mirror of
https://github.com/nextcloud/server.git
synced 2026-06-13 10:40:40 -04:00
feat(db): add SSL/TLS support for PostgreSQL
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
This commit is contained in:
Benjamin Gaussorgues
parent
936da13953
commit
8fbd7633fe
3 changed files with 59 additions and 8 deletions
|
|
@ -502,7 +502,7 @@ $CONFIG = [
|
|||
|
||||
/**
|
||||
* Enable SMTP class debugging.
|
||||
* NOTE: ``loglevel`` will likely need to be adjusted too. See docs:
|
||||
* NOTE: ``loglevel`` will likely need to be adjusted too. See docs:
|
||||
* https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/email_configuration.html#enabling-debug-mode
|
||||
*
|
||||
* Defaults to ``false``
|
||||
|
|
@ -663,7 +663,7 @@ $CONFIG = [
|
|||
* are generated within Nextcloud using any kind of command line tools (cron or
|
||||
* occ). The value should contain the full base URL:
|
||||
* ``https://www.example.com/nextcloud``
|
||||
* Please make sure to set the value to the URL that your users mainly use to access this Nextcloud.
|
||||
* Please make sure to set the value to the URL that your users mainly use to access this Nextcloud.
|
||||
* Otherwise there might be problems with the URL generation via cron.
|
||||
*
|
||||
* Defaults to ``''`` (empty string)
|
||||
|
|
@ -1323,18 +1323,18 @@ $CONFIG = [
|
|||
/**
|
||||
* custom path for ffmpeg binary
|
||||
*
|
||||
* Defaults to ``null`` and falls back to searching ``avconv`` and ``ffmpeg``
|
||||
* Defaults to ``null`` and falls back to searching ``avconv`` and ``ffmpeg``
|
||||
* in the configured ``PATH`` environment
|
||||
*/
|
||||
'preview_ffmpeg_path' => '/usr/bin/ffmpeg',
|
||||
|
||||
/**
|
||||
* Set the URL of the Imaginary service to send image previews to.
|
||||
* Also requires the ``OC\Preview\Imaginary`` provider to be enabled in the
|
||||
* ``enabledPreviewProviders`` array, to create previews for these mimetypes: bmp,
|
||||
* Also requires the ``OC\Preview\Imaginary`` provider to be enabled in the
|
||||
* ``enabledPreviewProviders`` array, to create previews for these mimetypes: bmp,
|
||||
* x-bitmap, png, jpeg, gif, heic, heif, svg+xml, tiff, webp and illustrator.
|
||||
*
|
||||
* If you want Imaginary to also create preview images from PDF Documents, you
|
||||
* If you want Imaginary to also create preview images from PDF Documents, you
|
||||
* have to add the ``OC\Preview\ImaginaryPDF`` provider as well.
|
||||
*
|
||||
* See https://github.com/h2non/imaginary
|
||||
|
|
@ -1978,6 +1978,17 @@ $CONFIG = [
|
|||
*/
|
||||
'mysql.collation' => null,
|
||||
|
||||
/**
|
||||
* PostgreSQL SSL connection
|
||||
*/
|
||||
'pgsql_ssl' => [
|
||||
'mode' => '',
|
||||
'cert' => '',
|
||||
'rootcert' => '',
|
||||
'key' => '',
|
||||
'crl' => '',
|
||||
],
|
||||
|
||||
/**
|
||||
* Database types that are supported for installation.
|
||||
*
|
||||
|
|
@ -2066,9 +2077,9 @@ $CONFIG = [
|
|||
/**
|
||||
* Deny extensions from being used for filenames.
|
||||
* Matching existing files can no longer be updated and in matching folders no files can be created anymore.
|
||||
*
|
||||
*
|
||||
* The '.part' extension is always forbidden, as this is used internally by Nextcloud.
|
||||
*
|
||||
*
|
||||
* Defaults to ``array('.filepart', '.part')``
|
||||
*/
|
||||
'forbidden_filename_extensions' => ['.part', '.filepart'],
|
||||
|
|
|
|||
|
|
@ -198,6 +198,17 @@ class ConnectionFactory {
|
|||
'tablePrefix' => $connectionParams['tablePrefix']
|
||||
];
|
||||
|
||||
if ($type === 'pgsql') {
|
||||
$pgsqlSsl = $this->config->getValue('pgsql_ssl', false);
|
||||
if (is_array($pgsqlSsl)) {
|
||||
$connectionParams['sslmode'] = $pgsqlSsl['mode'] ?? '';
|
||||
$connectionParams['sslrootcert'] = $pgsqlSsl['rootcert'] ?? '';
|
||||
$connectionParams['sslcert'] = $pgsqlSsl['cert'] ?? '';
|
||||
$connectionParams['sslkey'] = $pgsqlSsl['key'] ?? '';
|
||||
$connectionParams['sslcrl'] = $pgsqlSsl['crl'] ?? '';
|
||||
}
|
||||
}
|
||||
|
||||
if ($type === 'mysql' && $this->config->getValue('mysql.utf8mb4', false)) {
|
||||
$connectionParams['defaultTableOptions'] = [
|
||||
'collate' => 'utf8mb4_bin',
|
||||
|
|
|
|||
|
|
@ -40,4 +40,33 @@ class ConnectionFactoryTest extends TestCase {
|
|||
|
||||
$this->assertEquals($expected, self::invokePrivate($factory, 'splitHostFromPortAndSocket', [$host]));
|
||||
}
|
||||
|
||||
public function testPgsqlSslConnection(): void {
|
||||
/** @var SystemConfig|\PHPUnit\Framework\MockObject\MockObject $config */
|
||||
$config = $this->createMock(SystemConfig::class);
|
||||
$config->method('getValue')
|
||||
->willReturnCallback(function ($key, $default) {
|
||||
return match ($key) {
|
||||
'dbtype' => 'pgsql',
|
||||
'pgsql_ssl' => [
|
||||
'mode' => 'verify-full',
|
||||
'cert' => 'client.crt',
|
||||
'key' => 'client.key',
|
||||
'crl' => 'client.crl',
|
||||
'rootcert' => 'rootCA.crt',
|
||||
],
|
||||
default => $default,
|
||||
};
|
||||
});
|
||||
$factory = new ConnectionFactory($config);
|
||||
|
||||
$params = $factory->createConnectionParams();
|
||||
|
||||
$this->assertEquals('pdo_pgsql', $params['driver']);
|
||||
$this->assertEquals('verify-full', $params['sslmode']);
|
||||
$this->assertEquals('rootCA.crt', $params['sslrootcert']);
|
||||
$this->assertEquals('client.crt', $params['sslcert']);
|
||||
$this->assertEquals('client.key', $params['sslkey']);
|
||||
$this->assertEquals('client.crl', $params['sslcrl']);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue