Hi, I am about to set up a multiserver environment. I want the connection between these servers to be encrypted. I tried to install the 2nd server with the client certificate palced under /etc/mysql/ssl and the connection does work properly with the bash but I cant join the the first server with the installtion script. (SSL required on the first server) So my question is, what do I have to do that it is going to work?
Thanks for the reply. But as I already mentioned, it is working by using the bash. I am just not able to connect to the master via ISPconfig. After entering the masters hostname, port, username etc. the script says that it is not able to connect to the master and it wants a new hostname etc..
Which ISPConfig version did you try? There have been some fixes in MySQL SSL connection code in git-stable which have not been released yet.
It's the latest version (3.1). I do not know the minor version. But there aren't any updates which i could install.
Try to update to git-stable branch by running 'ispconfig_update.sh' and then choose 'git-stable' as target (do not choose git-master'. Git stable is basically 3.1.12 with the updates for the next minor release 3.1.13, so you will be able to update later to 3.1.13 when it get's released.
What I did is (on the master and the second server) this: cd /usr/local/bin ./ispconfig_update.sh git-stable ... Which ends with this version: ISPConfig Version: 3.1dev But unfortunately it is still not working
See all of this thread: https://www.howtoforge.com/communit...t-for-postfix-dovecot-pureftpd-mariadb.77499/ You will need to set the ssl flag for the dbmaster connection.
Ok, as far as I figured out, it would only be possilbe if I update to git-master. But I think that it would't be a good idea to do that. So, do you have any clue when it is going to be released?
@Jesse Norell worte ( Jul 26, 2018 ): "if you need ssl for slave server connections (a good idea if you have them), it should work in git master branch right now, but does not in 3.1.12 nor in git stable-3.1 branch; there is a merge request to correct that, so hopefully will be available soon" I also tried it. I created a file on NS2 called config.inc.local.php in /usr/local/ispconfig/interface/lib modified permissions to 600 gave it to ispconfig:ispconfig added conf['dbmaster_client_flags'] = MYSQL_CLIENT_SSL; or conf['dbmaster_client_flags'] = MYSQLI_CLIENT_SSL; and tried to update ispconfig. But it wasn't able to connect to the ISPConfig Server. Certificates are defined in /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf. Server Setup: ispconfig ---> Interface Server ns1 ---------> DNS Server, Master ns2 ---------> DNS Server, Slave ns3 ---------> DNS Server, Slave
I guess @Jesse Norell refers to this merge request https://git.ispconfig.org/ispconfig/ispconfig3/commit/f114eb1ac6e667d05d6eb0d0333f309a8197eb81 which is in git-stable already, so my post and the post from Jesse say the same thing.
