• 注册
  • 技术宅 技术宅 关注:20 内容:853

    WordPress 利用SSL加密远程链接MySQL Server

  • 查看作者
  • 打赏作者
    • 1
    • 技术宅
    • 大版主
      完美的高逼格

      这是个标题中文的,只是为了自己看着方便。。。呱呱给了我个链接,全英文,看着好累

      (´・_・`)

      原标题:How to connect from WordPress to MySQL using SSL

      If you have a WordPress installation on one system, and a MySQL or MariaDB database server on another system, you may want to ensure that the data transfers between them are secure. SSL can be used to prevent eavesdropping and tampering on data. This guide will show the steps needed to configure WordPress to connect to a remote MySQL database using SSL.

      WordPress 利用SSL加密远程链接MySQL Server

      Assumptions

      This guide makes these assumptions:

      • You already have a self signed SSL CA certificate.

      • You are on Linux.

      • The PHP that WordPress runs on uses Mysqlnd (MySQL native driver) as the driver for MySQLi. Note that this is the default for default PHP installations starting from PHP 5.4.0. (If you need to check whether or not you are using Mysqlnd, refer to this Stack Overflow question for guidance: How to know if MySQLnd is the active driver?)

      The Plan

      If SSL is improperly configured, WordPress may give enigmatic error messages. For this reason, we recommend that you first attempt SSL connections without WordPress to make sure that the SSL connections actually work. Here's the plan:

      1. Attempt a remote connection to the MySQL server using the MySQL client program.

      2. Attempt a remote connection to the MYSQL server using PHP.

      3. If everything succeeds so far, finally configure WordPress to use SSL.

      Attempt remote connection using the MySQL client

      First, attempt a connection to the remote MySQL or MariaDB server to make sure that remote connections using the SSL certificate works:

      # On the command line, run:mysql --user john --host db.example.com --ssl-ca my-ca.crt --password

      If you were not able to connect to the remote database, you must first fix the issue that prevents the connection.

      Attempt remote connection using PHP

      Next, verify that PHP is able to connect to the remote database using SSL. Start the interactive PHP shell by running php -a. Then:

      // In the interactive PHP shell:$db = mysqli_init();mysqli_real_connect($db, 'db.example.com', 'john', '123456', NULL, NULL, NULL, MYSQLI_CLIENT_SSL);var_dump(mysqli_query($db, 'STATUS;'));  # Should show results if connection succeeded, not false.

      If there are errors in the interactive shell, you must resolve them.

      Configure WordPress to use SSL

      If all goes well so far, you can be confident that WordPress database connections will be unlikely to fail once configured. Now add your self signed SSL certificate to OpenSSL's trusted store:

      # On the command line, run:sudo mv my-ca.crt /usr/local/share/ca-certificates/
      sudo update-ca-certificates

      The system's trust store is where WordPress will look for SSL certificates. Important: The file name of the certificate must only end with a crt extension. my-ca.crt is fine, but my-ca.pem.crt and my-ca.pem are invalid!

      You must now instruct WordPress to use the system's trust store to connect to MySQL using SSL. Set the appropriate settings in the wp-config.php file of your WordPress installation:

      // In wp-config.php, add:define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);

      At this point, WordPress will connect to the MySQL server through an SSL connection.

      Discussion

      As far as I am aware, the method outlined above is the simplest way to get secure connections between WordPress and a remote MySQL database. An alternative to using SSL is to use a persistent (permanent) SSH tunnel between the system running WordPress and the system running the database server. While using SSH works for securing the connection, both anecdotal evidence and (admittedly unscientific) tests have shown that the SSH option is slower than the SSL option.


      大版主
      完美的高逼格

      原文链接: 链接

      回复

      请登录之后再进行评论

      登录
      技术宅
    • 今日 1
    • 帖子 853
    • 关注 20
    • 分享万事屋

    • 发表内容
    • 做任务
    • 实时动态
    • 偏好设置
    • 到底部
    • 帖子间隔 侧栏位置: