MaxCtrl is a command-line utility that can perform administrative tasks using MaxScale's REST API. It is possible to connect to MaxScale using TLS with MaxCtrl.
Create a basic or admin user, depending on what kind of user you need:
$ maxctrl create user "maxscale_rest_admin" "maxscale_rest_admin_password" --type=admin
Replace maxscale_rest_admin and maxscale_rest_admin_password with the desired user and password.
If you want to use MaxCtrl remotely, configure the REST API for remote connections. Several global parameters must be configured in maxscale.cnf.
• This parameter defines the network address that the REST API listens on.• The default value is 127.0.0.1.
• This parameter defines the network port that the REST API listens on.• The default value is 8989.
For example:
[maxscale]
...
admin_host = 0.0.0.0
admin_port = 8443
Enable TLS for MaxScale's REST API. Several global parameters must be configured in maxscale.cnf.
* This parameter defines the private key used by the REST API.
* This parameter defines the certificate used by the REST API.
*This parameter defines the CA certificate that signed the REST API's certificate.
For example:
[maxscale]
...
admin_ssl_key=/certs/server-key.pem
admin_ssl_cert=/certs/server-cert.pem
admin_ssl_ca_cert=/certs/ca-cert.pem
Ensure that the client also has a TLS certificate, a private key, and the CA certificate.
Use MaxCtrl to connect with TLS:
$ maxctrl --secure \
--user=maxscale_rest_admin \
--password=maxscale_rest_admin_password \
--hosts=192.0.2.100:8443
--tls-key=/certs/client-key.pem \
--tls-cert=/certs/client-cert.pem \
--tls-ca-cert=/certs/ca.pem
Replace maxscale_rest_admin and maxscale_rest_admin_password
with the actual user and password.
This page is: Copyright © 2025 MariaDB. All rights reserved.