Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Blame Permalink
  • Matus Jenca's avatar
    d23433ac
    Add frontend TLS ability to ProxySQL · d23433ac
    Matus Jenca authored 
    This patch ads an ability to receive TLS connections
to ProxySQL. Certificates and variable lookups are
added in order for TLS to be enabled by
<project_name>_database_internal_tls_enable.
Note that in order for this to work, mysql
connection strings need to have TLS enabled,
which can be added in separate per-service patches

Change-Id: I2c06ce5e138f52259c1725dae37f25c1b00d1e6b
    d23433ac
    History
    Add frontend TLS ability to ProxySQL
    Matus Jenca authored 
    This patch ads an ability to receive TLS connections
to ProxySQL. Certificates and variable lookups are
added in order for TLS to be enabled by
<project_name>_database_internal_tls_enable.
Note that in order for this to work, mysql
connection strings need to have TLS enabled,
which can be added in separate per-service patches

Change-Id: I2c06ce5e138f52259c1725dae37f25c1b00d1e6b
proxysql.json.j2 2.22 KiB 
{
    "command": "/etc/proxysql_run.sh",
    "config_files": [
        {
            "source": "{{ container_config_directory }}/proxysql_run.sh",
            "dest": "/etc/proxysql_run.sh",
            "owner": "proxysql",
            "perm": "0700"
        },
        {
            "source": "{{ container_config_directory }}/proxysql.yaml",
            "dest": "/etc/proxysql/proxysql.yaml",
            "owner": "proxysql",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/users/",
            "dest": "/etc/proxysql/users",
            "owner": "proxysql",
            "perm": "0700"
        },
        {
            "source": "{{ container_config_directory }}/rules/",
            "dest": "/etc/proxysql/rules",
            "owner": "proxysql",
            "perm": "0700"
        }
        {% if database_enable_tls_backend | bool %},
        {
            "source": "{{ container_config_directory }}/ca-certificates/root.crt",
            "dest": "/etc/proxysql/certs/root.crt",
            "owner": "proxysql",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/mariadb-cert.pem",
            "dest": "/etc/proxysql/certs/mariadb-cert.pem",
            "owner": "proxysql",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/mariadb-key.pem",
            "dest": "/etc/proxysql/certs/mariadb-key.pem",
            "owner": "proxysql",
            "perm": "0600"
        }{% endif %}
        {% if database_enable_tls_internal | bool %},
        {
            "source": "{{ container_config_directory }}/ca-certificates/root.crt",
            "dest": "/var/lib/proxysql/proxysql-ca.pem",
            "owner": "proxysql",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/proxysql-cert.pem",
            "dest": "/var/lib/proxysql/proxysql-cert.pem",
            "owner": "proxysql",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/proxysql-key.pem",
            "dest": "/var/lib/proxysql/proxysql-key.pem",
            "owner": "proxysql",
            "perm": "0600"
        }{% endif %}
    ]
}