(db_sec, 'ssl_ca') | |
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % (username, quote_plus(passwd), host, port, dbname) | |
logger.info('[seafevents] database: mysql, name: %s', dbname) | |
elif backend == 'oracle': | |
@@ -97,6 +98,10 @@ def create_engine_from_conf(config_file, db = 'seafevent'): | |
# for too long. | |
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False) | |
+ if ssl_ca: | |
+ ssl = { 'ca': ssl_ca } | |
+ kwargs['ssl'] = ssl | |
+ | |
engine = create_engine(db_url, **kwargs) | |
if need_connection_pool_fix and not has_event_listener(Pool, 'checkout', ping_connection): | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
index 1087dfd..267bc95 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
@@ -92,10 +92,18 @@ class LdapUserSync(LdapSync): | |
return | |
db_passwd = db_infos.get('PASSWORD') | |
+ ssl_ca = db_infos.get('SSL_CA') | |
+ kwargs = dict() | |
+ if ssl_ca: | |
+ ssl = { 'ca': ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
+ | |
try: | |
self.db_conn = MySQLdb.connect(host=db_host, port=db_port, | |
user=db_user, passwd=db_passwd, | |
- db=db_name, charset='utf8') | |
+ db=db_name, charset='utf8', | |
+ **kwargs) | |
self.db_conn.autocommit(True) | |
self.cursor = self.db_conn.cursor() | |
except Exception as e: | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
index 3e1174b..5beab34 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
@@ -21,10 +21,17 @@ class DBOper(object): | |
try: | |
self.edb_session = scoped_session(settings.session_cls) | |
+ | |
+ kwargs = dict() | |
+ if settings.sdb_ssl_ca: | |
+ ssl = { 'ca': settings.sdb_ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
self.sdb_conn = MySQLdb.connect(host=settings.sdb_host, port=settings.sdb_port, | |
user=settings.sdb_user, passwd=settings.sdb_passwd, | |
- db=settings.sdb_name, charset=settings.sdb_charset) | |
+ db=settings.sdb_name, charset=settings.sdb_charset, | |
+ **kwargs) | |
self.sdb_conn.autocommit(True) | |
self.sdb_cursor = self.sdb_conn.cursor() | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
index 84e8f6b..e57e692 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
@@ -164,11 +164,14 @@ class Settings(object): | |
logger.info('mysql db name is not set in seafile conf, disable virus scan.') | |
return False | |
- if cfg.has_option('database', 'CONNECTION_CHARSET'): | |
- self.sdb_charset = cfg.get('database', 'CONNECTION_CHARSET') | |
+ if cfg.has_option('database', 'connection_charset'): | |
+ self.sdb_charset = cfg.get('database', 'connection_charset') | |
if not self.sdb_charset: | |
self.sdb_charset = 'utf8' | |
+ if cfg.has_option('database', 'ssl_ca'): | |
+ self.sdb_ssl_ca = cfg.get('database', 'ssl_ca') | |
+ | |
return True | |
def parse_send_mail_config(self, config_file): |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment