Hi @GuillaumeGautreau,
Yes I’m trying to generate my first project with the CLI and it cannot connect to my MySQL DB, which requires to provide custom SSL certs.
Thanks for the precision @Pierre. While I’m trying to reproduce your issue, could you please clarify the exact version number of lumber that you are using?
You can execute lumber --version in your console.
There was a bug about ssl connection that has been fixed in lumber-cli in version 3.7.0, I just want to be sure that you are using a version that is newer or equal to this one.
In addition to that information, can you tell me if you can successfully connect to the SQL database locally, from the computer you are using to execute lumber generate?
Can you paste the error message you are obtaining? For the moment, with the latest version of lumber, ssl certificates are not verified so you don’t need to explicitly pass them to the CLI.
If you are using the last version of lumber, a connection error is more likely to occur because of an impossibility to contact the server, which is what I want to validate with you.
I can successfully connect from my computer to the DB with MySQL Workbench
And the error is:
✖ Connecting to your database
> Cannot connect to the database due to the following error:
> SequelizeAccessDeniedError: Access denied for user 'xxx'@'xxx.xxx.xxx.xxx' (using password: YES)
Maybe you could spin up a micro MySQL v8 instance on Google Cloud SQL, with SSL and exposed to the internet to reproduce this issue? otherwise feel free to send me a MP for a screenshare
The errors seems to indicate that there is no problem with the SSL certificates, but that your DB is not accepting the credentials you are sending, for the given IP address.
Can you check that:
the username and password you are using in mysql workbench and in lumber are the same?
that you are using the same way of connecting to the DB? Maybe you are using a SSH tunnel in workbench, that you are not using with lumber?
When I try to connect to the DB with SSL (in MySQL Workbench) without providing the certs and without verification, it doesn’t connect and returns the same error.
I strongly believe that it cannot connect without providing the certs (key, certificate, and CA).
PS: supporting SSL fully (with certs and verification) should not be an option, we are talking about DB access here!!
It looks like indeed lumber does not support SSL certificates when generating a project. I’ll turn this need into a feature request. Thank you for outlining that missing feature!
However, by design, ForestAdmin is built to generate a local version of your admin panel first, plugged onto a local database. Then you create a production environment that you plug onto your production database.
This means that in your case, you should (and that’s supposed to be the preferred way) have a local copy of your production database (ideally with a lighter and anonymised content), on which you would generate your project using lumber. Then, when putting this development project into production, you’d be able to edit the sequelize connection defined in the models/index.js file to include your ssl certificates (as described here for example)
Thanks for the details, I didn’t know the nitty-gritty details of Forest yet because I’ve been stuck at the project generation.
I will follow your recommendations to build the admin on a local DB! as long as the prod deployment can be secured properly with a small config tweak that’s fine