I have a Cakephp3.8 website, connected to a RDS database. I am trying to use an SSL database connection.
I got the pem certificate from AWS. I have created a test user with access to my database, and this user is set up to require SSL.
I can successfully connect to the database with my user from the command line:
mysql -u ssl-user -p -h xxxxx.xxxxx.ap-southeast-2.rds.amazonaws.com --ssl-ca=./rds-ca-2019-root.pem
I have set up my database connection in CakePHP as follows:
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'xxxxx.xxxxx.ap-southeast-2.rds.amazonaws.com',
'username' => 'sl-user',
'password' => 'xxxxxxx',
'database' => 'xxxxxxx',
'ssl_ca' => '/var/www/rds-ca-2019-root.pem',
'encoding' => 'utf8',
'timezone' => 'UTC',
'flags' => [],
'cacheMetadata' => true,
'log' => false,
'quoteIdentifiers' => true,
'url' => env('DATABASE_URL', null),
],
],
With the above setup I the connection fails and I get the following error:
Error: [PDOException] SQLSTATE[HY000] [2002]
Caused by: [PDOException] PDO::_construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_sertificate:certificate verify failed (/var/www/vendor/cakephp/cakephp/src/Database/Driver.php:92)
Any ideas why CakePHP can't connect?
Actually realised that the RDS server was running MariaDB 10.3.x. AWS provide specific docs for MariaDB: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.SSLSupport
The solution for me was to use the combined certificate:
https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Related
After starting a project (Laravel with Docker) according to https://laravel.com/docs/9.x/installation#getting-started-on-windows
There is a problem with DB_HOST in .env:
To perform artisan commands like php artisan migrate:fresh DB_HOST need to be set to 127.0.0.1 or localhost which makes sense to me.
But when displaying information on browser (localhost) DB_HOST need to be mysql, otherwise connection is refused.
Why would DB_HOST be set to mysql at all? How could I solve it so DB_HOST work for both cases?
.env
DB_CONNECTION=mysql
DB_HOST=127.0.0.1 || localhost || mysql(?)
DB_PORT=3306
B_DATABASE=tutorial
DB_USERNAME=sail
DB_PASSWORD=password
Database
'mysql' => [
'driver' => 'mysql',
'url' => env('DATABASE_URL'),
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '3306'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'unix_socket' => env('DB_SOCKET', ''),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => '',
'prefix_indexes' => true,
'strict' => true,
'engine' => null,
'options' => extension_loaded('pdo_mysql') ? array_filter([
PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
]) : [],
],
For me, the solution was to find the docker IP with:
dd(Request::ip());
That was not 127.0.0.1 but 172.18.0.1.
After that I configured .ENV file with:
DB_HOST=172.18.0.1
And run
php artisan migrate:refresh
from docker terminal(and NOT from local) and everything works OK
Unfortunately, I don't know how to explain why, I hope someone else can shed a little more light on the matter
I am trying to set up my CakePHP 3.8 project on a GCP "Compute Engine" VM.
I have set up my app.php to use the following DB configuration:
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'datasource' => 'Database/Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'user',
'password' => 'password',
'database' => 'dbname',
'prefix' => '',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
'log' => false,
'flags' => [
PDO::MYSQL_ATTR_INIT_COMMAND => "SET ##SESSION.sql_mode='';",
// uncomment below for use with Google Cloud SQL
PDO::MYSQL_ATTR_SSL_KEY => CONFIG.'ssl/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => CONFIG.'ssl/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => CONFIG.'ssl/server-ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
],
'cacheMetadata' => true,
'log' => false,
My problem happens when I try to run migrations. The site works just fine with the above configuration, however, if I run
$> php bin/cake.php migrations migrate
I get a slew of errors saying that it cannot connect, access denied for user#host.
If I add
'ssl_key' => CONFIG .'ssl/client-key.pem',
'ssl_cert' => CONFIG . 'ssl/client-cert.pem',
'ssl_ca' => CONFIG . 'ssl/server-ca.pem',
I get an error:
Caused by: [PDOException] PDO::__construct(): Peer certificate CN=`gcpname:gcpserver' did not match expected CN=`111.111.111.111' in /var/www/mydomain.com/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php on line 79
I guess this is because the migrations plugin still doesn't pass the flags or custom mysql_attr_* options over to the Phinx connection configuration, see this issue:
https://github.com/cakephp/migrations/issues/374
I don't think there's much that can be done here, other than adding support for flags / attribute options, or using Phinx directly (ie without the Migrations plugin).
I've pushed a PR that would add support for driver specific flags, you might want to give it a try and comment on the issue or the PR whether it works for you (it's for CakePHP 4.x (Migrations 3.x), I'll backport it for CakePHP 3.x (Migrations 2.x) in case it's being accepted):
https://github.com/cakephp/migrations/pull/478
I got a ubuntu docker container which runs php 5.5.9, laraverl 5.2 which can connect successfully to SQL Server and get results back.
The docker image I am using is https://hub.docker.com/r/h2labs/laravel-mssql/
The problem I got is that the server uses encryption and I cant find how to pass the following parameters to the laravel connection string for mssql
ENCRYPT=yes;trustServerCertificate=true
My SQL Server connection string at present looks like this
DB_CONNECTION=sqlsrv
DB_HOST=sql.mydomain.com
DB_PORT=1433
DB_DATABASE=mydbname
DB_USERNAME=mysusername
DB_PASSWORD=mypass
My laravel database config looks like this
'sqlsrv' => [
'driver' => 'sqlsrv',
'host' => env('DB_HOST', 'localhost'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'charset' => 'utf8',
'prefix' => '',
],
The SQL Server error log entry is
Encryption is required to connect to this server but the client library does not support encryption; the connection has been closed. Please upgrade your client library. [CLIENT: 103.31.114.56]
Support for either option was not introduced until Laravel 5.4; Specifically, v5.4.11
So you would first need to upgrade to laravel/framework:>=5.4.11,<5.5
Then, to configure your application, you will need to modify your config/database.php file as follows:
// ...
'sqlsrv' => [
'driver' => 'sqlsrv',
'host' => env('DB_HOST', 'localhost'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'charset' => 'utf8',
'prefix' => '',
'encrypt' => 'yes', // alternatively, defer to an env variable
'trust_server_certificate' => 'true', // alternatively, defer to an env variable
],
// ...
DatabaseServiceProvider, via ConnectionFactory and SqlServerConnector will use this to build the underlying PDO connection with those options set in the DSN.
I am getting error NOAUTH Authentication required.
My laravel version is 5.3 and I am using predis 1.1.1 to connect redis.
in etc/redis/redis.conf I have:
bind 127.0.0.1
requirepass somepassword
in .env file I have
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=somepassword
REDIS_PORT=6379
in config/database.php I have:
'redis' => [
'cluster' => false,
'default' => [
'host' => env('REDIS_HOST', '127.0.0.1'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => 0,
],
I am connecting redis via:
self::$_db = \Redis::connection('default');
and using it like:
self::$_db->pipeline(function ($pipe) use ($profile, $time,$type, $id) {
$pipe->zadd(self::getProfileKey($profile, $type), $time, $id);
$pipe->zadd(self::getProfileKey($profile), $time, $type . ':' . $id);
$pipe->zadd(self::getModelKey($type,$id) . '::favoritedBy', $time, $profile->profile_id);
});
So, when I comment out requirepass and send password as null it works but it does not work and throw error NOAUTH Authentication required. when the password is in place. I need to have password in place as per my project requirement. Please help. Thanks in advance.
So after some research, I got a solution for this issue:
We need to add:
'options' => [
'parameters' => ['password' => env('REDIS_PASSWORD', null)],
],
In config array. See complete example below: database.php
'redis' => [
'cluster' => false,
'default' => [
'host' => env('REDIS_HOST', '127.0.0.1'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => 3,
],
'options' => [
'parameters' => ['password' => env('REDIS_PASSWORD', null)],
],
],
In .env file:
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=mmdgreat
REDIS_PORT=6379
I solve it downgrading the predis! :D
composer require predis/predis:0.8.4
I'm using the Laravel 5.3 too! :)
I'm trying to test Laravel Amazon S3 on my localhost but keep getting the same error:
S3Exception in WrappedHttpHandler.php line 192: Error executing
"ListObjects" on
"https://s3-us-west-2.amazonaws.com/app?prefix=appimages%2FIMG-1469840859-j.jpg%2F&max-keys=1&encoding-type=url";
AWS HTTP error: cURL error 60: SSL certificate problem: unable to get
local issuer certificate (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html)
My code:
$s3 = \Storage::disk('s3');
$filePath = '/images/' . $filename;
$s3->put($filePath, file_get_contents($image), 'public');
You have do a tweak to the php.ini file. Download this file http://curl.haxx.se/ca/cacert.pem and set the path in php.ini like this and then restart the server.
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
Above path is common for XAAMP
And that will fix your issue.
$s3 = new S3Client
([
'version' => 'latest',
'scheme' =>'http',
'region' => $this->config->item('s3_region'),
'credentials' => [
'key' => $this->config->item('s3_access_key'),
'secret' => $this->config->item('s3_secret_key')
],
]);
Add 'scheme' =>'http' for development.
I had the same problem.
Error reason is you are working on local or on a not verified server.
Just you need to add the following line to "filesystem.php"
'scheme' => 'http' // to disable SSL verification on local development
Your filesystem.php should look like this :
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION'),
'bucket' => env('AWS_BUCKET'),
'url' => env('AWS_URL'),
'scheme' => 'http' // to disable SSL verification on local development
],
When you run it on your server which has SSL verification, you need to comment 'scheme' line.
Try it and you will see it works.
Enjoy your coding !