dokku/dokku-postgres
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extend server certificate validity to 1000 years

Browse Source 
It is a self-signed, therefore not providing authentication, only traffic encryption.
The default validity (30 days) is too short.
As there is no auto-renewal mechanism, a longer default period is appropriate.
This commit is contained in:
Komlan Akpédjé KEDJI
2022-01-15 10:23:50 +01:00
committed by GitHub
parent 84101e17e9
commit 6fb12698f1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/enable_ssl.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
pushd /var/lib/postgresql/data >/dev/null pushd /var/lib/postgresql/data >/dev/null
openssl req -new -newkey rsa:4096 -x509 -nodes -out server.crt -keyout server.key -batch openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch
chmod 600 server.key chmod 600 server.key
sed -i "s/^#ssl = off/ssl = on/" postgresql.conf sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf