The app should be able to connect to MySQL over TLS/SSL
There are several ways to implement a web application such as Xibo. In my particular setup, I already have MySQL infrastructure, and a cloud that can handle web applications. But Xibo is not setup to communicate with MySQL securely.
Additionally, you are unable to destroy the container and recreate it unless SQL is external. Otherwise, when you destroy the container, the data is gone.
In order to properly run the SQL server outside of the container, Xibo needs to be able to communicate with SQL over TLS/SSL. Otherwise, the only truly secure way to lock down Xibo is to either run SQL on the container itself, or to completely lock down the network it connects through.
I know this was suggested before, but I want to re-open the suggestion. Having SQL communicate securely should be a top priority to enhance the security of Xibo.
We run a MySQL server on its own private network which only the CMS has access to, and where all communications are local so no TLS is required.
Right, but that forces deployment to fit into just your method of deployment. There are way more ways to deploy this application than just docker, as acknowledged by your documentation (CMS Installation), even if they aren’t ‘officially’ supported. But without network isolation, those installations will be insecure.
It seems silly to even allow connections to an external SQL database if you can’t support secure connections…