Add mutual TLS (mTLS) support for remote database connections in PhpMyAdmin #448
Conversation
… remote server/cluster/service
feat:(config.inc.php/docker-entrypoint.sh): Add support for mTLS to a remote server/cluster/service
|
Hello @williamdes , I am sorry to have to you ask you such a thing, but can you see my proposal please ? The related issue is here: #449 |
… TLS logic from entrypoint to php configuration files
fix(config.inc.php/docker-entrypoint.sh,dockerfile,helpers.php): Move TLS logic from entrypoint to php configuration files
… TLS logic from entrypoint to php configuration files, in all other build
fix(config.inc.php/docker-entrypoint.sh,dockerfile,helpers.php): Move TLS logic from entrypoint to php configuration files, in all other build
Co-authored-by: William Desportes <[email protected]>
add types to function parameters Co-authored-by: William Desportes <[email protected]>
Remove the custom exception Co-authored-by: William Desportes <[email protected]>
There was a problem hiding this comment.
You need to change https://github.com/phpmyadmin/docker/blob/master/config.inc.php
and https://github.com/phpmyadmin/docker/blob/master/Dockerfile-alpine.template
and https://github.com/phpmyadmin/docker/blob/master/Dockerfile-debian.template
And run ./update to sync the changes to all files
I like your work, and will also use it at work for Amazon RDS
|
If you can also open a PR to the QA_5_2 branch of https://github.com/phpmyadmin/phpmyadmin/blob/QA_5_2/doc/setup.rst#installing-using-docker to add the new ENVs that would be great. Else I will do it I guess an example using https://github.com/phpmyadmin/phpmyadmin/blob/QA_5_2/doc/config.rst#amazon-rds-aurora-with-ssl could clarify how to use this feature. |
…ates, add PMA_SSLS in the README and add PMA_SSL_DIR to set output path for certificate generation
So, if I understand correctly, you wan't to me to open a PR for PhpMyAdmin application and add mTLS support in the installing-using-docker section of the setup.rst. If yes, I am your men. |
Here the PR about documentation adds: phpmyadmin/phpmyadmin#19465 Many thanks for your time and consideration |
…e script to import it in target folders/images Signed-off-by: lordrobincbz <[email protected]>
williamdes
changed the title
Problem:
In the context of mutual TLS (mTLS), it is currently not possible to define a list of files to configure the connection between PhpMyAdmin and one or more database servers or services.
Proposed Solution:
My idea is to introduce the ability to configure specific PhpMyAdmin parameters to allow mTLS connections to secure services.
To achieve this, I built upon existing syntax and implemented an approach that encodes the necessary files (CA, CERT, and KEY) in Base64 format. These files can then be passed to PhpMyAdmin using environment variables.
Potential Question: Why not use a volume instead of environment variables?
In a hyperscaler context such as Kubernetes, creating NFS volumes can pose significant challenges for many users. Managing environment variables is often simpler and more portable than managing volumes. Additionally, adding volumes introduces statefulness to PhpMyAdmin, which can be problematic for certain infrastructures. Using environment variables resolves these issues and keeps PhpMyAdmin stateless.
Note:
This is my first open-source pull request, so I am not entirely sure if I’m following the correct process. I kindly ask for your understanding. I am also more active on GitLab than GitHub, so feel free to reach out if you need more information about me.
Thank you for your time and consideration!