we installed the Mattermost Enterprise Edition and currently face a problem with the configuration of a secure database connection.
We want to use the MySQL-Server within our intranet as database for Mattermost and the database connection has to be encrypted with SSL/TLS. Our current SqlSettings look like this:
Do you have an advise how to configure the details for the database connection over SSL/TLS?
We tried the tls=custom url parameter in the DataSource string but couldn’t find a way to set the required TLSConfig object using the config files. With tls=true we get the following error:
Failed to ping db err:tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
Using the tls=skip-verify option works to establish an connection, but doesn’t meet our security requirements.
Well, we configured our MySQL server to only accept an SSL encrypted mysql connection for the database/user combination on which the mattermost server depends.
As i said, by using tls=skip-verify the connection is established, but mattermost doesn´t verify the certificate.
So we search for a way to tell mattermost which root certificate to use, so the mysql server certificate can be verified.
This topic is a bit old, but especially because it’s old, was there any change to this? Is it possible to define a root CA file to connect to the database with a self-signed TLS certificate, or not yet?
I would suggest using a reverse proxy such as through Apache, and proxying the database to a VirtualHost in which you are using SSL/TLS. At that point, you should be able to create a listener on the target server (that you want the database to send data to) and then, in essence, import the database information almost as if it was in a cluster environment.