diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 88d1aaacd..e51c79c62 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -138,6 +138,7 @@ Flowise support different environment variables to configure your instance. You | DATABASE_USER | Database username (When DATABASE_TYPE is not sqlite) | String | | | DATABASE_PASSWORD | Database password (When DATABASE_TYPE is not sqlite) | String | | | DATABASE_NAME | Database name (When DATABASE_TYPE is not sqlite) | String | | +| DATABASE_SSL_KEY_BASE64 | Database SSL client cert in base64 (takes priority over DATABASE_SSL) | Boolean | false | | DATABASE_SSL | Database connection overssl (When DATABASE_TYPE is postgre) | Boolean | false | | SECRETKEY_PATH | Location where encryption key (used to encrypt/decrypt credentials) is saved | String | `your-path/Flowise/packages/server` | | FLOWISE_SECRETKEY_OVERWRITE | Encryption key to be used instead of the key stored in SECRETKEY_PATH | String | diff --git a/docker/.env.example b/docker/.env.example index 0fe69dd1f..c703ae4b5 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -13,6 +13,7 @@ LOG_PATH=/root/.flowise/logs # DATABASE_USER="" # DATABASE_PASSWORD="" # DATABASE_SSL=true +# DATABASE_SSL_KEY_BASE64= # FLOWISE_USERNAME=user # FLOWISE_PASSWORD=1234 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index c8c88bf37..99b7c5a83 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -17,6 +17,7 @@ services: - DATABASE_USER=${DATABASE_USER} - DATABASE_PASSWORD=${DATABASE_PASSWORD} - DATABASE_SSL=${DATABASE_SSL} + - DATABASE_SSL_KEY_BASE64=${DATABASE_SSL_KEY_BASE64} - APIKEY_PATH=${APIKEY_PATH} - SECRETKEY_PATH=${SECRETKEY_PATH} - FLOWISE_SECRETKEY_OVERWRITE=${FLOWISE_SECRETKEY_OVERWRITE} diff --git a/packages/server/.env.example b/packages/server/.env.example index ed54ac66a..58812cabf 100644 --- a/packages/server/.env.example +++ b/packages/server/.env.example @@ -13,6 +13,7 @@ PORT=3000 # DATABASE_USER="" # DATABASE_PASSWORD="" # DATABASE_SSL=true +# DATABASE_SSL_KEY_BASE64= # FLOWISE_USERNAME=user # FLOWISE_PASSWORD=1234 diff --git a/packages/server/src/DataSource.ts b/packages/server/src/DataSource.ts index 762315ac9..4cd9225fd 100644 --- a/packages/server/src/DataSource.ts +++ b/packages/server/src/DataSource.ts @@ -46,7 +46,18 @@ export const init = async (): Promise => { username: process.env.DATABASE_USER, password: process.env.DATABASE_PASSWORD, database: process.env.DATABASE_NAME, - ssl: process.env.DATABASE_SSL === 'true', + ...(process.env.DATABASE_SSL_KEY_BASE64 + ? { + ssl: { + rejectUnauthorized: false, + cert: Buffer.from(process.env.DATABASE_SSL_KEY_BASE64, 'base64') + } + } + : process.env.DATABASE_SSL === 'true' + ? { + ssl: true + } + : {}), synchronize: false, migrationsRun: false, entities: Object.values(entities), diff --git a/packages/server/src/commands/start.ts b/packages/server/src/commands/start.ts index 08cd82989..09ce2aa4c 100644 --- a/packages/server/src/commands/start.ts +++ b/packages/server/src/commands/start.ts @@ -36,6 +36,7 @@ export default class Start extends Command { DATABASE_USER: Flags.string(), DATABASE_PASSWORD: Flags.string(), DATABASE_SSL: Flags.string(), + DATABASE_SSL_KEY_BASE64: Flags.string(), LANGCHAIN_TRACING_V2: Flags.string(), LANGCHAIN_ENDPOINT: Flags.string(), LANGCHAIN_API_KEY: Flags.string(), @@ -107,6 +108,7 @@ export default class Start extends Command { if (flags.DATABASE_USER) process.env.DATABASE_USER = flags.DATABASE_USER if (flags.DATABASE_PASSWORD) process.env.DATABASE_PASSWORD = flags.DATABASE_PASSWORD if (flags.DATABASE_SSL) process.env.DATABASE_SSL = flags.DATABASE_SSL + if (flags.DATABASE_SSL_KEY_BASE64) process.env.DATABASE_SSL_KEY_BASE64 = flags.DATABASE_SSL_KEY_BASE64 // Langsmith tracing if (flags.LANGCHAIN_TRACING_V2) process.env.LANGCHAIN_TRACING_V2 = flags.LANGCHAIN_TRACING_V2