Include SSL Options for MySQL

2025-11-04 17:35:15 +00:00 · 2025-10-08 10:57:58 +11:00
parent 6b00adf8b9
commit e34206b526
3 changed files with 23 additions and 2 deletions
--- a/backend/db.js
+++ b/backend/db.js
@@ -21,7 +21,8 @@ const generateDbConfig = () => {
 			user: cfg.user,
 			password: cfg.password,
 			database: cfg.name,
-			port: cfg.port,
+			port:     cfg.port,
+			...(cfg.ssl ? { ssl: cfg.ssl } : {})
 		},
 		migrations: {
 			tableName: "migrations",
--- a/backend/lib/config.js
+++ b/backend/lib/config.js
@@ -31,9 +31,14 @@ const configure = () => {
 		}
 	}

+	const toBool = v => /^(1|true|yes|on)$/i.test((v || '').trim());
+
 	const envMysqlHost = process.env.DB_MYSQL_HOST || null;
 	const envMysqlUser = process.env.DB_MYSQL_USER || null;
 	const envMysqlName = process.env.DB_MYSQL_NAME || null;
+	const envMysqlSSL = toBool(process.env.DB_MYSQL_SSL);
+	const envMysqlSSLRejectUnauthorized = process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED === undefined ? true : toBool(process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED);
+	const envMysqlSSLVerifyIdentity = process.env.DB_MYSQL_SSL_VERIFY_IDENTITY === undefined ? true : toBool(process.env.DB_MYSQL_SSL_VERIFY_IDENTITY);
 	if (envMysqlHost && envMysqlUser && envMysqlName) {
 		// we have enough mysql creds to go with mysql
 		logger.info("Using MySQL configuration");
@@ -44,7 +49,8 @@ const configure = () => {
 				port: process.env.DB_MYSQL_PORT || 3306,
 				user: envMysqlUser,
 				password: process.env.DB_MYSQL_PASSWORD,
-				name: envMysqlName,
+				name:     envMysqlName,
+				ssl: envMysqlSSL ? { rejectUnauthorized: envMysqlSSLRejectUnauthorized, verifyIdentity: envMysqlSSLVerifyIdentity } : false,
 			},
 			keys: getKeys(),
 		};