Merge branch 'mysql_attr_ssl_ca_env'

2022-03-02 21:52:33 +00:00 · 2022-03-02 21:52:33 +00:00 · 1cf6a0e4eb
commit 1cf6a0e4eb
parent 9e9e77c114 f1b23e4125
1 changed files with 19 additions and 1 deletions
--- a/content/docs/admin/security.md
+++ b/content/docs/admin/security.md
@ -25,6 +25,7 @@ If you'd like to be notified of new potential security concerns you can sign-up
 <li><a href="#failed-access-logging">Failed Access Logging</a></li> 
 <li><a href="#server-side-requests">Untrusted Server Side Requests</a></li> 
 <li><a href="#csp">Content Security Policy (CSP)</a></li> 
+ <li><a href="#mysql-ssl-connection">MySQL SSL connection</a></li> 
 </ul> 
  
 --- 
@ -240,4 +241,21 @@ The CSP headers set by BookStack are as follows:
 - Restricts what `<base>` tags can be added to a BookStack-served page. 
  
 If needed you should be able to set additional CSP headers via your webserver. 
-If there's a clash with an existing BookStack CSP header then browsers will generally favour the most restrictive policy. 
+If there's a clash with an existing BookStack CSP header then browsers will generally favour the most restrictive policy. 
+  
+--- 
+  
+<a name="mysql-ssl-connection"></a> 
+  
+### MySQL SSL Connection 
+  
+If your BookStack database is not on the same host as your web server, you may want to ensure the connection is encrypted using SSL between these systems. 
+Assuming SSL is configured correctly on your MySQL server, you can enable this by defining the `MYSQL_ATTR_SSL_CA` option in your `.env` file like so: 
+  
+```bash 
+# Path to Certificate Authority (CA) certificate file for your MySQL instance. 
+# When this option is used host name identity verification will be performed 
+# which checks the hostname, used by the client, against names within the 
+# certificate itself (Common Name or Subject Alternative Name). 
+MYSQL_ATTR_SSL_CA="/path/to/ca.pem" 
+```