I am using docker compose to deploy a db connection using a jdbc driver, I have to configure the connection with SSL adding the pem file in docker compose yaml file.
Below is the reference I have to set up SSL on docker compose yaml file.
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
version: ‘3.7’
services:
your_service:
image: your_image
environment:
- MYSQL_SSL_CA=/path/to/ca-cert.pem
- MYSQL_SSL_CERT=/path/to/client-cert.pem
- MYSQL_SSL_KEY=/path/to/client-key.pem
volumes:
- /local/path/to/ca-cert.pem:/path/to/ca-cert.pem
- /local/path/to/client-cert.pem:/path/to/client-cert.pem
- /local/path/to/client-key.pem:/path/to/client-key.pem
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
The question I have it is about how to configure the pem file to use it on mysql connection string
I would like to know how to configure properly the pem file on docker compose yaml file using jdbc driver (connection string) , service and extract-service.
Please, format your post according to the following guide: How to format your forum posts
In short: please, use </> button to share codes, terminal outputs, error messages or anything that can contain special characters which would be interpreted by the MarkDown filter. Use the preview feature to make sure your text is formatted as you would expect it and check your post after you have sent it so you can still fix it.
Example code block:
```
echo "I am a code."
echo "An athletic one, and I wanna run."
```
Start by formatting your code/config with 3 backticks before and after, to make it more readable and preserve spacing, which is important in yaml.
There seems to be a bit of lack of understanding for Docker, you should probably read some tutorials first (about ports and network).
The database needs to be reachable by the application, so you would need to either:
open ports
use a Docker network
use network_mode: host (not recommended)
The same is true for the application, but network_mode: host gives the service/container a lot of permissions, which is bad for security and might lead to conflicts.
Libraries like JDBC drivers are usually build into the image via Dockerfile, only credentials are supplied during runtime.
Do you want to use a custom TLS cert between app and db (to replace user/pass) or an official one for the db domain?
If you are running app and db in the same Docker network, this is not really required anymore, as access is only possible internally.
My response may not have answered all your questions. Your setup for DB TLS with bind mounts look correct, but at the end it’s up for the db image how it is used, what parameters need to be set, so you need the check the image doc.
Final note: templating with &extract is the high art of yaml which only like 0.1% use, maybe postpone that for later.