Introduction

The app should be able to connect to MySQL over TLS/SSL

User Story

There are several ways to implement a web application such as Xibo. In my particular setup, I already have MySQL infrastructure, and a cloud that can handle web applications. But Xibo is not setup to communicate with MySQL securely.

Additionally, you are unable to destroy the container and recreate it unless SQL is external. Otherwise, when you destroy the container, the data is gone.

In order to properly run the SQL server outside of the container, Xibo needs to be able to communicate with SQL over TLS/SSL. Otherwise, the only truly secure way to lock down Xibo is to either run SQL on the container itself, or to completely lock down the network it connects through.

I know this was suggested before, but I want to re-open the suggestion. Having SQL communicate securely should be a top priority to enhance the security of Xibo.

That isn’t the case. With our docker-compose files, data is preserved correctly.

Which is exactly what we do. We run a MySQL server on its own private network which only the CMS has access to, and where all communications are local so no TLS is required.

I will log an issue to investigate extra options for a secure connection, however, our supported and preferred method is using the suggested setup and so this is not a high priority for us.