From 801cb8e4874fafb4cf8c93bd447184aa6a035ded Mon Sep 17 00:00:00 2001 From: Matthew Penner Date: Sat, 17 Jul 2021 11:01:23 -0600 Subject: [PATCH] config: add ssl/tls options for mysql and redis (#3464) --- composer.json | 1 + config/cache.php | 9 ++++++++- config/database.php | 41 +++++++++++++++++++++++++++++++++++++---- config/session.php | 5 ++--- 4 files changed, 48 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index 0a26585d..5c077a4b 100644 --- a/composer.json +++ b/composer.json @@ -14,6 +14,7 @@ "php": "^7.4 || ^8.0", "ext-json": "*", "ext-mbstring": "*", + "ext-pdo": "*", "ext-pdo_mysql": "*", "ext-zip": "*", "aws/aws-sdk-php": "^3.171", diff --git a/config/cache.php b/config/cache.php index bf429c4b..05652226 100644 --- a/config/cache.php +++ b/config/cache.php @@ -10,7 +10,7 @@ return [ | using this caching library. This connection is used when another is | not explicitly specified when executing a given caching function. | - | Supported: "apc", "array", "database", "file", "memcached", "redis" + | Supported: "apc", "array", "database", "file", "memcached", "redis", "octane" | */ @@ -34,12 +34,14 @@ return [ 'array' => [ 'driver' => 'array', + 'serialize' => false, ], 'database' => [ 'driver' => 'database', 'table' => 'cache', 'connection' => null, + 'lock_connection' => null, ], 'file' => [ @@ -69,6 +71,7 @@ return [ 'redis' => [ 'driver' => 'redis', 'connection' => 'default', + 'lock_connection' => 'default', ], 'sessions' => [ @@ -76,6 +79,10 @@ return [ 'table' => 'sessions', 'connection' => env('SESSION_DRIVER') === 'redis' ? 'sessions' : null, ], + + 'octane' => [ + 'driver' => 'octane', + ], ], /* diff --git a/config/database.php b/config/database.php index d404a37f..68f65a2e 100644 --- a/config/database.php +++ b/config/database.php @@ -1,5 +1,6 @@ [ 'mysql' => [ 'driver' => 'mysql', + 'url' => env('DATABASE_URL'), 'host' => env('DB_HOST', '127.0.0.1'), - 'unix_socket' => env('DB_SOCKET'), 'port' => env('DB_PORT', '3306'), 'database' => env('DB_DATABASE', 'panel'), 'username' => env('DB_USERNAME', 'pterodactyl'), 'password' => env('DB_PASSWORD', ''), + 'unix_socket' => env('DB_SOCKET', ''), 'charset' => 'utf8mb4', 'collation' => 'utf8mb4_unicode_ci', 'prefix' => env('DB_PREFIX', ''), + 'prefix_indexes' => true, 'strict' => env('DB_STRICT_MODE', false), 'timezone' => env('DB_TIMEZONE', Time::getMySQLTimezoneOffset(env('APP_TIMEZONE', 'UTC'))), + 'sslmode' => env('DB_SSLMODE', 'prefer'), + 'options' => extension_loaded('pdo_mysql') ? array_filter([ + PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'), + PDO::MYSQL_ATTR_SSL_CERT => env('MYSQL_ATTR_SSL_CERT'), + PDO::MYSQL_ATTR_SSL_KEY => env('MYSQL_ATTR_SSL_KEY'), + PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => env('MYSQL_ATTR_SSL_VERIFY_SERVER_CERT', true), + ]) : [], ], /* @@ -97,24 +107,47 @@ return [ */ 'redis' => [ - 'client' => 'predis', + 'client' => env('REDIS_CLIENT', 'predis'), + + 'options' => [ + 'cluster' => env('REDIS_CLUSTER', 'redis'), + 'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'), + ], 'default' => [ 'scheme' => env('REDIS_SCHEME', 'tcp'), 'path' => env('REDIS_PATH', '/run/redis/redis.sock'), 'host' => env('REDIS_HOST', 'localhost'), - 'password' => env('REDIS_PASSWORD', null), + 'password' => env('REDIS_PASSWORD'), 'port' => env('REDIS_PORT', 6379), 'database' => env('REDIS_DATABASE', 0), + 'context' => extension_loaded('redis') && env('REDIS_CLIENT') === 'phpredis' ? [ + 'stream' => array_filter([ + 'verify_peer' => env('REDIS_VERIFY_PEER', true), + 'verify_peer_name' => env('REDIS_VERIFY_PEER_NAME', true), + 'cafile' => env('REDIS_CAFILE'), + 'local_cert' => env('REDIS_LOCAL_CERT'), + 'local_pk' => env('REDIS_LOCAL_PK'), + ]), + ] : [], ], 'sessions' => [ 'scheme' => env('REDIS_SCHEME', 'tcp'), 'path' => env('REDIS_PATH', '/run/redis/redis.sock'), 'host' => env('REDIS_HOST', 'localhost'), - 'password' => env('REDIS_PASSWORD', null), + 'password' => env('REDIS_PASSWORD'), 'port' => env('REDIS_PORT', 6379), 'database' => env('REDIS_DATABASE_SESSIONS', 1), + 'context' => extension_loaded('redis') && env('REDIS_CLIENT') === 'phpredis' ? [ + 'stream' => array_filter([ + 'verify_peer' => env('REDIS_VERIFY_PEER', true), + 'verify_peer_name' => env('REDIS_VERIFY_PEER_NAME', true), + 'cafile' => env('REDIS_CAFILE'), + 'local_cert' => env('REDIS_LOCAL_CERT'), + 'local_pk' => env('REDIS_LOCAL_PK'), + ]), + ] : [], ], ], ]; diff --git a/config/session.php b/config/session.php index 8605db59..9d99eaf8 100644 --- a/config/session.php +++ b/config/session.php @@ -10,8 +10,7 @@ return [ | requests. By default, we will use the lightweight native driver but | you may specify any of the other wonderful drivers provided here. | - | Supported: "file", "cookie", "database", "apc", - | "memcached", "redis", "array" + | Supported: "file", "cookie", "database", "apc", "memcached", "redis", "array" | */ @@ -147,7 +146,7 @@ return [ | */ - 'domain' => env('SESSION_DOMAIN', null), + 'domain' => env('SESSION_DOMAIN'), /* |--------------------------------------------------------------------------