Mysql SSL

Discussion in 'Developers' Forum' started by jmroth, Jan 28, 2010.


Do you feel this would be a nice new option?

  1. Yes

  2. No

    0 vote(s)
  1. jmroth

    jmroth ISPConfig Developer ISPConfig Developer

    Hi there,
    I have added private branch ISPConfig-2.2.jmroth (copy of stable branch).
    Amongst others to follow, this now contains a feature to enable remote access to mysql via SSL only ('GRANT ..... REQUIRE SSL').
    I feel this needs discussion on how to make it official, as
    - mysql has to support ssl (i.e. it needs to be configured and there need to be certificates created/installed)
    - port 3306 needs to be reachable from outside as far as the network/firewall is concerned
  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    I voted yes, eventhough ISPConfig2 is kind of outdated when looking at the existence of ISPConfig3.
    Don't get me wrong I still use ISPconfig2 instead of 3 but as I generally plan to migrate to 3, getting features in 2 that I will miss in 3 makes the migration harder.

    Another option could be, depending on the requirements, to disallow the remote connection to mysql, e.g. via iptables and moreover set up s-tunnel on both the server and "client" side to take care of the encryption for the remote sql connections.

    Anyway a nice feature though. Maybe you might think of "patching" ISPConfig3 as well?
  3. jmroth

    jmroth ISPConfig Developer ISPConfig Developer

    First, generally:
    I know ISPConfig 3 sounds tempting but I would need to time to familiarize myself with it.
    I also wouldn't know if upgrading from 2 to 3 is straightforward and if v3 has at least the same features than v2 and would make me (and my customers) happy.
    I also dislike the fact a little bit that v3 apparently is more intrusive, i.e. where "Perfect Setup" guides needed to be followed more or less for v2, v3 tries to do those modifications itself, whereas I prefer to stay in control of the core of my system. This might be a prejudice though.
    (Additionally I heard that v2 and v3 run in parallel and the presence of v3 doesn't mean the discontinuation of v2 where the development still goes toward v2.4 etc.)

    Now to the subject:
    I know there exist other methods, but in any case ISPConfig would need to be involved in either
    - setting up iptables (to allow/block the connections)
    - setting up stunnel
    - configuring mysql
    neither of which it currently is responsible for.
    Therefore, I am hesitating with proceeding.

    So long,
    Last edited: Jan 28, 2010
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    There will be no upgrade from ISPConfig 2 to 3. ISPConfig 3 is a completely different software and has different system requirements, ISPConfig 3 is not an update or replacement for ispconfig 2.

    ISPConfig 2 is also not outdated, it is a stable release and developed side by side with ISPConfig 3. By the way, in the alst months, we released more ispconfig 2 updates then ispconfig 3 updates, so you see thst its definately not outdated.

Share This Page