diff --git a/server/config.js b/server/config.js index 515b90465..ce1e35293 100644 --- a/server/config.js +++ b/server/config.js @@ -1,3 +1,4 @@ +/* eslint-disable linebreak-style */ const isFreeBSD = /^freebsd/.test(process.platform); // Interop with browser @@ -19,6 +20,9 @@ const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_S const isSSL = sslKey && sslCert; +const mariaDbSslCert = args["UPTIME_KUMA_DB_SSL_CERT"] || process.env.UPTIME_KUMA_DB_SSL_CERT || process.env.MARIADB_SSL_CERT || undefined; +const mariaDbUseSSL = mariaDbSslCert ? "true" : "false"; + /** * Get the local WebSocket URL * @returns {string} The local WebSocket URL @@ -43,4 +47,6 @@ module.exports = { isSSL, localWebSocketURL, demoMode, + mariaDbSslCert, + mariaDbUseSSL }; diff --git a/server/database.js b/server/database.js index 3b7646de8..55141faee 100644 --- a/server/database.js +++ b/server/database.js @@ -1,3 +1,4 @@ +/* eslint-disable linebreak-style */ const fs = require("fs"); const { R } = require("redbean-node"); const { setSetting, setting } = require("./util-server"); @@ -11,6 +12,7 @@ const { UptimeCalculator } = require("./uptime-calculator"); const dayjs = require("dayjs"); const { SimpleMigrationServer } = require("./utils/simple-migration-server"); const KumaColumnCompiler = require("./utils/knex/lib/dialects/mysql2/schema/mysql2-columncompiler"); +const { mariaDbSslCert, mariaDbUseSSL } = require("./config"); /** * Database & App Data Folder @@ -259,11 +261,22 @@ class Database { throw Error("Invalid database name. A database name can only consist of letters, numbers and underscores"); } + let sslConfig = null; + let serverCa = undefined; + if (mariaDbUseSSL) { + serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ]; + sslConfig = { + rejectUnauthorized: true, + ca: serverCa + }; + } + const connection = await mysql.createConnection({ host: dbConfig.hostname, port: dbConfig.port, user: dbConfig.username, password: dbConfig.password, + ssl: sslConfig }); await connection.execute("CREATE DATABASE IF NOT EXISTS " + dbConfig.dbName + " CHARACTER SET utf8mb4"); @@ -278,6 +291,7 @@ class Database { password: dbConfig.password, database: dbConfig.dbName, timezone: "Z", + ssl: sslConfig, typeCast: function (field, next) { if (field.type === "DATETIME") { // Do not perform timezone conversion diff --git a/server/setup-database.js b/server/setup-database.js index 483f2c9a4..a73e28596 100644 --- a/server/setup-database.js +++ b/server/setup-database.js @@ -1,3 +1,4 @@ +/* eslint-disable linebreak-style */ const express = require("express"); const { log } = require("../src/util"); const expressStaticGzip = require("express-static-gzip"); @@ -6,6 +7,7 @@ const path = require("path"); const Database = require("./database"); const { allowDevAllOrigin } = require("./util-server"); const mysql = require("mysql2/promise"); +const { mariaDbUseSSL, mariaDbSslCert } = require("./config"); /** * A standalone express app that is used to setup a database @@ -208,11 +210,22 @@ class SetupDatabase { // Test connection try { + let sslConfig = null; + let serverCa = undefined; + if (mariaDbUseSSL) { + serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ]; + sslConfig = { + rejectUnauthorized: true, + ca: serverCa + }; + } + const connection = await mysql.createConnection({ host: dbConfig.hostname, port: dbConfig.port, user: dbConfig.username, password: dbConfig.password, + ssl: sslConfig }); await connection.execute("SELECT 1"); connection.end();