Does the PHP client for MongoDB have support for SSL? Or is there a way to connect to MongoDB instance running in SSL?
I see in MongoDB docs that the client list does not specify for PHP (this link) but I am curious to see if anyone out there have tried or trying and to get an idea of the expected release etc.
Yes, the PHP driver supports this in the latest versions. In the connection string you should be able to add the "ssl" option like in the following two ways:
$m = new MongoClient( 'mongodb://localhost/?ssl=true' );
$m = new MongoClient( 'mongodb://localhost', array( 'ssl' => true ) );
Related
I'm having problems connecting a Php client app to an Ssl enabled ActiveMq installation. I've looked at many sources and am getting more confused as I go.
My setup so far uses authentication via users/groups.properties and authorizationPlugin. This works fine on regular connections
For ActiveMq Ssl I followed a few articles and created the Jks store and certs and also configured with the following
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/server.ks"
keyStorePassword="$STORE_PASS"
trustStore="file:${activemq.base}/conf/server.ts"
trustStorePassword="$STORE_PASS" />
</sslContext>
<transportConnector
name="stomp+ssl" uri="stomp+ssl://0.0.0.0:61617?needClientAuth=true"/>
I also tried the ACTIVEMQ_SSL_OPTS approach. Both load fine when starting the server. Logs show Sll connector started. I also checked the php cli to make sure Sll is enabled on stomp installation
The problem I'm having is with the Php stomp client. First, these are the articles I read.
http://activemq.apache.org/how-do-i-use-ssl.html
http://php.net/manual/en/stomp.construct.php
https://github.com/stomp-php/stomp-php/wiki/Connectivity
From my understanding, there are two php stomp libs based on the documentation I can't figure out how to set all this up. The php site docs simply give an example of using the constructor with ssl protocol
$link = stomp_connect('ssl://localhost:61612', $user, $pass, $headers);
This doesn't work, I get a null cert error in the logs.
The other article that uses FuseSource stomp has options for including a client cert when establishing a connection but after getting further into the article it looks like it's just to authenticate via Sll cert and not with a user/pass.
https://github.com/rethab/php-stomp-cert-example/blob/master/README.md
So I went back to the previous stomp installation thinking there's a way to pass the client cert files but there doesn't seem to be an interface for it and no docs on the headers param which I'm assuming is not how to go about this.
Can someone shed some light on were in this complex mess I went wrong.
I don't know if you're still interested, but just in case someone stumbles upon this question hoping for an answer.
We're using https://github.com/stomp-php/stomp-php/ for our Stomp connection and this is roughly how we create the client:
function createClient($broker_url, $login, $password) {
$client = new \Stomp\Client($broker_url);
$sslContext = [
'ssl' => [
'cafile' => '/path/to/cert',
'verify_peer' => true,
'verify_peer_name' => false,
'ciphers' => 'HIGH',
],
];
$client->getConnection()->setContext($sslContext);
$client->setLogin($login, $password);
$client->connect();
return new \Stomp\StatefulStomp($client);
}
$broker_url should be in the format ssl://host:port.
I'm using laravel 5.2 and MongoDB 3.2.
I want to test if connection with is ok before my app starts (i can't use DB facade), in the monolog configuration. If connection is not ok, i will use logging in file.
By recommendation, i'm testing MongoClient, Mongo and MongoDB\Client, and using whatever is enabled.
I'm trying to test mongo connect as the following:
$mongoClient = new \MongoDB\Client('mongodb://localhost:27017');
$mongoClient->selectCollection('mydb', 'mycollection');
That's the return:
Client {
+manager: Manager {#21}
+uri: "mongodb://localhost:27017"
+typeMap: [
array => "MongoDB\Model\BSONArray",
document => "MongoDB\Model\BSONDocument",
root => "MongoDB\Model\BSONDocument"
]
}
Finnaly, my questions:
Exists a way to use DB facade before app starts?
How and what is the right way to test MongoDB connection with PHP?
If you has another suggestion, i will be thankful.
According to PHP document, the driver connects to the database lazily (http://php.net/manual/en/mongodb-driver-manager.getservers.php), the only way to test connection should be actually execute commands like findOne() stated in yours comment.
In addition, if the name of DB or Collection is uncertain at the point, you can use listDatabases() method which also throws exceptions if connection fails.
using this way you can check MongoDB connection with PHP:
$connection = new MongoClient(); // connects to localhost:27017
$connection = new MongoClient( "mongodb://example.com" ); // connect to a remote host (default port: 27017)
$connection = new MongoClient( "mongodb://example.com:65432" ); // connect to a remote host at a given port
I'm connecting to a remote server using TLS1.1 on PHP 5.3.
When using Zend Framework 2, I get an error:
$client = new Client('https://www.example.com/');
$curlAdapter = new Client\Adapter\Curl();
$curlAdapter->setCurlOption(CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
$client->setAdapter($curlAdapter);
$client->send();
Result: Error in cURL request: SSL connect error
Adding this resolves the issue, but is obviously less secure
$curlAdapter->setCurlOption(CURLOPT_SSL_VERIFYHOST, 2);
$curlAdapter->setCurlOption(CURLOPT_SSL_VERIFYPEER,false);
Result: It works
Making the request using native PHP commands works fine:
$c = curl_init('https://www.example.com/');
$options = array(
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_1,
);
curl_setopt_array ($c ,$options );
curl_exec($c);
Returns the contents of the page.
So PHP works, but ZF2 doesn't unless VerifyPeer = false. What's the issue?
It is probably because you are missing one parameter:
CURLOPT_CAINFO => '/etc/ssl/certs/ca-bundle.pem' // replace with your cert.
It is also possible that you are using different php configurations (web / cli) that point to different places with the ssl certs. Some details are also available here: Security consequences of disabling CURLOPT_SSL_VERIFYPEER (libcurl/openssl)
Since we started using mongoDB a while back, a large part of our PHP codebase looks like this:
$mongo = new Mongo();
$coll = $mongo->mydb->mycoll;
The default is to connect via TCP to localhost:27017 which has worked just fine for us for a few years now. Due to speed considerations, I would like to switch to using Unix domain sockets which are supported like this:
$client = new MongoClient("mongodb:///tmp/mongodb-27017.sock");
Is there a way to make this work without having to specify the socket file in the code? The docs list mongo.default_host and mongo.default_port which can be set in php.ini so you can write:
$client = new MongoClient();
but that seems to be possible only for TCP connections. Or can I use these parameters to specify a socket file? If so, how?
As the title, I'm looking for a php Redis client that support persistent connection, because my web application receives a lot of requests(each request, it'll put an item in to Redis queue) and I want to avoid create new connection every request.
Not sure if this is supported but you should definitely look at Predis and Rediska, this two (especially Predis AFAIK) are the best PHP Redis clients available.
PhpRedis currently supports persistent connections. Using PHP 7.0 and PhpRedis 3.0, making a persistent connection with pconnect() like this:
for ($i=0;$i<1000;$i++) {
$redis = new Redis();
$result = $redis->pconnect('127.0.0.1');
$redis->set("iterator",$i);
$response=$redis->get("iterator");
$redis->close();
unset($redis);
}
is about 10 times faster (9.6 msec vs 0.83 msec per connection) than connect():
for ($i=0;$i<1000;$i++) {
$redis = new Redis();
$result = $redis->connect('127.0.0.1');
$redis->set("iterator",$i);
$response=$redis->get("iterator");
$redis->close();
unset($redis);
}
Note: "This feature is not available in threaded versions". (I'm running under IIS on Windows, so I run the NTS version.)
Predis supports persistent connection. you just need to add persistent paramater as 1.
you can use the code below
$client = new Predis\Client(array(
'scheme' => 'tcp',
'host' => '127.0.0.1',
'port' => 6379,
'database' => 15,
'persistent'=> 1
));
instead of
$client = new Predis\Client('tcp://127.0.0.1:6379?database=15');
you can find more parameters for the connection here :
https://github.com/nrk/predis/wiki/Connection-Parameters
Predis supports persistent connections using it's PhpiredisStreamConnection with the persistent=1 flag syntax since v0.8.0:
<?php
$client = new Predis\Client('tcp://127.0.0.1?persistent=1', array(
'connections' => array(
'tcp' => 'Predis\Connection\PhpiredisStreamConnection',
'unix' => 'Predis\Connection\PhpiredisStreamConnection',
),
);
PHP-Redis supports persistent connections since it uses a php extension written in C which gives it a mechanism for sharing connections between requests. Look at the documentation on popen and pconnect.
Predis cannot support persistent connections because it is 100% PHP and PHP shares nothing between each request.