3441be809d
Since the database can be exposed to the outer world, it seems better to have an encrypted connection to it. We automatically generate a self-signed certificate since it's only used to encrypt the connection but one can easily replace it by a custom one, just overwrite `server.crt` and `server.key` in the /var/lib/dokku/services/postgres/DB_NAME/data directory.
7 lines
285 B
Bash
Executable File
7 lines
285 B
Bash
Executable File
#!/bin/bash
|
|
cd /var/lib/postgresql/data
|
|
openssl req -new -newkey rsa:4096 -x509 -nodes -out server.crt -keyout server.key -batch
|
|
chmod 600 server.key
|
|
sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
|
|
sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf
|