Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You can specify <a href="https://github.com/brianmario/mysql2#ssl-options" rel="nofollow">some mysql2 SSL params</a> through the <code>DATABASE_URL</code> config. They will get added as items to the dynamic <code>database.yml</code> that is generated during the Heroku build process, and so they'll be passed when mysql2 connections are created.</p> <p>The only param you need to pass for this to work is <code>sslca</code> (not to be confused with <code>sslcapath</code>).</p> <p><strong>1. Download the <a href="http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport" rel="nofollow">Amazon RDS CA certificate</a> and bundle it with your app.</strong></p> <p>(Edit) Amazon will be <a href="http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.Rotation" rel="nofollow">rotating this certificate</a> in March 2015. You'll need the new file from that page instead of this one.</p> <p><code>curl https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem &gt; ./config/amazon-rds-ca-cert.pem</code></p> <p><strong>2. Add the file to git, and redeploy to Heroku.</strong></p> <p><strong>3. Change <code>DATABASE_URL</code> to pass <code>sslca</code>:</strong></p> <p><code>heroku config:add DATABASE_URL="mysql2://username:password@hostname/dbname?sslca=config/amazon-rds-ca-cert.pem -a &lt;app_id&gt;</code></p> <p>The relative path there is important—see below.</p> <p>That's it! Now that you have SSL working, you may want to enforce that all connections with that user only allow SSL:</p> <pre><code>GRANT USAGE ON dbname.* TO 'username'@'%' REQUIRE SSL; </code></pre> <hr> <p><em>Troubleshooting</em></p> <p>Make sure to pass a relative path to <code>sslca</code>! Otherwise, <code>rake assets:precompile</code> may break with an SSL error. If you receive an error like:</p> <pre><code>SSL connection error: ASN: bad other signature confirmation </code></pre> <p>or even just:</p> <pre><code>SSL connection error </code></pre> <p>...then there is likely something wrong with how the CA cert file is referenced.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload