Hi ISPConfig Version: 3.1.13 Debian 9.5 the communication between ispconfig multiserver is encrypted by default?
Thank you for your prompt reply. Do you know any howto for encrypt the mysql SSL communication between servers?
You can try @ztk.me suggestion here https://www.howtoforge.com/communit...t-for-postfix-dovecot-pureftpd-mariadb.77499/. However, I personally don't think it is as easy as it says in there especially when it involves remote server. I also don't think ISPConfing support encrypted mysql but I could be wrong.
ahrasis, thank you, I do not know how to proceed on the remote server. But, i will try it in my sandbox and post the result here.
It should be possible to use encrypte mysql in current ispconfig stable. @Jesse Norell added some fixes for the mysql lib recently. Another option is to set up a vpn between the servers and tunnel the mysql connection trough that vpn.
Just to note that when I last tested mysql with ssl enabled, pure-ftpd-mysql failed to work but when ssl is not enabled for mysql, it works just fine. Because of that I think some ISPConfig or ftp settings may need to be changed for pure-ftpd-mysql to work properly with mysql with ssl enabled but I haven't figured it out yet. I am not sure how to use vpn but I will try ISPConfig git stable and see how it goes.
Might be that pure-ftpd-mysql needs different settings then, ispconfig itself is not involved in the connection from pure-ftpd to the mysql database.
Any idea on how that can be fixed? I always thought that the connection to mysql database is governed by ISPConfig as it manages pure-ftpd-mysql users. I also could not find any pure-ftpd-mysql files that are handling its connection to mysql, so I ended up not enabling ssl in mysql. It's ok with me for the time being.
Basically, it works like this: ISPConfig writes data into the dbispconfig mysql database and pure-ftpd reads the data from there. So both applications have their own config files and way to connect to mysql, they just share the same database. I have not tried to enable SSL for pure-ftpd yet, so not sure if I can help much in this case. The pure-ftpd mysql configuration is located in this file on Debian and Ubuntu: /etc/pure-ftpd/db/mysql.conf
Success! Code: MariaDB [(none)]> status -------------- mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2 Connection id: 464 Current database: Current user: [email protected] SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Protocol version: 10 Connection: 192.168.1.100 via TCP/IP Server characterset: utf8mb4 Db characterset: utf8mb4 Client characterset: utf8mb4 Conn. characterset: utf8mb4 TCP port: 3306 Uptime: 6 min 0 sec Threads: 1 Questions: 5435 Slow queries: 0 Opens: 41 Flush tables: 1 Open tables: 35 Queries per second avg: 15.097 -------------- Let me check the ispconfig functions with ssl enabled.
Just check your pure-ftpd-mysql if you installed one. Others should work fine, at least they were working fine on my last test.
So far the pure ftp is working fine. Add a FTP-User, work fine. Connect with new FTP-User, work fine. Remove the FTP-User, work fine. But, i have some security restrictions in my server. Because my servers is for me and my friends only. like, On the web server, the public open port is 80 and 443 only. We connect FTP, SSH, 8080, webmin and othes through a openVPN connection, for security reasons.
I am use the web server and mysql server together in one VPS. 2 separate region VPS for dns and one more for email.
