Created
September 2, 2024 15:32
-
-
Save pkellner/72b4cc4a92c0e471c2c7a44b7980007a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.9" | |
| services: | |
| mysqlsecure: | |
| image: mysql:8.0 | |
| container_name: mysqlsecure | |
| volumes: | |
| - ./data:/var/lib/mysql | |
| - ./certs:/etc/mysql/certs | |
| environment: | |
| - MYSQL_ROOT_PASSWORD=xxx | |
| - MYSQL_DATABASE=test | |
| - MYSQL_USER=test | |
| - MYSQL_PASSWORD=xxx | |
| command: | |
| - --ssl-ca=/etc/mysql/certs/ca.crt | |
| - --ssl-cert=/etc/mysql/certs/mysql.crt | |
| - --ssl-key=/etc/mysql/certs/mysql.key | |
| - --ssl=1 # Enable SSL for MySQL connections | |
| - --bind-address=0.0.0.0 # Allow connections from any host | |
| - --require_secure_transport=OFF # Enforce SSL connections ON or OFF | |
| ports: | |
| - 3306:3306 | |
| cert-gen: | |
| image: alpine | |
| volumes: | |
| - ./certs:/certs | |
| entrypoint: | |
| - /bin/sh | |
| - -c | |
| - | | |
| apk add --no-cache openssl && | |
| openssl genpkey -algorithm RSA -out /certs/mysql.key -pkeyopt rsa_keygen_bits:2048 && | |
| openssl req -new -key /certs/mysql.key -out /certs/mysql.csr -subj "/CN=mysql/O=myorg/C=US" && | |
| openssl x509 -req -in /certs/mysql.csr -signkey /certs/mysql.key -out /certs/mysql.crt -days 365 && | |
| openssl genpkey -algorithm RSA -out /certs/ca.key -pkeyopt rsa_keygen_bits:2048 && | |
| openssl req -new -x509 -key /certs/ca.key -out /certs/ca.crt -days 1095 -subj "/CN=Certificate Authority/O=myorg/C=US" && | |
| chmod 600 /certs/* && chown 999:999 /certs/* | |
| restart: "no" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment