ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-11-04 17:35:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Include SSL Options for MySQL

Browse Source
This commit is contained in:
Jonathon Aroutsidis
2025-10-08 10:57:58 +11:00
parent 6b00adf8b9
commit e34206b526
3 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/db.js
View File

@@ -22,6 +22,7 @@ const generateDbConfig = () => {
password: cfg.password, password: cfg.password,
database: cfg.name, database: cfg.name,
port: cfg.port, port: cfg.port,
...(cfg.ssl ? { ssl: cfg.ssl } : {})
}, },
migrations: { migrations: {
tableName: "migrations", tableName: "migrations",

6
backend/lib/config.js
View File

@@ -31,9 +31,14 @@ const configure = () => {
} }
} }
const toBool = v => /^(1|true|yes|on)$/i.test((v || '').trim());
const envMysqlHost = process.env.DB_MYSQL_HOST || null; const envMysqlHost = process.env.DB_MYSQL_HOST || null;
const envMysqlUser = process.env.DB_MYSQL_USER || null; const envMysqlUser = process.env.DB_MYSQL_USER || null;
const envMysqlName = process.env.DB_MYSQL_NAME || null; const envMysqlName = process.env.DB_MYSQL_NAME || null;
const envMysqlSSL = toBool(process.env.DB_MYSQL_SSL);
const envMysqlSSLRejectUnauthorized = process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED === undefined ? true : toBool(process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED);
const envMysqlSSLVerifyIdentity = process.env.DB_MYSQL_SSL_VERIFY_IDENTITY === undefined ? true : toBool(process.env.DB_MYSQL_SSL_VERIFY_IDENTITY);
if (envMysqlHost && envMysqlUser && envMysqlName) { if (envMysqlHost && envMysqlUser && envMysqlName) {
// we have enough mysql creds to go with mysql // we have enough mysql creds to go with mysql
logger.info("Using MySQL configuration"); logger.info("Using MySQL configuration");
@@ -45,6 +50,7 @@ const configure = () => {
user: envMysqlUser, user: envMysqlUser,
password: process.env.DB_MYSQL_PASSWORD, password: process.env.DB_MYSQL_PASSWORD,
name: envMysqlName, name: envMysqlName,
ssl: envMysqlSSL ? { rejectUnauthorized: envMysqlSSLRejectUnauthorized, verifyIdentity: envMysqlSSLVerifyIdentity } : false,
}, },
keys: getKeys(), keys: getKeys(),
}; };

14
docs/src/setup/index.md
View File

@@ -75,6 +75,10 @@ services:
DB_MYSQL_USER: "npm" DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "npm" DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_NAME: "npm" DB_MYSQL_NAME: "npm"
# Optional SSL (see section below)
# DB_MYSQL_SSL: 'true'
# DB_MYSQL_SSL_REJECT_UNAUTHORIZED: 'true'
# DB_MYSQL_SSL_VERIFY_IDENTITY: 'true'
# Uncomment this if IPv6 is not enabled on your host # Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true' # DISABLE_IPV6: 'true'
volumes: volumes:
@@ -102,6 +106,16 @@ Please note, that `DB_MYSQL_*` environment variables will take precedent over `D
::: :::
### Optional: MySQL / MariaDB SSL
You can enable TLS for the MySQL/MariaDB connection with these environment variables:
- DB_MYSQL_SSL: Enable SSL when set to true. If unset or false, SSL disabled (previous default behaviour).
- DB_MYSQL_SSL_REJECT_UNAUTHORIZED: (default: true) Validate the server certificate chain. Set to false to allow selfsigned/unknown CA.
- DB_MYSQL_SSL_VERIFY_IDENTITY: (default: true) Performs host name / identity verification.
Enabling SSL using a self-signed cert (not recommended for production).
## Using Postgres database ## Using Postgres database
Similar to the MySQL server setup: Similar to the MySQL server setup: