MySQL Database Cluster + Laravel
I've setup a MySQL Database Cluster and an Ubuntu server with Apache and PHP 8.1.
When I SSH onto the Ubuntu server I'm able to connect to the cluster:
mysql --host=lin-***-mysql-primary-private.servers.linodedb.net --user=*** --password --ssl-mode=required
However, when I run php artisan migrate I get the following error:
Illuminate\Database\QueryException
SQLSTATE[HY000] [3159] Connections using insecure transport are prohibited while --require_secure_transport=ON. (SQL: select * from information_schema.tables where table_schema = xxx and table_name = migrations and table_type = 'BASE TABLE')
at vendor/laravel/framework/src/Illuminate/Database/Connection.php:712
708▕ // If an exception occurs when attempting to run a query, we'll format the error
709▕ // message to include the bindings with SQL, which will make this exception a
710▕ // lot more helpful to the developer instead of just the database's errors.
711▕ catch (Exception $e) {
➜ 712▕ throw new QueryException(
713▕ $query, $this->prepareBindings($bindings), $e
714▕ );
715▕ }
716▕ }
+33 vendor frames
34 artisan:37
Illuminate\Foundation\Console\Kernel::handle()
Having not setup any certificates, I'm not clear what I would add to my .env to config\database.php to get this working.
Any advice greatly appreciated.
4 Replies
Heya!
It's actually super simple, in the Linode UI there is a CA certificate to download, place that with your application.
Then add:
'sslmode' => env('DB_SSLMODE', 'prefer'),
'options' => array(
PDO::MYSQL_ATTR_SSL_CA => '/path/to/ca-cert.pem',
),
This should get you going :)
Hi,
Sorry to jump in on this, I have the same error when I download the certificate from the Database Cluster Summary page it comes down as a
xxx.crt
whereas you reference a
xxx.pem
is there something I need to do to the file to convert to pem or is it just a change the extension job? (note: I tried a rename and it's still not working hence the question - lol)
:-)
@webuyanyphone --
A .crt file is often PEM-encoded file, it's just called .crt so you know what's in the file. Same with .key. There are other encodings (like .der) but you probably don't need them unless the service you are configuring explicitly requires them.
The PEM encoded files produced by certbot (I'm assuming you have a LetsEncrypt cert here) include:
- cert.pem - your PEM-encoded cert…also the public key;
- privkey.pem - your private key
- chain.pem - the other intermediate certs that make up the cert chain of trust (not including the root); and
- fullchain.pem - your cert, plus the intermediate certs forming the complete chain of trust (this is often the file you need…but not always -- in my email configuration, I need all three of cert.pem, privkey.pem and fullchain.pem).
You can convert or combine these files in different ways depending on how you want to use them.
PEM is a TLA for Privacy Enhanced Mail.
-- sw