Update DBeaver guides to use authenticated local proxy. (#12037)
* docs(db): add postgres DBeaver guide * docs(db): update mysql and sql server dbeaver guides
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 63 KiB |
BIN
docs/img/database-access/dbeaver-pg-configure-server.png
Normal file
After Width: | Height: | Size: 921 KiB |
Before Width: | Height: | Size: 126 KiB |
Before Width: | Height: | Size: 53 KiB |
Before Width: | Height: | Size: 234 KiB After Width: | Height: | Size: 905 KiB |
|
@ -79,6 +79,25 @@ Ensure that your environment includes the following:
|
|||
<ScopedBlock scope={["oss", "enterprise"]}>
|
||||
|
||||
<Tabs>
|
||||
<TabItem label="Authenticated Proxy">
|
||||
Starting the local database proxy with the `--tunnel` flag will create an
|
||||
authenticated tunnel that you can use to connect to your database instances.
|
||||
You won't need to configure any credentials when connecting to this tunnel.
|
||||
|
||||
Here is an example on how to start the proxy:
|
||||
|
||||
```bash
|
||||
# First, login into the database.
|
||||
$ tsh db login <database-name>
|
||||
|
||||
# Then, start the local proxy.
|
||||
$ tsh proxy db --tunnel <database-name>
|
||||
Started authenticated tunnel for the <engine> database "<database-name>" in cluster "<cluster-name>" on 127.0.0.1:62652.
|
||||
```
|
||||
|
||||
You can then connect to the address the proxy command returns, in our example it
|
||||
is `127.0.0.1:62652`.
|
||||
</TabItem>
|
||||
<TabItem label="TLS routing">
|
||||
If you're using Teleport in [TLS routing](../../setup/operations/tls-routing.mdx)
|
||||
mode where each database protocol is multiplexed on the same web proxy port, use
|
||||
|
@ -178,6 +197,20 @@ certificate, key and root certificate from the configuration above:
|
|||
Click "Save", and pgAdmin should immediately connect. If pgAdmin prompts you
|
||||
for password, leave the password field empty and click OK.
|
||||
|
||||
## PostgreSQL DBeaver
|
||||
To connect to your PostgreSQL instance, use the authenticated proxy address.
|
||||
This is `127.0.0.1:62652` in the example above (see the “Authenticated Proxy”
|
||||
section on [Get connection information](./gui-clients.mdx#get-connection-information)
|
||||
for more information).
|
||||
|
||||
Use the "Database native" authentication with an empty password:
|
||||
|
||||
![DBeaver Postgres Configure
|
||||
Server](../../../img/database-access/dbeaver-pg-configure-server.png)
|
||||
|
||||
Clicking on "Test connection" should return a connection success message. Then,
|
||||
click on "Finish" to save the configuration.
|
||||
|
||||
## MySQL Workbench
|
||||
|
||||
[MySQL Workbench](https://www.mysql.com/products/workbench/) is a GUI
|
||||
|
@ -219,7 +252,8 @@ In the search bar of the "Connect to a database" window that opens up, type "mys
|
|||
|
||||
![DBeaver Select Driver](../../../img/database-access/dbeaver-select-driver.png)
|
||||
|
||||
In the newly-opened "Connection Settings" tab, copy the `Server Host` and `Port` from the `tsh db config` output into the DBeaver config fields:
|
||||
In the newly-opened "Connection Settings" tab, use the Host as `localhost` and
|
||||
Port as the one returned by the proxy command (`62652` in the example above):
|
||||
|
||||
![DBeaver Select Configure Server](../../../img/database-access/dbeaver-configure-server.png)
|
||||
|
||||
|
@ -233,20 +267,8 @@ Authentication" box, and click "Ok" to save:
|
|||
|
||||
![DBeaver Driver Settings](../../../img/database-access/dbeaver-driver-settings.png)
|
||||
|
||||
Once you are back in the "Connection Settings" window, navigate to the "Driver
|
||||
Properties" tab, scroll down to find the `enabledTLSProtocols` field and enter
|
||||
"TLSv1.2" into the `Value` field:
|
||||
|
||||
![DBeaver TLS Settings](../../../img/database-access/dbeaver-tls-settings.png)
|
||||
|
||||
Navigate to the "SSL" tab, check the "Use SSL" box, uncheck the "Verify Server
|
||||
Certificates" box, and copy the `CA Certificate`, `Client Certificate`, and
|
||||
`Client Private Key` paths from the output of the `tsh` command you ran at the
|
||||
beginning of this guide:
|
||||
|
||||
![DBeaver SSL](../../../img/database-access/dbeaver-ssl.png)
|
||||
|
||||
Click "Ok" to finish and DBeaver should connect to the remote MySQL server automatically.
|
||||
Once you are back in the "Connection Settings" window, click "Ok" to finish and
|
||||
DBeaver should connect to the remote MySQL server automatically.
|
||||
|
||||
## MongoDB Compass
|
||||
|
||||
|
@ -276,7 +298,7 @@ Click on the "Connect" button.
|
|||
## SQL Server DBeaver
|
||||
|
||||
In the DBeaver connection configuration menu, use your proxy's endpoint. This is
|
||||
`localhost:4242` in the example above. (See
|
||||
`localhost:62652` in the example above. (See
|
||||
[Get connection information](./gui-clients.mdx#get-connection-information) for
|
||||
more information.)
|
||||
|
||||
|
|