Last active
October 5, 2019 21:59
-
-
Save joachimtingvold/6983184b0b8703050a5b08e754c3ef94 to your computer and use it in GitHub Desktop.
Seafile MySQL SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff a/conf/ccnet.conf b/conf/ccnet.conf | |
--- a/conf/ccnet.conf | |
+++ b/conf/ccnet.conf | |
@@ -15,4 +15,5 @@ USER = seafile1 | |
PASSWD = secret | |
DB = seafile1-ccnet | |
CONNECTION_CHARSET = utf8 | |
+USE_SSL = true | |
diff a/conf/seafevents.conf b/conf/seafevents.conf | |
--- a/conf/seafevents.conf | |
+++ b/conf/seafevents.conf | |
@@ -5,7 +5,7 @@ port = 3306 | |
username = seafile1 | |
password = secret | |
name = seafile1-seahub | |
- | |
+ssl_ca = /usr/local/share/ca-certificates/ca.crt | |
[AUDIT] | |
diff a/conf/seafile.conf b/conf/seafile.conf | |
--- a/conf/seafile.conf | |
+++ b/conf/seafile.conf | |
@@ -9,4 +9,6 @@ user = seafile1 | |
password = secret | |
db_name = seafile1-seafile | |
connection_charset = utf8 | |
+use_ssl = true | |
+ssl_ca = /usr/local/share/ca-certificates/ca.crt | |
diff a/conf/seahub_settings.py b/conf/seahub_settings.py | |
--- a/conf/seahub_settings.py | |
+++ b/conf/seahub_settings.py | |
@@ -8,7 +8,8 @@ DATABASES = { | |
'USER': 'seafile1', | |
'PASSWORD': 'secret', | |
'HOST': 'foo.bar.com', | |
- 'PORT': '3306' | |
+ 'PORT': '3306', | |
+ 'OPTIONS': { 'ssl': { 'ca': '/usr/local/share/ca-certificates/ca.crt' } } | |
} | |
} | |
diff a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
--- a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
@@ -31,6 +31,7 @@ def create_engine_from_conf(config_file): | |
db_username = seaf_conf.get('database', 'user') | |
db_passwd = seaf_conf.get('database', 'password') | |
db_name = seaf_conf.get('database', 'db_name') | |
+ ssl_ca = seaf_conf.get('database', 'ssl_ca') | |
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % \ | |
(db_username, quote_plus(db_passwd), | |
db_server, db_port, db_name) | |
@@ -39,6 +40,10 @@ def create_engine_from_conf(config_file): | |
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False) | |
+ if ssl_ca: | |
+ ssl = { 'ssl': { 'ca': ssl_ca } } | |
+ kwargs['connect_args'] = ssl | |
+ | |
engine = create_engine(db_url, **kwargs) | |
if not has_event_listener(Pool, 'checkout', ping_connection): | |
# We use has_event_listener to double check in case we call create_engine | |
diff a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
--- a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
@@ -37,14 +37,20 @@ class db(object): | |
self.db_username = seaf_conf.get('database', 'user') | |
self.db_passwd = seaf_conf.get('database', 'password') | |
self.db_name = seaf_conf.get('database', 'db_name') | |
+ self.ssl_ca = seaf_conf.get('database', 'ssl_ca') | |
else: | |
raise RuntimeError("Unknown Database backend: %s" % backend) | |
def connection(self): | |
# use seafile conf to connection seafile database | |
+ kwargs = dict() | |
+ if self.ssl_ca: | |
+ ssl = { 'ca': self.ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
+ | |
conn = MySQLdb.connect(host=self.db_server, port=self.db_port, | |
user=self.db_username, passwd=self.db_passwd, | |
- db=self.db_name) | |
+ db=self.db_name, **kwargs) | |
self.cur = conn.cursor() | |
def query(self, cmd, param=None): | |
diff a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
@@ -70,6 +70,7 @@ def create_engine_from_conf(config_file, db = 'seafevent'): | |
username = config.get(db_sec, user) | |
passwd = config.get(db_sec, 'password') | |
dbname = config.get(db_sec, db_name) | |
+ ssl_ca = config.get(db_sec, 'ssl_ca') | |
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % (username, quote_plus(passwd), host, port, dbname) | |
logger.info('[seafevents] database: mysql, name: %s', dbname) | |
elif backend == 'oracle': | |
@@ -97,6 +98,10 @@ def create_engine_from_conf(config_file, db = 'seafevent'): | |
# for too long. | |
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False) | |
+ if ssl_ca: | |
+ ssl = { 'ssl': { 'ca': ssl_ca } } | |
+ kwargs['connect_args'] = ssl | |
+ | |
engine = create_engine(db_url, **kwargs) | |
if need_connection_pool_fix and not has_event_listener(Pool, 'checkout', ping_connection): | |
diff a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
@@ -92,10 +92,16 @@ class LdapUserSync(LdapSync): | |
return | |
db_passwd = db_infos.get('PASSWORD') | |
+ db_options = db_infos.get('OPTIONS') | |
+ kwargs = dict() | |
+ if db_options: | |
+ kwargs = db_options | |
+ | |
try: | |
self.db_conn = MySQLdb.connect(host=db_host, port=db_port, | |
user=db_user, passwd=db_passwd, | |
- db=db_name, charset='utf8') | |
+ db=db_name, charset='utf8', | |
+ **kwargs) | |
self.db_conn.autocommit(True) | |
self.cursor = self.db_conn.cursor() | |
except Exception as e: | |
diff a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
@@ -21,10 +21,16 @@ class DBOper(object): | |
try: | |
self.edb_session = scoped_session(settings.session_cls) | |
+ | |
+ kwargs = dict() | |
+ if settings.sdb_ssl_ca: | |
+ ssl = { 'ca': settings.sdb_ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
self.sdb_conn = MySQLdb.connect(host=settings.sdb_host, port=settings.sdb_port, | |
user=settings.sdb_user, passwd=settings.sdb_passwd, | |
- db=settings.sdb_name, charset=settings.sdb_charset) | |
+ db=settings.sdb_name, charset=settings.sdb_charset, | |
+ **kwargs) | |
self.sdb_conn.autocommit(True) | |
self.sdb_cursor = self.sdb_conn.cursor() | |
diff a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
@@ -164,11 +164,14 @@ class Settings(object): | |
logger.info('mysql db name is not set in seafile conf, disable virus scan.') | |
return False | |
- if cfg.has_option('database', 'CONNECTION_CHARSET'): | |
- self.sdb_charset = cfg.get('database', 'CONNECTION_CHARSET') | |
+ if cfg.has_option('database', 'connection_charset'): | |
+ self.sdb_charset = cfg.get('database', 'connection_charset') | |
if not self.sdb_charset: | |
self.sdb_charset = 'utf8' | |
+ if cfg.has_option('database', 'ssl_ca'): | |
+ self.sdb_ssl_ca = cfg.get('database', 'ssl_ca') | |
+ | |
return True | |
def parse_send_mail_config(self, config_file): |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment