That would be terrible.
The whole setup is running on lxc containers and i thought using transit encryption and at rest encryption on mariadb-server would not hurt. Was fun figuring it out so far.
It’s been a while since i did vpn tunneling., and in case nextcloud cannot handle TLSv1.3 transit data encryption, what kind of tunnel would be best practice? Normal vpn setup, wireguard or something else?
i am seeing now parts of the DB fields filled out except the password field which remains empty and even if i enter the DB password manually and try to finish, nextcloud reports error.
SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'nextcloud.lxd'
and mariad-server shows,
[Warning] Access denied for user 'nextcloud'@'nextcloud.lxd' (using password: YES)
Maybe it is all just a config error in mariadb client.
I do wonder what this is for in config.php, not much about it in the Manual,
Thanks for the comment, didnt had much time lately to look into this problem. I really wish though to find a way to get nextcloud to connect to the remote DB with TLS.
I can reach the remote DB just fine with the nextcloud User.
--------------
mysql Ver 15.1 Distrib 10.5.8-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Connection id: 89
Current database:
Current user: nextcloud@nextcloud.lxd
SSL: Cipher in use is TLS_AES_256_GCM_SHA384
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.5.8-MariaDB-1:10.5.8+maria~focal mariadb.org binary distribution
Protocol version: 10
Connection: 10.0.0.150 via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8
Conn. characterset: utf8
TCP port: 3306
Uptime: 5 days 19 min 50 sec
Threads: 3 Questions: 162 Slow queries: 0 Opens: 116 Open tables: 110 Queries per second avg: 0.000
--------------
I do not know anything about how nexcloud connects to the db, if “mysql -unextcloud” is being run or how it connects and maybe it doesnt know where to find the certs?
Is something as simple as described here not in Nextcloud?
A simple option for TLS/SSL and another if certificate verification is wanted doesnt seem that much.
you can try if you can use a proxy like this https://github.com/sysown/proxysql
or another one you can connect locally unencrypted and the proxy software forwards it encrypted.
This indicates to me, with my zero knowledge of php/mysqli that there is a way and nextcloud should be able to handle it but so far access is denied by mariaDB.
Thanks devnull for the support, i’ll do some other work and come back to this later, hopefully my understanding of the settings in config.php have grown till then. Nextcloud documentation also seems vague to me.