enabling ssl

[nurtureJamesTan]

hi,

how do we enable ssl with your pgmaster instance?
and also slaves and pgpool?

this one works with main stream postgresql
https://markwoodbridge.com/2017/08/16/postgres-docker-ssl.html

but does not work here

[paunin]

looking on this: docker run -d --name postgres -v postgres:/var/lib/postgresql/data -v $PWD/server.crt:/var/lib/postgresql/data/server.crt -v $PWD/server.key:/var/lib/postgresql/data/server.key postgres:9-alpine -c ssl=on

I would suggest you to mount caert and keys whereever you want and configure the server with CONFIGS env variable:

#ssl = off				# (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
					# (change requires restart)
#ssl_prefer_server_ciphers = on		# (change requires restart)
#ssl_ecdh_curve = 'prime256v1'		# (change requires restart)
#ssl_cert_file = 'server.crt'		# (change requires restart)
#ssl_key_file = 'server.key'		# (change requires restart)
#ssl_ca_file = ''			# (change requires restart)
#ssl_crl_file = ''			# (change requires restart)

[iranzo]

I've used configs to define server.crt and server.key plus ssl=on, and when trying to attach a config secret with mode 0400 it complains that it cannot read it.

Container image should chown the files as it does with $PGDATA on entrypoint so that it can later read it properly

[iranzo]

Handled in #205