[rt-users] Anyone using SSL-encrypted backend mysql calls?
Matt Simerson
matt at corp.spry.com
Tue Sep 30 14:46:43 EDT 2008
Do NOT use mysql SSL in a production environment.
Yes, I have done it. No, you do not want to.
It can be made to work. It is not stable. You will wake up one day
wondering why mysql connections are dying. You will google the error
messages and find all sorts of info on MySQL mailing lists showing
that many others have the same problem. Then you too will recompile
MySQL without SSL support and revert to stunnel.
Which you should have done in the first place, as others have already
suggested.
It is not a "custom" solution, it's a very common and most excellent
tool used for this purpose.
On mysql clients, I bind stunnel to 127.0.0.10?. Increment the last
digit for each MySQL server your client wants to connect to. On the
mysql server, bind MySQL to the loopback IP and stunnel listens on the
network interface and proxies the request to it.
Matt
On Sep 30, 2008, at 7:23 AM, simon jester wrote:
> Due to circumstances beyond my control (mgmt), my RT instances will
> be moved
> from their present isolated network into the mainstream with other
> corporate
> devices. As I don't want any sniffers that *might* exist on the wire
> to inspect
> my traffic to/from the database servers, I'm looking at using the SSL
> encryption feature...but I don't know what incantations need to be
> used for the
> front-end RT instance to successfully communicate.
>
> If this is explained in a FAQ or manual somewhere, please point me
> to it.
>
> Thanks, in advance...
>
>
> sklutch
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
More information about the rt-users
mailing list