This is a read-only copy of the MariaDB Knowledgebase generated on 2025-05-01. For the latest, interactive version please visit https://mariadb.com/kb/.

Connecting to MaxScale using TLS with MaxCtrl

Overview

MaxCtrl is a command-line utility that can perform administrative tasks using MaxScale's REST API. It is possible to connect to MaxScale using TLS with MaxCtrl.

Connecting to MaxScale using TLS

1. Create a basic or admin user, depending on what kind of user you need:

$ maxctrl create user "maxscale_rest_admin" "maxscale_rest_admin_password" --type=admin

Replace maxscale_rest_admin and maxscale_rest_admin_password with the desired user and password.

2. If you want to use MaxCtrl remotely, configure the REST API for remote connections. Several global parameters must be configured in maxscale.cnf.

ParameterDescription
admin_host• This parameter defines the network address that the REST API listens on.
• The default value is 127.0.0.1.
admin_port• This parameter defines the network port that the REST API listens on.
• The default value is 8989.

For example:

[maxscale]
...
admin_host            = 0.0.0.0
admin_port            = 8443

3. Enable TLS for MaxScale's REST API. Several global parameters must be configured in maxscale.cnf.

ParameterDescription
admin_ssl_key* This parameter defines the private key used by the REST API.
admin_ssl_cert* This parameter defines the certificate used by the REST API.
admin_ssl_ca_cert*This parameter defines the CA certificate that signed the REST API's certificate.

For example:

[maxscale]
...
admin_ssl_key=/certs/server-key.pem
admin_ssl_cert=/certs/server-cert.pem
admin_ssl_ca_cert=/certs/ca-cert.pem

4. Ensure that the client also has a TLS certificate, a private key, and the CA certificate.

5. Use MaxCtrl to connect with TLS:

$ maxctrl --secure \
   --user=maxscale_rest_admin \
   --password=maxscale_rest_admin_password \
   --hosts=192.0.2.100:8443
   --tls-key=/certs/client-key.pem \
   --tls-cert=/certs/client-cert.pem \
   --tls-ca-cert=/certs/ca.pem

Replace maxscale_rest_admin and maxscale_rest_admin_password with the actual user and password.

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.