bitnami
[bitnami/mariadb] SSL does not work
Name and Version
bitnami/mariadb:11.4
What architecture are you using?
amd64
What steps will reproduce the bug?
version: "3.1"
services:
db_server:
image: ${SSL_DB:-bitnami/mariadb:11.4}
environment:
MARIADB_BIND_ADDRESS: 0.0.0.0
MARIADB_USER: secure-user
MARIADB_PASSWORD: "${TESTSUITE_PASSWORD:-my-secret-pw}"
MARIADB_ROOT_PASSWORD: random-pass
MARIADB_CLIENT_ENABLE_SSL: yes
MARIADB_CLIENT_SSL_CA_FILE: /etc/phpmyadmin/ssl/ca-cert.pem
MARIADB_CLIENT_SSL_CERT_FILE: /etc/phpmyadmin/ssl/server-cert.pem
MARIADB_CLIENT_SSL_KEY_FILE: /etc/phpmyadmin/ssl/server-key.pem
healthcheck:
test: ["CMD", "mariadb-admin", "ping", "-uroot", "-prandom-pass"]
start_period: 10s
interval: 5s
timeout: 60s
retries: 10
networks:
testing:
aliases:
- phpmyadmin_testing_db
tmpfs:
- /var/lib/mysql:rw,noexec,nosuid,size=300m
volumes:
- ../ca-cert.pem:/etc/phpmyadmin/ssl/ca-cert.pem:ro
- ../ca-key.pem:/etc/phpmyadmin/ssl/ca-key.pem:ro
- ../server-cert.pem:/etc/phpmyadmin/ssl/server-cert.pem:ro
- ../server-key.pem:/etc/phpmyadmin/ssl/server-key.pem:ro
I login with the CLI to the user, it should throw me out since I do not use SSL.
What is the expected behavior?
Make it work and require ssl for clients.
What do you see instead?
It seems to have been added to https://github.com/bitnami/containers/commit/1b9e7281b117944053cbcd4dddb264da0d8ec6d7 Bu no code to manage the new envs
Additional information
No response
This seems to also be an issue with the MySQL image.
I have this output in the logs showing it's using the ca.pem file, but I am using a different CA file (named ca.crt)
mysql 20:15:06.34 INFO ==> ** Starting MySQL **
2025-01-06T20:15:06.361077Z 0 [System] [MY-015015] [Server] MySQL Server - start.
2025-01-06T20:15:06.361212Z 0 [Warning] [MY-010139] [Server] Changed limits: max_open_files: 4096 (requested 9010)
2025-01-06T20:15:06.361218Z 0 [Warning] [MY-010142] [Server] Changed limits: table_open_cache: 1543 (requested 4000)
2025-01-06T20:15:06.796782Z 0 [System] [MY-010116] [Server] /opt/bitnami/mysql/bin/mysqld (mysqld 9.0.1) starting as process 29
2025-01-06T20:15:06.807662Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2025-01-06T20:15:07.160853Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2025-01-06T20:15:07.460847Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2025-01-06T20:15:07.460898Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2025-01-06T20:15:07.503576Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /tmp/mysqlx.sock
2025-01-06T20:15:07.503762Z 0 [System] [MY-010931] [Server] /opt/bitnami/mysql/bin/mysqld: ready for connections. Version: '9.0.1' socket: '/opt/bitnami/mysql/tmp/mysql.sock' port: 3306 Source distribution.
And SSL isn't set via mysql --help:
ssl-ca (No default value)
ssl-capath (No default value)
ssl-cert (No default value)
ssl-cipher (No default value)
ssl-key (No default value)
It is evident the env is set:
~ $ docker exec -it mysql /bin/sh
$ echo "$MYSQL_CLIENT_SSL_CA_FILE"
/run/tls/ca.crt
But even in phpMyAdmin it doesn't show SSL being enabled.
But even in phpMyAdmin it doesn't show SSL being enabled.
I am working on https://github.com/phpmyadmin/docker/pull/448 (reason why I did discover the bug here) Maybe comment there is you think there is a phpMyAdmin issue
I don't think it's a phpMyAdmin issue, the server itself reports SSL isn't enabled via the help command. I was just saying phpMyAdmin also backs up this fact.
Hello, I am from the orginal PR mentionned by @williamdes. First of all, many thanks for your time.
I can reproduce the bug with the Docker image to during testing mTLS with it. No error when configuration edited manualy inside the Dockerfile.
just for information
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.