If you want to use secure SSL/TLS connections with MySQL when connecting to ONLYOFFICE Docs, follow these steps:
- If MySQL is installed with SSL enabled, it provides self-signed certificates in
/var/lib/mysql/ including the certificate authority ca.pem certificate, server certificates and client certificates: ca-key.pem, ca.pem, client-cert.pem, client-key.pem, private_key.pem, public_key.pem, server-cert.pem, server-key.pem.
To connect via SSL, only ca.pem is required, but for additional protection and establishing trust, it is recommended to use client-cert.pem and client-key.pem. They must be converted to a string, for example, in the following way:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ca.pem
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' client-cert.pem
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' client-key.pem
-
Add the certificate to the document server
local.json config:
{
"services": {
"CoAuthoring": {
"sql": {
"type": "mysql",
"dbHost": "onlyoffice.local",
"dbPort": "3306",
"dbName": "onlyoffice",
"dbUser": "onlyoffice",
"dbPass": "onlyoffice",
"mysqlExtraOptions": {
"ssl": {
"ca": "-----BEGIN CERTIFICATE-----\n...ca.pem...\n-----END CERTIFICATE-----\n\n",
"cert": "-----BEGIN CERTIFICATE-----\n...client-cert.pem...-----END CERTIFICATE-----\n\n",
"key": "-----BEGIN RSA PRIVATE KEY-----\n...client-key.pem...\n-----END RSAD RSA PRIVATE KEY-----\n\n"
}
}
...
- Restart services:
systemctl restart ds-converter ds-docservice ds-example ds-metrics