Enable SSL for connections to database
Since the database can be exposed to the outer world, it seems better to have an encrypted connection to it. We automatically generate a self-signed certificate since it's only used to encrypt the connection but one can easily replace it by a custom one, just overwrite `server.crt` and `server.key` in the /var/lib/dokku/services/postgres/DB_NAME/data directory.
This commit is contained in:
Loïc Guitaut
6
scripts/enable_ssl.sh
Executable file
6
scripts/enable_ssl.sh
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
cd /var/lib/postgresql/data
|
||||
openssl req -new -newkey rsa:4096 -x509 -nodes -out server.crt -keyout server.key -batch
|
||||
chmod 600 server.key
|
||||
sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
|
||||
sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf
|
||||
Reference in New Issue
Block a user