You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Marcus Adams <ma...@mja.org.uk> on 2020/03/06 01:39:16 UTC
Enable SSL in Apache guacamole running under docker using the default
guacamole images.
Background
Apache guacamole running under docker using the default guacamole images.
External Microsoft Azure-managed MySQL database.
Azure by default requires SSL connections to the managed db service.
This can be disabled but that is not an option for this environment.
Settings
Docker-compose.yml has the following section:
environment:
- "GUACD_HOSTNAME=127.0.0.1"
- "GUACD_PORT=4822"
- "MYSQL_PORT=3306"
- "MYSQL_DATABASE=guacamole"
- "GUACAMOLE_HOME=/data"
- "MYSQL_USER=******************"
- "MYSQL_PASSWORD=******************"
- "MYSQL_HOSTNAME=******************"
Issue
With it enabled in Azure I get the following:
guacamole | 09:34:53.998 [http-nio-8080-exec-5] WARN
o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider
has encountered an internal error which will halt the authentication
process. If this is unexpected or you are the developer of this
authentication provider, you may wish to enable debug-level logging. If
this is expected and you wish to ignore such failures in the future, please
set "skip-if-unavailable: mysql" within your guacamole.properties.
guacamole | 09:34:53.999 [http-nio-8080-exec-5] ERROR
o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
guacamole | ### Error querying database. Cause: java.sql.SQLException:
SSL connection is required. Please specify SSL options and retry.
guacamole | ### The error may exist in
org/apache/guacamole/auth/jdbc/user/UserMapper.xml
guacamole | ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
guacamole | ### The error occurred while executing a query
guacamole | ### Cause: java.sql.SQLException: SSL connection is
required. Please specify SSL options and retry.
I know that (outside of docker) if i do a mysql client command line
connection I can use the option --ssl and then everything connects ok.
But as i’m very new to docker I’m stumped as to how to set that option in
my docker-compose file.
And my google fu has failed me and is taking me down rabbit holes about TLS
access to the docker containers or setting https for websites.
How do I enable the mysql connection to use ssl in my docker-compose.yml?
Regards
Marcus
Re: Enable SSL in Apache guacamole running under docker using the
default guacamole images.
Posted by Marcus Adams <ma...@mja.org.uk>.
HI, so this is Microsts Azure Managed SQL as a service. Tried on all
versions offered 5.6, 5.7 & 5.8
I also tried it with there mariadb 10.2 & 10.3 They all gave the same
error.
Regards
Marcus
On Fri, 6 Mar 2020 at 02:35, Mike Jumper <mj...@apache.org> wrote:
> Do you know what version of MySQL server is in use? My understanding is
> that the MySQL JDBC driver will automatically use TLS to connect to any
> MySQL server configured to use TLS, with the exception of very old versions
> of MySQL.
>
> - Mike
>
>
> On Thu, Mar 5, 2020, 17:39 Marcus Adams <ma...@mja.org.uk> wrote:
>
>> Background
>> Apache guacamole running under docker using the default guacamole images.
>> External Microsoft Azure-managed MySQL database.
>> Azure by default requires SSL connections to the managed db service.
>> This can be disabled but that is not an option for this environment.
>> Settings
>> Docker-compose.yml has the following section:
>>
>> environment:
>> - "GUACD_HOSTNAME=127.0.0.1"
>> - "GUACD_PORT=4822"
>> - "MYSQL_PORT=3306"
>> - "MYSQL_DATABASE=guacamole"
>> - "GUACAMOLE_HOME=/data"
>> - "MYSQL_USER=******************"
>> - "MYSQL_PASSWORD=******************"
>> - "MYSQL_HOSTNAME=******************"
>> Issue
>> With it enabled in Azure I get the following:
>>
>> guacamole | 09:34:53.998 [http-nio-8080-exec-5] WARN
>> o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider
>> has encountered an internal error which will halt the authentication
>> process. If this is unexpected or you are the developer of this
>> authentication provider, you may wish to enable debug-level logging. If
>> this is expected and you wish to ignore such failures in the future, please
>> set "skip-if-unavailable: mysql" within your guacamole.properties.
>> guacamole | 09:34:53.999 [http-nio-8080-exec-5] ERROR
>> o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
>> guacamole | ### Error querying database. Cause:
>> java.sql.SQLException: SSL connection is required. Please specify SSL
>> options and retry.
>> guacamole | ### The error may exist in
>> org/apache/guacamole/auth/jdbc/user/UserMapper.xml
>> guacamole | ### The error may involve
>> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
>> guacamole | ### The error occurred while executing a query
>> guacamole | ### Cause: java.sql.SQLException: SSL connection is
>> required. Please specify SSL options and retry.
>> I know that (outside of docker) if i do a mysql client command line
>> connection I can use the option --ssl and then everything connects ok.
>>
>> But as i’m very new to docker I’m stumped as to how to set that option in
>> my docker-compose file.
>>
>> And my google fu has failed me and is taking me down rabbit holes about
>> TLS access to the docker containers or setting https for websites.
>>
>> How do I enable the mysql connection to use ssl in my docker-compose.yml?
>> Regards
>> Marcus
>>
>>
Re: Enable SSL in Apache guacamole running under docker using the
default guacamole images.
Posted by Mike Jumper <mj...@apache.org>.
Do you know what version of MySQL server is in use? My understanding is
that the MySQL JDBC driver will automatically use TLS to connect to any
MySQL server configured to use TLS, with the exception of very old versions
of MySQL.
- Mike
On Thu, Mar 5, 2020, 17:39 Marcus Adams <ma...@mja.org.uk> wrote:
> Background
> Apache guacamole running under docker using the default guacamole images.
> External Microsoft Azure-managed MySQL database.
> Azure by default requires SSL connections to the managed db service.
> This can be disabled but that is not an option for this environment.
> Settings
> Docker-compose.yml has the following section:
>
> environment:
> - "GUACD_HOSTNAME=127.0.0.1"
> - "GUACD_PORT=4822"
> - "MYSQL_PORT=3306"
> - "MYSQL_DATABASE=guacamole"
> - "GUACAMOLE_HOME=/data"
> - "MYSQL_USER=******************"
> - "MYSQL_PASSWORD=******************"
> - "MYSQL_HOSTNAME=******************"
> Issue
> With it enabled in Azure I get the following:
>
> guacamole | 09:34:53.998 [http-nio-8080-exec-5] WARN
> o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider
> has encountered an internal error which will halt the authentication
> process. If this is unexpected or you are the developer of this
> authentication provider, you may wish to enable debug-level logging. If
> this is expected and you wish to ignore such failures in the future, please
> set "skip-if-unavailable: mysql" within your guacamole.properties.
> guacamole | 09:34:53.999 [http-nio-8080-exec-5] ERROR
> o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
> guacamole | ### Error querying database. Cause: java.sql.SQLException:
> SSL connection is required. Please specify SSL options and retry.
> guacamole | ### The error may exist in
> org/apache/guacamole/auth/jdbc/user/UserMapper.xml
> guacamole | ### The error may involve
> org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
> guacamole | ### The error occurred while executing a query
> guacamole | ### Cause: java.sql.SQLException: SSL connection is
> required. Please specify SSL options and retry.
> I know that (outside of docker) if i do a mysql client command line
> connection I can use the option --ssl and then everything connects ok.
>
> But as i’m very new to docker I’m stumped as to how to set that option in
> my docker-compose file.
>
> And my google fu has failed me and is taking me down rabbit holes about
> TLS access to the docker containers or setting https for websites.
>
> How do I enable the mysql connection to use ssl in my docker-compose.yml?
> Regards
> Marcus
>
>