fruworg.github.io/content/posts/postgres-tls.md
root 9c4706e826 Committer: fruworg <im@fruw.org>
On branch main
Your branch is up to date with 'origin/main'.

Changes to be committed:
	new file:   .gitmodules
	new file:   archetypes/default.md
	new file:   config.toml
	new file:   content/posts/ald-pro.md
	new file:   content/posts/astra-fly.md
	new file:   content/posts/astra-freeipa.md
	new file:   content/posts/bareos-install.md
	new file:   content/posts/cifs-automount.md
	new file:   content/posts/create-user-keytab.md
	new file:   content/posts/create-user-keytab.md.save
	new file:   content/posts/dhcp-resolv.md
	new file:   content/posts/github-ssh-auth.md
	new file:   content/posts/ip-command.md
	new file:   content/posts/linux-krb5.md
	new file:   content/posts/linux-network.md
	new file:   content/posts/linux-nfs.md.save
	new file:   content/posts/linux-packages-rebuild.md
	new file:   content/posts/lvm-base-commands.md
	new file:   content/posts/pfx-to-pem.md
	new file:   content/posts/pg-probackup-setup.md.save
	new file:   content/posts/pg-probackup-setup.md.save.1
	new file:   content/posts/postgres-drop-db.md
	new file:   content/posts/postgres-krb5.md
	new file:   content/posts/postgres-ldaps.md
	new file:   content/posts/postgres-pro-astra-se.md
	new file:   content/posts/postgres-replication.md
	new file:   content/posts/postgres-simple-backup.md
	new file:   content/posts/postgres-tls.md
	new file:   content/posts/reverse-shell-nc.md
	new file:   content/posts/run-nologin.md
	new file:   content/posts/security-solutions.md
	new file:   content/posts/selfsigned-to-trusted.md
	new file:   content/posts/ssh-2fa-totp.md
	new file:   content/posts/ssh-auth-by-key.md
	new file:   content/posts/ssh-fail2ban.md
	new file:   content/posts/vmware-clipboard.md
	new file:   content/posts/vmware-restart-date.md
	new file:   content/posts/windows-disable-shutdown.md
	new file:   static/0x952C15AB751A65F6
	new file:   static/favicon.ico
	new file:   static/fruworg.png
	new file:   themes/archie

 Changes not staged for commit:
	modified:   themes/archie (modified content)
2023-07-26 20:55:24 +05:00

42 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Соединение по TLS в Postgres Pro
description: С использованием scrum-sha-256
date: 2022-11-28T20:25:00+05:00
tags: [linux, postgres, tls]
---
## Создание сертификата
В этом посте я буду использовать самоподписанный сертификат, но сертификат от Let's Encrypt тоже подойдёт.
Сертификат и ключ желательно держать в той же папке, где лежат конфиги Postgres Pro.
``` shell
openssl req -x509 -newkey rsa:4096 -keyout <key>.pem -out <cert>.pem -sha256 -days 365
```
## Включение TLS
``` shell
ssl = on
ssl_cert_file = '<cert>.pem'
ssl_key_file = '<key>.pem'
listen_addresses = 'localhost, <master-ip>'
# /var/lib/pgpro/std-13/data/postgresql.conf
```
## Разрешение доступа через TLS
```shell
hostssl <user> <database> <client-ip> scram-sha-256
# /var/lib/pgpro/std-13/data/pg_hba.conf
```
## (ре)Генерация пароля
В случае, если до этого хеш-алгоритм пароля был не scram-sha-256, то необходимо пересоздать пароль:
```shell
psql -c \password
```
## Перезапуск Postgres Pro
```shell
systemctl restart postgres*
```