security: add MYSQL_ATTR_SSL_CA

diff --git a/content/docs/admin/security.md b/content/docs/admin/security.md
index f9319e48d22dbd42ba3ed8b5805d695b36aa0328..b0943b19d1397af3d8a515ed72f797a30825104c 100644 (file)
--- a/content/docs/admin/security.md
+++ b/content/docs/admin/security.md
@@ -25,6 +25,7 @@ If you'd like to be notified of new potential security concerns you can sign-up
     <li><a href="#failed-access-logging">Failed Access Logging</a></li>
     <li><a href="#server-side-requests">Untrusted Server Side Requests</a></li>
     <li><a href="#csp">Content Security Policy (CSP)</a></li>
+    <li><a href="#mysql-ssl-connection">MySQL SSL connection</a></li>
 </ul>
 
 ---
@@ -239,4 +240,18 @@ The CSP headers set by BookStack are as follows:
   - Restricts what `<base>` tags can be added to a BookStack-served page.
 
 If needed you should be able to set additional CSP headers via your webserver.
-If there's a clash with an existing BookStack CSP header then browsers will generally favour the most restrictive policy.
\ No newline at end of file
+If there's a clash with an existing BookStack CSP header then browsers will generally favour the most restrictive policy.
+
+---
+
+<a name="mysql-ssl-connection"></a>
+
+### MySQL SSL Connection
+
+If your bookstack database is not on the same host as your web server, you may want to enable encrypted connection 
+via SSL between your web server and your MySQL server.
+Assuming SSL is configured correctly on your MySQL server, you can enable this by defining the `MYSQL_ATTR_SSL_CA` option in your `.env` file like so:
+
+```bash
+MYSQL_ATTR_SSL_CA="/path/to/ca.pem"
+```
\ No newline at end of file