feat: accept db ssl config

config.sample.yml

@@ -22,6 +22,7 @@ port: 3000
 
 db:
   type: postgres
+
   # PostgreSQL / MySQL / MariaDB / MS SQL Server only:
   host: localhost
   port: 5432
@@ -29,6 +30,19 @@ db:
   pass: wikijsrocks
   db: wiki
   ssl: false
+
+  # Optional - PostgreSQL / MySQL / MariaDB only:
+  # -> Uncomment lines you need below and set `auto` to false
+  # -> Full list of accepted options: https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
+  sslOptions:
+    auto: true
+    # rejectUnauthorized: false
+    # ca: path/to/ca.crt
+    # cert: path/to/cert.crt
+    # key: path/to/key.pem
+    # pfx: path/to/cert.pfx
+    # passphrase: xyz123
+
   # SQLite only:
   storage: path/to/database.sqlite
 
@@ -95,7 +109,7 @@ logLevel: info
 uploads:
   # Maximum upload size in bytes per file (default: 5242880 (5 MB))
   maxFileSize: 5242880
-  # Maximum file uploads per request (default: 20)
+  # Maximum file uploads per request (default: 10)
   maxFiles: 10
 
 # ---------------------------------------------------------------------
@@ -109,5 +123,5 @@ offline: false
 # ---------------------------------------------------------------------
 # Data Path
 # ---------------------------------------------------------------------
-# Writeable data path for Wiki.js, mainly for cache and user uploads.
-dataPath: ./data
+# Writeable data path used for cache and temporary user uploads.
+dataPath: ./data

server/core/db.js

@@ -3,6 +3,7 @@ const autoload = require('auto-load')
 const path = require('path')
 const Promise = require('bluebird')
 const Knex = require('knex')
+const fs = require('fs')
 const Objection = require('objection')
 
 const migrationSource = require('../db/migrator-source')
@@ -34,13 +35,31 @@ module.exports = {
     }
 
     const dbUseSSL = (WIKI.config.db.ssl === true || WIKI.config.db.ssl === 'true' || WIKI.config.db.ssl === 1 || WIKI.config.db.ssl === '1')
+    let sslOptions = null
+    if (dbUseSSL && _.isPlainObject(dbConfig) && _.get(dbConfig, 'sslOptions.auto', null) === false) {
+      sslOptions = dbConfig.sslOptions
+      if (sslOptions.ca) {
+        sslOptions.ca = fs.readFileSync(path.resolve(WIKI.ROOTPATH, sslOptions.ca))
+      }
+      if (sslOptions.cert) {
+        sslOptions.cert = fs.readFileSync(path.resolve(WIKI.ROOTPATH, sslOptions.cert))
+      }
+      if (sslOptions.key) {
+        sslOptions.key = fs.readFileSync(path.resolve(WIKI.ROOTPATH, sslOptions.key))
+      }
+      if (sslOptions.pfx) {
+        sslOptions.pfx = fs.readFileSync(path.resolve(WIKI.ROOTPATH, sslOptions.pfx))
+      }
+    } else {
+      sslOptions = true
+    }
 
     switch (WIKI.config.db.type) {
       case 'postgres':
         dbClient = 'pg'
 
         if (dbUseSSL && _.isPlainObject(dbConfig)) {
-          dbConfig.ssl = true
+          dbConfig.ssl = sslOptions
         }
         break
       case 'mariadb':
@@ -48,7 +67,7 @@ module.exports = {
         dbClient = 'mysql2'
 
         if (dbUseSSL && _.isPlainObject(dbConfig)) {
-          dbConfig.ssl = true
+          dbConfig.ssl = sslOptions
         }
 
         // Fix mysql boolean handling...