mirror of
https://github.com/fruworg/fruworg.github.io.git
synced 2024-11-16 17:37:17 +03:00
9c4706e826
On branch main Your branch is up to date with 'origin/main'. Changes to be committed: new file: .gitmodules new file: archetypes/default.md new file: config.toml new file: content/posts/ald-pro.md new file: content/posts/astra-fly.md new file: content/posts/astra-freeipa.md new file: content/posts/bareos-install.md new file: content/posts/cifs-automount.md new file: content/posts/create-user-keytab.md new file: content/posts/create-user-keytab.md.save new file: content/posts/dhcp-resolv.md new file: content/posts/github-ssh-auth.md new file: content/posts/ip-command.md new file: content/posts/linux-krb5.md new file: content/posts/linux-network.md new file: content/posts/linux-nfs.md.save new file: content/posts/linux-packages-rebuild.md new file: content/posts/lvm-base-commands.md new file: content/posts/pfx-to-pem.md new file: content/posts/pg-probackup-setup.md.save new file: content/posts/pg-probackup-setup.md.save.1 new file: content/posts/postgres-drop-db.md new file: content/posts/postgres-krb5.md new file: content/posts/postgres-ldaps.md new file: content/posts/postgres-pro-astra-se.md new file: content/posts/postgres-replication.md new file: content/posts/postgres-simple-backup.md new file: content/posts/postgres-tls.md new file: content/posts/reverse-shell-nc.md new file: content/posts/run-nologin.md new file: content/posts/security-solutions.md new file: content/posts/selfsigned-to-trusted.md new file: content/posts/ssh-2fa-totp.md new file: content/posts/ssh-auth-by-key.md new file: content/posts/ssh-fail2ban.md new file: content/posts/vmware-clipboard.md new file: content/posts/vmware-restart-date.md new file: content/posts/windows-disable-shutdown.md new file: static/0x952C15AB751A65F6 new file: static/favicon.ico new file: static/fruworg.png new file: themes/archie Changes not staged for commit: modified: themes/archie (modified content)
42 lines
1.3 KiB
Markdown
42 lines
1.3 KiB
Markdown
---
|
||
title: Соединение по TLS в Postgres Pro
|
||
description: С использованием scrum-sha-256
|
||
date: 2022-11-28T20:25:00+05:00
|
||
tags: [linux, postgres, tls]
|
||
---
|
||
## Создание сертификата
|
||
В этом посте я буду использовать самоподписанный сертификат, но сертификат от Let's Encrypt тоже подойдёт.
|
||
Сертификат и ключ желательно держать в той же папке, где лежат конфиги Postgres Pro.
|
||
``` shell
|
||
openssl req -x509 -newkey rsa:4096 -keyout <key>.pem -out <cert>.pem -sha256 -days 365
|
||
```
|
||
|
||
## Включение TLS
|
||
``` shell
|
||
ssl = on
|
||
ssl_cert_file = '<cert>.pem'
|
||
ssl_key_file = '<key>.pem'
|
||
listen_addresses = 'localhost, <master-ip>'
|
||
|
||
# /var/lib/pgpro/std-13/data/postgresql.conf
|
||
```
|
||
|
||
## Разрешение доступа через TLS
|
||
```shell
|
||
hostssl <user> <database> <client-ip> scram-sha-256
|
||
|
||
# /var/lib/pgpro/std-13/data/pg_hba.conf
|
||
```
|
||
|
||
## (ре)Генерация пароля
|
||
В случае, если до этого хеш-алгоритм пароля был не scram-sha-256, то необходимо пересоздать пароль:
|
||
```shell
|
||
psql -c \password
|
||
```
|
||
|
||
## Перезапуск Postgres Pro
|
||
```shell
|
||
systemctl restart postgres*
|
||
```
|
||
|