HOWTO: Use TLS with an External MySQL DB from CloudBolt

HOWTO: Use TLS with an External MySQL DB from CloudBolt

  1. On your MySQL Server, edit /etc/my.cnf to make sure SSL is setup:

    require_secure_transport = on
    ssl-ca=/var/lib/mysql/ca.pem
    ssl-cert=/var/lib/mysql/server-cert.pem
    ssl-key=/var/lib/mysql/server-key.pem
  2. Restart the MySQL service on your MySQL Server.

  3. Unless you've generated your own server ca, key, and cert, copy the following files from the /var/lib/mysql/ dir to /var/opt/cloudbolt/proserv/db/ on your CloudBolt server.

    • /var/lib/mysql/server-cert.pem
    • /var/lib/mysql/server-key.pem
    • /var/lib/mysql/ca.pem
  4. Edit the database connection info in /opt/cloudbolt/settings_local.py so the ssl options refer to the files copied in the previous step:

    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.mysql',
            'NAME': 'cloudbolt',
            'USER': 'your_db_username',
            'PASSWORD': 'your_db_password',
            'HOST': 'your_db_host',
            'PORT': 'your_db_port',
            'OPTIONS': { 'ssl': {
                    'ca': '/var/opt/cloudbolt/proserv/db/ca.pem',
                    'cert': '/var/opt/cloudbolt/proserv/db/server-cert.pem',
                    'key': '/var/opt/cloudbolt/proserv/db/server-key.pem'
                }
            }
        }
    }
  5. If necessary, add the key value pair 'verify-server-cert': 'yes' to the above options (after/under 'key') to enable SSL server name authentication.

  6. Restart httpd on your CloudBolt server.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.