+
+Connecting MySQL database with SSL/TLS to ONLYOFFICE Docs
+ +If you want to use secure SSL/TLS connections with MySQL when connecting to ONLYOFFICE Docs, follow these steps:
+-
+
- If MySQL is installed with SSL enabled, it provides self-signed certificates in
/var/lib/mysql/
including the certificate authorityca.pem
certificate, server certificates and client certificates:ca-key.pem
,ca.pem
,client-cert.pem
,client-key.pem
,private_key.pem
,public_key.pem
,server-cert.pem
,server-key.pem
. +To connect via SSL, only
+ca.pem
is required, but for additional protection and establishing trust, it is recommended to useclient-cert.pem
andclient-key.pem
. They must be converted to a string, for example, in the following way:
+awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ca.pem +awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' client-cert.pem +awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' client-key.pem +
+ -
+ Add the certificate to the document server
local.json
config: +
+{ + "services": { + "CoAuthoring": { + "sql": { + "type": "mysql", + "dbHost": "onlyoffice.local", + "dbPort": "3306", + "dbName": "onlyoffice", + "dbUser": "onlyoffice", + "dbPass": "onlyoffice", + "mysqlExtraOptions": { + "ssl": { + "ca": "-----BEGIN CERTIFICATE-----\n...ca.pem...\n-----END CERTIFICATE-----\n\n", + "cert": "-----BEGIN CERTIFICATE-----\n...client-cert.pem...-----END CERTIFICATE-----\n\n", + "key": "-----BEGIN RSA PRIVATE KEY-----\n...client-key.pem...\n-----END RSAD RSA PRIVATE KEY-----\n\n" + } + } +... +
+ - Restart services:
+
+systemctl restart ds-converter ds-docservice ds-example ds-metrics
+