mosparo
Replies: 2 comments 1 reply
-
|
Here is my workaround to enable TLS for MariaDB by directly editing the mosparo sources. SetupController.php $tmpConnection = DriverManager::getConnection([
[...]
'driverOptions' => [
\PDO::MYSQL_ATTR_SSL_KEY => '/certs/client-key.pem',
\PDO::MYSQL_ATTR_SSL_CERT => '/certs/client-cert.pem',
\PDO::MYSQL_ATTR_SSL_CA => '/certs/ca.pem',
\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => true
]
]);In doctrine.yaml doctrine:
dbal:
[...]
options:
!php/const PDO::MYSQL_ATTR_SSL_KEY: '%env(DATABASE_PRIV_KEY)%'
!php/const PDO::MYSQL_ATTR_SSL_CERT: '%env(DATABASE_PUB_KEY)%'
!php/const PDO::MYSQL_ATTR_SSL_CA: '%env(DATABASE_CA_CERT)%'
!php/const PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT: true |
Beta Was this translation helpful? Give feedback.
-
|
Hi @gnieser
Thank you very much for your kind words! It's incredible to read such feedback!
Thank you very much for bringing these things to our attention and for the workaround. TLS Encrypted Database ConnectionThe easiest thing for us is to add some additional environment variables and a hint in the setup to let users know how to configure the encrypted connection. Adding the required configuration fields is also possible, but it makes the setup more complicated. What do you think? Would the environment variables be enough? Deployment on OpenShiftWhat exactly do you need here? Do you need a different Docker image? Or does such a setup need changes in the code?
Our main goal is to provide software that can be used in every situation and on every host (on a simple shared web host or a cluster of servers). So we're interested in learning more about other setups that we don't know or for which we don't have knowledge. Please let me know what problems we have to solve. We're very interested in all suggestions and ideas to make mosparo better. Java Client LibraryThat would be awesome! I worked with Java before (Android and desktop apps), but I'm not that good in Java to write a library. I helped another user integrate mosparo into Keycloak. Here is the code: https://git.schuerz.at/jakob/keycloak-mosparo (Just in case you need an example of how to communicate with the mosparo API in Java). Thank you very much for your help in making mosparo better! Please let me know if you need anything or have any questions! Kind regards, zepich |
Beta Was this translation helpful? Give feedback.
-
|
Hi @zepich ! Thanks for the answer.
I think environment variables are very easy to work with in containers.
By default, pods in OpenShift will get the 'restricted-v2' security context constraint. Currently, my experience running mosparo image in OpenShift shows errors related to:
My current workaround is very convoluted. I've used volume everywhere I detected that the application wanted to write to a folder.
I'll work on a proof of concept, taking into account this Keycloak use case. Best regards |
Beta Was this translation helpful? Give feedback.
-
Hello,
I'm currently evaluating spam protection solutions and I've just found mosparo.
First of all, congratulations for all the hard work to create such a nice open source product, that makes the internet a safer place.
I have some security requirements that are not met out of the box:
I think can somehow help mosparo meet them.
I have a workaround for the TLS database connection by override SetupController.php and doctrine.yaml
I have a very complicated setup for OpenShift to ditch the nginx privileged process and avoid writing inside the image
I also need to integrate mosparo with a java backend, so I will probably also write a java client library.
Please let me know whether you are interested, and if so I shall proceed.
Best regards
Beta Was this translation helpful? Give feedback.
All reactions