Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion backend/db.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ function generateDbConfig() {
user: cfg.user,
password: cfg.password,
database: cfg.name,
port: cfg.port
port: cfg.port,
...(cfg.ssl ? { ssl: cfg.ssl } : {})
},
migrations: {
tableName: 'migrations'
Expand Down
12 changes: 9 additions & 3 deletions backend/lib/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,14 @@ const configure = () => {
}
}

const envMysqlHost = process.env.DB_MYSQL_HOST || null;
const envMysqlUser = process.env.DB_MYSQL_USER || null;
const envMysqlName = process.env.DB_MYSQL_NAME || null;
const toBool = (v) => /^(1|true|yes|on)$/i.test((v || '').trim());

const envMysqlHost = process.env.DB_MYSQL_HOST || null;
const envMysqlUser = process.env.DB_MYSQL_USER || null;
const envMysqlName = process.env.DB_MYSQL_NAME || null;
const envMysqlSSL = toBool(process.env.DB_MYSQL_SSL);
const envMysqlSSLRejectUnauthorized = process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED === undefined ? true : toBool(process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED);
const envMysqlSSLVerifyIdentity = process.env.DB_MYSQL_SSL_VERIFY_IDENTITY === undefined ? true : toBool(process.env.DB_MYSQL_SSL_VERIFY_IDENTITY);
if (envMysqlHost && envMysqlUser && envMysqlName) {
// we have enough mysql creds to go with mysql
logger.info('Using MySQL configuration');
Expand All @@ -43,6 +48,7 @@ const configure = () => {
user: envMysqlUser,
password: process.env.DB_MYSQL_PASSWORD,
name: envMysqlName,
ssl: envMysqlSSL ? { rejectUnauthorized: envMysqlSSLRejectUnauthorized, verifyIdentity: envMysqlSSLVerifyIdentity } : false,
},
keys: getKeys(),
};
Expand Down
14 changes: 14 additions & 0 deletions docs/src/setup/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ services:
DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_NAME: "npm"
# Optional SSL (see section below)
# DB_MYSQL_SSL: 'true'
# DB_MYSQL_SSL_REJECT_UNAUTHORIZED: 'true'
# DB_MYSQL_SSL_VERIFY_IDENTITY: 'true'
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
Expand Down Expand Up @@ -98,6 +102,16 @@ Please note, that `DB_MYSQL_*` environment variables will take precedent over `D

:::

### Optional: MySQL / MariaDB SSL

You can enable TLS for the MySQL/MariaDB connection with these environment variables:

- DB_MYSQL_SSL: Enable SSL when set to true. If unset or false, SSL disabled (previous default behaviour).
- DB_MYSQL_SSL_REJECT_UNAUTHORIZED: (default: true) Validate the server certificate chain. Set to false to allow self‑signed/unknown CA.
- DB_MYSQL_SSL_VERIFY_IDENTITY: (default: true) Performs host name / identity verification.

Enabling SSL using a self-signed cert (not recommended for production).

## Using Postgres database

Similar to the MySQL server setup:
Expand Down