HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=18)
-   -   Mysql SSL (http://www.howtoforge.com/forums/showthread.php?t=43081)

jmroth 28th January 2010 04:00

Mysql SSL
 
Hi there,
I have added private branch ISPConfig-2.2.jmroth (copy of stable branch).
Amongst others to follow, this now contains a feature to enable remote access to mysql via SSL only ('GRANT ..... REQUIRE SSL').
I feel this needs discussion on how to make it official, as
- mysql has to support ssl (i.e. it needs to be configured and there need to be certificates created/installed)
- port 3306 needs to be reachable from outside as far as the network/firewall is concerned
Greetings
JM

Ben 28th January 2010 08:44

I voted yes, eventhough ISPConfig2 is kind of outdated when looking at the existence of ISPConfig3.
Don't get me wrong I still use ISPconfig2 instead of 3 but as I generally plan to migrate to 3, getting features in 2 that I will miss in 3 makes the migration harder.

Another option could be, depending on the requirements, to disallow the remote connection to mysql, e.g. via iptables and moreover set up s-tunnel on both the server and "client" side to take care of the encryption for the remote sql connections.

Anyway a nice feature though. Maybe you might think of "patching" ISPConfig3 as well?

jmroth 28th January 2010 09:10

First, generally:
I know ISPConfig 3 sounds tempting but I would need to time to familiarize myself with it.
I also wouldn't know if upgrading from 2 to 3 is straightforward and if v3 has at least the same features than v2 and would make me (and my customers) happy.
I also dislike the fact a little bit that v3 apparently is more intrusive, i.e. where "Perfect Setup" guides needed to be followed more or less for v2, v3 tries to do those modifications itself, whereas I prefer to stay in control of the core of my system. This might be a prejudice though.
(Additionally I heard that v2 and v3 run in parallel and the presence of v3 doesn't mean the discontinuation of v2 where the development still goes toward v2.4 etc.)

Now to the subject:
I know there exist other methods, but in any case ISPConfig would need to be involved in either
- setting up iptables (to allow/block the connections)
- setting up stunnel
- configuring mysql
neither of which it currently is responsible for.
Therefore, I am hesitating with proceeding.

So long,
JM

till 28th January 2010 10:25

There will be no upgrade from ISPConfig 2 to 3. ISPConfig 3 is a completely different software and has different system requirements, ISPConfig 3 is not an update or replacement for ispconfig 2.

ISPConfig 2 is also not outdated, it is a stable release and developed side by side with ISPConfig 3. By the way, in the alst months, we released more ispconfig 2 updates then ispconfig 3 updates, so you see thst its definately not outdated.


All times are GMT +2. The time now is 17:42.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.