Symfony : how to set SSL parameters in Doctrine DBAL configuration (YAML)?

后端 未结 6 1866
误落风尘
误落风尘 2021-02-09 10:56

I\'d like to add my SSL cert and key files to Doctrine DBAL configuration but I don\'t see how to achieve that.

In PHP, I just have to write something like :

<         


        
相关标签:
6条回答
  • 2021-02-09 10:58

    Instead of PDO constats, You shoul use their values in options:

    doctrine:
        dbal:
            connections:
                default:
                    driver:   %database_driver%
                    host:     %database_host%
                    port:     %database_port%
                    dbname:   %database_name%
                    password: %database_password%
                    charset:  UTF8
                    options:
                        1010 : %private_key% 
                        1011 : %public_cert% 
                        1012 : %ca_cert%
    
    0 讨论(0)
  • 2021-02-09 11:07

    I found a much easier way than the rest. Make the following settings in app/config/config.yml:

    # Doctrine Configuration
    doctrine:
        dbal:
            driver:   pdo_mysql
            host:     "%database_host%"
            port:     "%database_port%"
            dbname:   "%database_name%"
            user:     "%database_user%"
            password: "%database_password%"
            charset:  UTF8
            # Options for SSL connection
            options:
                MYSQL_ATTR_SSL_CA : %ca_cert%
                MYSQL_ATTR_SSL_KEY : %private_key%
                MYSQL_ATTR_SSL_CERT : %public_cert%
    

    Then in your app/config/parameters.yml file:

    parameters:
        ...
        # SSL Info
        private_key: /etc/my.cnf.d/certs/client-key.pem
        public_cert: /etc/my.cnf.d/certs/client-cert.pem
        ca_cert: /etc/my.cnf.d/certs/ca-cert.pem
    

    I tested this on Symfony3 and this works great. The paths above may be different, in particular the certs may be different depending on your distro and how you set it up.

    0 讨论(0)
  • 2021-02-09 11:13

    Now in 2020, with Symfony > 4.2, the solution is :

    # Doctrine Configuration
    doctrine:
        dbal:
            driver:   pdo_mysql
            host:     "%database_host%"
            port:     "%database_port%"
            dbname:   "%database_name%"
            user:     "%database_user%"
            password: "%database_password%"
            charset:  UTF8
            # Options for SSL connection
            options:
                !php/const PDO::MYSQL_ATTR_SSL_CA : %ca_cert%
                !php/const PDO::MYSQL_ATTR_SSL_KEY : %private_key%
                !php/const PDO::MYSQL_ATTR_SSL_CERT : %public_cert%
    

    Source : symfony.com/doc/4.2/service_container/parameters.html

    Tested with Symfony 5.1.8

    0 讨论(0)
  • 2021-02-09 11:13

    Symfony configuration via yaml (and possibly xml), doesn't allow the keys to be dynamically set, which means you can't use the constants. To get around this, you can create an extra PHP config file that just handles making a key out of the constants.

    The solution in a Gist is here: https://gist.github.com/samsch/d5243de3924a8ad10df2

    The two major features that this utilizes are that a PHP config file can use any string value for the key, including variables, constants; and that you can use parameters as values for other parameters (something I didn't know until I tried it recently.)

    So, you add the PHP config file in config.yml:

    imports:
        - { resource: parameters.yml }
        - { resource: pdo-constants.php }
    

    pdo-constants.php is this:

    <?php
    $container->setParameter("pdo_options", [
        PDO::MYSQL_ATTR_SSL_CA => "%pdo_ca_file%",
    ]);
    

    Add any other constants you need as well.

    Then in parameters.yml, you just need the values for your constants:

    parameters:
    #...
        pdo_ca_file: /pathtocerts/certs/mysql-ca.pem
    

    Now, I'm guessing that working with another DB system which uses PDO constants would be similar, but I've only used this MySQL.

    0 讨论(0)
  • 2021-02-09 11:19

    An alternative approach would be installing composer/ca-bundle to help find the path to the CA root bundle and use a custom compiler pass to automagically register that path with Doctrine:

    <?php
    
    namespace App\DepenedencyInjection\Compiler;
    
    use Composer\CaBundle\CaBundle;
    use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
    use Symfony\Component\DependencyInjection\ContainerBuilder;
    
    /**
     * Registers a CA root bundle with the PDO MySQL driver used by Doctrine DBAL
     *
     * This allows Doctrine to connect to MySQL instances that force SSL encryption, such as Azure's.
     */
    final class RegisterCABundleWithPDOMysqlDriverPass implements CompilerPassInterface
    {
        /**
         * @inheritDoc
         */
        public function process(ContainerBuilder $container)
        {
            $caPathOrFile = CaBundle::getSystemCaRootBundlePath();
    
            foreach ($container->getParameter('doctrine.connections') ?? [] as $connectionName) {
                $definition = $container->getDefinition($connectionName);
                $options = $definition->getArgument(0) ?? [];
                $options['driverOptions'][\PDO::MYSQL_ATTR_SSL_CA] = $caPathOrFile;
                $definition->setArgument(0, $options);
            }
        }
    }
    
    0 讨论(0)
  • 2021-02-09 11:21

    With Symfony 3.2 and up this became a lot easier:

    doctrine:
        dbal:
            <other configs>
            options:
                !php/const:PDO::MYSQL_ATTR_SSL_CA: %ca_cert%
                !php/const:PDO::MYSQL_ATTR_SSL_KEY: %private_key%
                !php/const:PDO::MYSQL_ATTR_SSL_CERT: %public_cert%
    
    0 讨论(0)
提交回复
热议问题