Thank you Massimo!There is a great detailed deployment recipe for SSH tunneling to your database server from a Heroku app instance (dyno). It works as of this post.10/8/17https://stackoverflow.com/questions/21575582/ssh-tunneling-from-heroku/46629121#46629121There are 2 issues/questions with this though:1) So now that I can tunnel in, I have a performance question: Since the mysql database server will be making all of its connections to localhost is that a single connection rather than multiple? Will I lose database read concurrency? If so, will either that or the SSH tunnels be a bottleneck and severely degrade my database performance?
2) SSH tends to be flaky and drop connections leaving a broken Web2py app instance. Any suggestions on best practices for handling that case?
It's too bad DAL doesn't support secure connections. Encrypted database connections are pretty standard nowadays and I see there are python mysql connectors that do. Has anyone successfully swapped out the one that ships with one of those?
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
require_secure_transport=true
tls_version=TLSv1,TLSv1.1,TLSv1.2
ssl-ca=install_path/ca-cert.pem
ssl-cert=install_path/cert.pem
ssl-key=install_path/key.pem
ssl = { 'cert': '
install_path/cert.pem', 'key': '
install_path/key.pem', 'ca': '
install_path/ca-cert.pem'}
Thanks Massimo.These are the steps and syntax to connect to Amazon's RDS using SSL.Step1:Download Amazons's CA certificate from here:and save it into web2py/applications/myapp/private/ssl/rds-combined-ca-bundle.pemStep2:Modify your model (db.py) as follows, using your own username, password, endpoint, and DBdriver_args = { 'ssl':{ 'ca': 'applications/ads/private/ssl/rds-combined-ca-bundle.pem'} }