Symfony: how to set SSL options in Doalrine DBAL (YAML) configuration?
I would like to add my SSL certificates and keyfiles to the DBAL Doctrine config, but I cannot see how.
In PHP, I just need to write something like:
$databaseHandler = new \PDO(
'mysql:host=my_host;dbname=my_db',
'username',
'password',
array(
\PDO::MYSQL_ATTR_SSL_KEY => '.../client-key.pem',
\PDO::MYSQL_ATTR_SSL_CERT => '.../client-cert.pem',
\PDO::MYSQL_ATTR_SSL_CA => '.../ca-cert.pem'
)
);
I realize there is a Custom Driver option driverOptions
and I saw this answer , but I'm not sure how to translate this into YAML.
I have a feeling that I should write something close to:
doctrine:
dbal:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
driverOptions:
PDO::MYSQL_ATTR_SSL_CA: '.../client-key.pem'
PDO::MYSQL_ATTR_SSL_CERT: '.../client-cert.pem'
PDO::MYSQL_ATTR_SSL_CA: '.../ca-cert.pem'
But double colons don't really like YAML ...
source to share
I found a much easier way than the others. In app/config/config.yml
the following settings:
# Doctrine Configuration
doctrine:
dbal:
driver: pdo_mysql
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
# Options for SSL connection
options:
MYSQL_ATTR_SSL_CA : %ca_cert%
MYSQL_ATTR_SSL_KEY : %private_key%
MYSQL_ATTR_SSL_CERT : %public_cert%
Then in your file app/config/parameters.yml
:
parameters:
...
# SSL Info
private_key: /etc/my.cnf.d/certs/client-key.pem
public_cert: /etc/my.cnf.d/certs/client-cert.pem
ca_cert: /etc/my.cnf.d/certs/ca-cert.pem
I've tested this on Symfony3 and it works great. The paths above can be different, in particular, certificates can differ depending on your distribution and how you set it up.
source to share
Symfony configuration via yaml (and possibly xml) does not allow for dynamically setting keys, which means you cannot use constants. To work around this, you can create an additional PHP configuration file that simply processes the key from constants.
The solution in the Gist is here: https://gist.github.com/samsch/d5243de3924a8ad10df2
The two main functions that this uses are that the PHP configuration file can use any string value for the key, including variables, constants; and that you can use parameters as values ββfor other parameters (something I didn't know until I tried it recently).
So, you add the PHP configuration file to config.yml:
imports:
- { resource: parameters.yml }
- { resource: pdo-constants.php }
pdo-constants.php:
<?php
$container->setParameter("pdo_options", [
PDO::MYSQL_ATTR_SSL_CA => "%pdo_ca_file%",
]);
Add any other constants you need.
Then, in the .yml parameters, you only need the values ββfor your constants:
parameters:
#...
pdo_ca_file: /pathtocerts/certs/mysql-ca.pem
Now I am guessing that working with another DB system that uses PDO constants would be similar, but I only used this MySQL.
source to share
Instead of constants PDO
, you use your values ββin options
:
doctrine:
dbal:
connections:
default:
driver: %database_driver%
host: %database_host%
port: %database_port%
dbname: %database_name%
password: %database_password%
charset: UTF8
options:
1010 : %private_key%
1011 : %public_cert%
1012 : %ca_cert%
source to share