Created
October 5, 2019 21:38
-
-
Save joachimtingvold/7d3e1c36cb1d76f6943e3a6c052590de to your computer and use it in GitHub Desktop.
Seafile MySQL SSL (v3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/conf/ccnet.conf b/conf/ccnet.conf | |
index 11f7dfe..cd0099e 100644 | |
--- a/conf/ccnet.conf | |
+++ b/conf/ccnet.conf | |
@@ -15,4 +15,5 @@ USER = seafile1 | |
PASSWD = secret | |
DB = seafile1-ccnet | |
CONNECTION_CHARSET = utf8 | |
+USE_SSL = true | |
diff --git a/conf/seafevents.conf b/conf/seafevents.conf | |
index eb88b34..0c07aa1 100644 | |
--- a/conf/seafevents.conf | |
+++ b/conf/seafevents.conf | |
@@ -5,7 +5,7 @@ port = 3306 | |
username = seafile1 | |
password = secret | |
name = seafile1-seahub | |
- | |
+ssl_ca = /usr/local/share/ca-certificates/ca.crt | |
[AUDIT] | |
diff --git a/conf/seafile.conf b/conf/seafile.conf | |
index 5315903..5645034 100644 | |
--- a/conf/seafile.conf | |
+++ b/conf/seafile.conf | |
@@ -9,4 +9,6 @@ user = seafile1 | |
password = secret | |
db_name = seafile1-seafile | |
connection_charset = utf8 | |
+use_ssl = true | |
+ssl_ca = /usr/local/share/ca-certificates/ca.crt | |
diff --git a/conf/seahub_settings.py b/conf/seahub_settings.py | |
index 375dd95..b85a062 100755 | |
--- a/conf/seahub_settings.py | |
+++ b/conf/seahub_settings.py | |
@@ -8,7 +8,8 @@ DATABASES = { | |
'USER': 'seafile1', | |
'PASSWORD': 'secret', | |
'HOST': 'foo.bar.com', | |
- 'PORT': '3306' | |
+ 'PORT': '3306', | |
+ 'OPTIONS': { 'ssl': { 'ca': '/usr/local/share/ca-certificates/ca.crt' } } | |
} | |
} | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
index c550e07..af28a90 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/repo_data/db.py | |
@@ -31,6 +31,7 @@ def create_engine_from_conf(config_file): | |
db_username = seaf_conf.get('database', 'user') | |
db_passwd = seaf_conf.get('database', 'password') | |
db_name = seaf_conf.get('database', 'db_name') | |
+ ssl_ca = seaf_conf.get('database', 'ssl_ca') | |
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % \ | |
(db_username, quote_plus(db_passwd), | |
db_server, db_port, db_name) | |
@@ -39,6 +40,10 @@ def create_engine_from_conf(config_file): | |
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False) | |
+ if ssl_ca: | |
+ ssl = { 'ssl': { 'ca': ssl_ca } } | |
+ kwargs['connect_args'] = ssl | |
+ | |
engine = create_engine(db_url, **kwargs) | |
if not has_event_listener(Pool, 'checkout', ping_connection): | |
# We use has_event_listener to double check in case we call create_engine | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
index 4c51ce7..dce46fa 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafes/seafes_data/db.py | |
@@ -37,14 +37,20 @@ class db(object): | |
self.db_username = seaf_conf.get('database', 'user') | |
self.db_passwd = seaf_conf.get('database', 'password') | |
self.db_name = seaf_conf.get('database', 'db_name') | |
+ self.ssl_ca = seaf_conf.get('database', 'ssl_ca') | |
else: | |
raise RuntimeError("Unknown Database backend: %s" % backend) | |
def connection(self): | |
# use seafile conf to connection seafile database | |
+ kwargs = dict() | |
+ if self.ssl_ca: | |
+ ssl = { 'ca': self.ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
+ | |
conn = MySQLdb.connect(host=self.db_server, port=self.db_port, | |
user=self.db_username, passwd=self.db_passwd, | |
- db=self.db_name) | |
+ db=self.db_name, **kwargs) | |
self.cur = conn.cursor() | |
def query(self, cmd, param=None): | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
index e70c496..63b10a2 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/db.py | |
@@ -70,6 +70,7 @@ def create_engine_from_conf(config_file, db = 'seafevent'): | |
username = config.get(db_sec, user) | |
passwd = config.get(db_sec, 'password') | |
dbname = config.get(db_sec, db_name) | |
+ ssl_ca = config.get(db_sec, 'ssl_ca') | |
db_url = "mysql+mysqldb://%s:%s@%s:%s/%s?charset=utf8" % (username, quote_plus(passwd), host, port, dbname) | |
logger.info('[seafevents] database: mysql, name: %s', dbname) | |
elif backend == 'oracle': | |
@@ -97,6 +98,10 @@ def create_engine_from_conf(config_file, db = 'seafevent'): | |
# for too long. | |
kwargs = dict(pool_recycle=300, echo=False, echo_pool=False) | |
+ if ssl_ca: | |
+ ssl = { 'ssl': { 'ca': ssl_ca } } | |
+ kwargs['connect_args'] = ssl | |
+ | |
engine = create_engine(db_url, **kwargs) | |
if need_connection_pool_fix and not has_event_listener(Pool, 'checkout', ping_connection): | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
index 1087dfd..ca24162 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/ldap_syncer/ldap_user_sync.py | |
@@ -92,10 +92,16 @@ class LdapUserSync(LdapSync): | |
return | |
db_passwd = db_infos.get('PASSWORD') | |
+ db_options = db_infos.get('OPTIONS') | |
+ kwargs = dict() | |
+ if db_options: | |
+ kwargs = db_options | |
+ | |
try: | |
self.db_conn = MySQLdb.connect(host=db_host, port=db_port, | |
user=db_user, passwd=db_passwd, | |
- db=db_name, charset='utf8') | |
+ db=db_name, charset='utf8', | |
+ **kwargs) | |
self.db_conn.autocommit(True) | |
self.cursor = self.db_conn.cursor() | |
except Exception as e: | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
index 3e1174b..eaf758a 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/db_oper.py | |
@@ -21,10 +21,16 @@ class DBOper(object): | |
try: | |
self.edb_session = scoped_session(settings.session_cls) | |
+ | |
+ kwargs = dict() | |
+ if settings.sdb_ssl_ca: | |
+ ssl = { 'ca': settings.sdb_ssl_ca } | |
+ kwargs = dict(ssl=ssl) | |
self.sdb_conn = MySQLdb.connect(host=settings.sdb_host, port=settings.sdb_port, | |
user=settings.sdb_user, passwd=settings.sdb_passwd, | |
- db=settings.sdb_name, charset=settings.sdb_charset) | |
+ db=settings.sdb_name, charset=settings.sdb_charset, | |
+ **kwargs) | |
self.sdb_conn.autocommit(True) | |
self.sdb_cursor = self.sdb_conn.cursor() | |
diff --git a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
index 84e8f6b..e57e692 100644 | |
--- a/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
+++ b/seafile-pro-server-7.0.9/pro/python/seafevents/virus_scanner/scan_settings.py | |
@@ -164,11 +164,14 @@ class Settings(object): | |
logger.info('mysql db name is not set in seafile conf, disable virus scan.') | |
return False | |
- if cfg.has_option('database', 'CONNECTION_CHARSET'): | |
- self.sdb_charset = cfg.get('database', 'CONNECTION_CHARSET') | |
+ if cfg.has_option('database', 'connection_charset'): | |
+ self.sdb_charset = cfg.get('database', 'connection_charset') | |
if not self.sdb_charset: | |
self.sdb_charset = 'utf8' | |
+ if cfg.has_option('database', 'ssl_ca'): | |
+ self.sdb_ssl_ca = cfg.get('database', 'ssl_ca') | |
+ | |
return True | |
def parse_send_mail_config(self, config_file): |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment