1 месяц назад · 9875fa92f1
--- a/backend/db.js
+++ b/backend/db.js
@@ -21,7 +21,8 @@ const generateDbConfig = () => {
 
				 			user: cfg.user,
			
 
				 			password: cfg.password,
			
 
				 			database: cfg.name,
			
 
				-			port: cfg.port,
			
 
				+			port:     cfg.port,
			
 
				+			...(cfg.ssl ? { ssl: cfg.ssl } : {})
			
 
				 		},
			
 
				 		migrations: {
			
 
				 			tableName: "migrations",
			
--- a/backend/lib/config.js
+++ b/backend/lib/config.js
@@ -31,9 +31,14 @@ const configure = () => {
 
				 		}
			
 
				 	}
			
 
				 
			
 
				-	const envMysqlHost = process.env.DB_MYSQL_HOST || null;
			
 
				-	const envMysqlUser = process.env.DB_MYSQL_USER || null;
			
 
				-	const envMysqlName = process.env.DB_MYSQL_NAME || null;
			
 
				+	const toBool = (v) => /^(1|true|yes|on)$/i.test((v || '').trim());
			
 
				+
			
 
				+    const envMysqlHost					= process.env.DB_MYSQL_HOST || null;
			
 
				+    const envMysqlUser					= process.env.DB_MYSQL_USER || null;
			
 
				+    const envMysqlName					= process.env.DB_MYSQL_NAME || null;
			
 
				+    const envMysqlSSL					= toBool(process.env.DB_MYSQL_SSL);
			
 
				+    const envMysqlSSLRejectUnauthorized	= process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED === undefined ? true : toBool(process.env.DB_MYSQL_SSL_REJECT_UNAUTHORIZED);
			
 
				+    const envMysqlSSLVerifyIdentity		= process.env.DB_MYSQL_SSL_VERIFY_IDENTITY === undefined ? true : toBool(process.env.DB_MYSQL_SSL_VERIFY_IDENTITY);
			
 
				 	if (envMysqlHost && envMysqlUser && envMysqlName) {
			
 
				 		// we have enough mysql creds to go with mysql
			
 
				 		logger.info("Using MySQL configuration");
			
@@ -44,7 +49,8 @@ const configure = () => {
 
				 				port: process.env.DB_MYSQL_PORT || 3306,
			
 
				 				user: envMysqlUser,
			
 
				 				password: process.env.DB_MYSQL_PASSWORD,
			
 
				-				name: envMysqlName,
			
 
				+				name:     envMysqlName,
			
 
				+				ssl:      envMysqlSSL ? { rejectUnauthorized: envMysqlSSLRejectUnauthorized, verifyIdentity: envMysqlSSLVerifyIdentity } : false,
			
 
				 			},
			
 
				 			keys: getKeys(),
			
 
				 		};
			
--- a/docs/src/setup/index.md
+++ b/docs/src/setup/index.md
@@ -75,6 +75,10 @@ services:
 
				       DB_MYSQL_USER: "npm"
			
 
				       DB_MYSQL_PASSWORD: "npm"
			
 
				       DB_MYSQL_NAME: "npm"
			
 
				+      # Optional SSL (see section below)
			
 
				+      # DB_MYSQL_SSL: 'true'
			
 
				+      # DB_MYSQL_SSL_REJECT_UNAUTHORIZED: 'true'
			
 
				+      # DB_MYSQL_SSL_VERIFY_IDENTITY: 'true'
			
 
				       # Uncomment this if IPv6 is not enabled on your host
			
 
				       # DISABLE_IPV6: 'true'
			
 
				     volumes:
			
@@ -102,6 +106,16 @@ Please note, that `DB_MYSQL_*` environment variables will take precedent over `D
 
				 
			
 
				 :::
			
 
				 
			
 
				+### Optional: MySQL / MariaDB SSL
			
 
				+
			
 
				+You can enable TLS for the MySQL/MariaDB connection with these environment variables:
			
 
				+
			
 
				+- DB_MYSQL_SSL: Enable SSL when set to true. If unset or false, SSL disabled (previous default behaviour).
			
 
				+- DB_MYSQL_SSL_REJECT_UNAUTHORIZED: (default: true) Validate the server certificate chain. Set to false to allow self‑signed/unknown CA.
			
 
				+- DB_MYSQL_SSL_VERIFY_IDENTITY: (default: true) Performs host name / identity verification.
			
 
				+
			
 
				+Enabling SSL using a self-signed cert (not recommended for production).
			
 
				+
			
 
				 ## Using Postgres database
			
 
				 
			
 
				 Similar to the MySQL server setup: