docker-compose.yml
version: '2'
services:
jeedom-server:
container_name: jeedom-server
image: jeedom/jeedom:stable
networks:
- proxy
- internal
labels:
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.backend=jeedom-server"
- "traefik.frontend.rule=Host:jeedom.domain.com"
- "traefik.docker.network=proxy"
ports:
- "9070:80"
- "9022:22"
volumes:
- /home/docker/jeedom/data/jeedom:/var/www/html
depends_on:
- db
devices:
- "/dev/ttyUSB0:/dev/ttyUSB0"
- "/dev/ttyUSB1:/dev/ttyUSB1"
environment:
- ROOT_PASSWORD=mdpssh
mac_address: 03:45:aa:15:01:03
restart: always
db:
container_name: jeedom-mysql
image: mysql:5.7
command: --default-authentication-plugin=mysql_native_password
networks:
- internal
ports:
- "3306:3306"
volumes:
- /home/docker/jeedom/data/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=mdp_root_mysql
labels:
- traefik.enable=false
restart: always
networks:
proxy:
external: true
internal:
external: falseDans la doc Jeedom, cela n'est pas précisé, donc pensez au tag 5.7.
Aussi, ne pas démarrer un container avec le mode –privileged , tel qu'on peut le lire dans la doc Jeedom.
La ligne:
command: --default-authentication-plugin=mysql_native_password
est importante, car elle force à utiliser le mode d'authentification natif sur la base MYSQL.
La nouvelle méthode d'authentification utilise le sha-256 pour le hash des mots de passe. https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html
Une précision, à partir de MySQL 5.7, le modèle de sécurité a changé. Il n'est plus possible de se connecter en root autrement qu'en localhost.
On obtient l'erreur suivante:
ERROR 1045 (28000): Access denied for user 'root'@'172.17.0.1' (using password: YES)
Il faudrait accepter tous les clients:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';Cette solution n'est pas très secure.
La solution à adopter consiste à rajouter un utilisateur uniquement pour la base de données:
Connexion au conteneur mysql:
[root@powernas1 config]# docker exec -it jeedom-mysql /bin/bash
root@0ba7d5saed2a:/# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 18177
Server version: 5.7.25 MySQL Community Server (GPL)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> SELECT User, Host, authentication_string FROM mysql.user;
+---------------+-----------+-------------------------------------------+
| User | Host | authentication_string |
+---------------+-----------+-------------------------------------------+
| root | localhost | *BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| root | % | *BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)
mysql> CREATE USER 'jeedom'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON jeedom.* To 'jeedom'@'%' IDENTIFIED BY 'mdp_xxxxxxxxxx';
Query OK, 0 rows affected, 1 warning (0.00 sec)Dans /home/docker/jeedom/data/jeedom/core/config, modifier le fichier common.config.php
Suppression de l'utilisateur root@%/* * *********************** MySQL & Memcached ******************* */ global $CONFIG; $CONFIG = array( //MySQL parametres 'db' => array( 'host' => 'jeedom-mysql', 'port' => '3306', 'dbname' => 'jeedom', 'username' => 'jeedom', 'password' => 'mdp_xxxxxxxxxx', ), ); ?>
mysql> DROP USER 'root'@'%';
Query OK, 0 rows affected (0.00 sec)environment:
- MYSQL_ROOT_PASSWORD=mdp_root_mysql
- MYSQL_DATABASE=jeedom
- MYSQL_USER=jeedom
- MYSQL_PASSWORD=mdp_xxxxxxxxxx