From 30f73f39a0c63ccf614586e6e5caab93f3588490 Mon Sep 17 00:00:00 2001 From: Kim Oliver Drechsel Date: Mon, 22 May 2023 20:46:29 +0200 Subject: [PATCH] Add SSL Support for MariaDB (#3444) * Add ssl options for mariadb * Add ssl mode for mariadb Add ssl mode as documented in https://mysqlclient.readthedocs.io/user_guide.html#functions-and-attributes * run linting over settings.py * Add docs for SSL mode with MariaDB --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> --- docs/configuration.md | 28 ++++++++++++++++++++++------ src/paperless/settings.py | 11 ++++++++++- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index cb5af9d86..35dc86ffb 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -83,21 +83,29 @@ changed here. `PAPERLESS_DBSSLMODE=` -: SSL mode to use when connecting to PostgreSQL. +: SSL mode to use when connecting to PostgreSQL or MariaDB. See [the official documentation about - sslmode](https://www.postgresql.org/docs/current/libpq-ssl.html). + sslmode for PostgreSQL](https://www.postgresql.org/docs/current/libpq-ssl.html). - Default is `prefer`. + See [the official documentation about + sslmode for MySQL and MariaDB](https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-mode). + + *Note*: SSL mode values differ between PostgreSQL and MariaDB. + + Default is `prefer` for PostgreSQL and `PREFERRED` for MariaDB. `PAPERLESS_DBSSLROOTCERT=` : SSL root certificate path See [the official documentation about - sslmode](https://www.postgresql.org/docs/current/libpq-ssl.html). + sslmode for PostgreSQL](https://www.postgresql.org/docs/current/libpq-ssl.html). Changes path of `root.crt`. + See [the official documentation about + sslmode for MySQL and MariaDB](https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-ca). + Defaults to unset, using the documented path in the home directory. `PAPERLESS_DBSSLCERT=` @@ -105,7 +113,11 @@ changed here. : SSL client certificate path See [the official documentation about - sslmode](https://www.postgresql.org/docs/current/libpq-ssl.html). + sslmode for PostgreSQL](https://www.postgresql.org/docs/current/libpq-ssl.html). + + See [the official documentation about + sslmode for MySQL and MariaDB](https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-cert). + Changes path of `postgresql.crt`. Defaults to unset, using the documented path in the home directory. @@ -115,7 +127,11 @@ changed here. : SSL client key path See [the official documentation about - sslmode](https://www.postgresql.org/docs/current/libpq-ssl.html). + sslmode for PostgreSQL](https://www.postgresql.org/docs/current/libpq-ssl.html). + + See [the official documentation about + sslmode for MySQL and MariaDB](https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-key). + Changes path of `postgresql.key`. Defaults to unset, using the documented path in the home directory. diff --git a/src/paperless/settings.py b/src/paperless/settings.py index 122806516..c3e75e402 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -506,7 +506,16 @@ if os.getenv("PAPERLESS_DBHOST"): # Leave room for future extensibility if os.getenv("PAPERLESS_DBENGINE") == "mariadb": engine = "django.db.backends.mysql" - options = {"read_default_file": "/etc/mysql/my.cnf", "charset": "utf8mb4"} + options = { + "read_default_file": "/etc/mysql/my.cnf", + "charset": "utf8mb4", + "ssl": { + "ssl_mode": os.getenv("PAPERLESS_DBSSLMODE", "PREFERRED"), + "ca": os.getenv("PAPERLESS_DBSSLROOTCERT", None), + "cert": os.getenv("PAPERLESS_DBSSLCERT", None), + "key": os.getenv("PAPERLESS_DBSSLKEY", None), + }, + } # Silence Django error on old MariaDB versions. # VARCHAR can support > 255 in modern versions