Enable TLS with dev postgres container

This commit is contained in:
asonix 2024-01-15 18:15:36 -05:00
parent 19147e2035
commit f3cd2e3246
4 changed files with 28 additions and 1 deletions

1
.gitignore vendored
View file

@ -5,6 +5,7 @@
/docker/object-storage/storage
/docker/object-storage/pict-rs-garage.toml
/docker/object-storage/*.log
/docker/object-storage/out
/result
/.ash_history
/.direnv

View file

@ -0,0 +1,9 @@
FROM postgres:15-alpine
COPY --chown=0:70 --chmod=640 ./out/postgres.key ./etc/
COPY --chown=0:70 --chmod=640 ./out/postgres.crt ./etc/
COPY --chown=0:70 --chmod=640 ./out/pictrsCA.crt ./etc/
COPY --chown=0:70 --chmod=640 ./out/pictrsCA.crl ./etc/
CMD ["-c", "ssl=on", "-c", "ssl_cert_file=/etc/postgres.crt", "-c", "ssl_key_file=/etc/postgres.key", "-c", "ssl_ca_file=/etc/pictrsCA.crt", "-c", "ssl_crl_file=/etc/pictrsCA.crl"]

View file

@ -53,7 +53,9 @@ services:
- ./garage.toml:/etc/garage.toml
postgres:
image: postgres:15-alpine
build:
context: .
dockerfile: ./Dockerfile.postgres
ports:
- "5432:5432"
environment:

View file

@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -xe
certstrap init --common-name pictrsCA
certstrap request-cert --common-name postgres --domain localhost
certstrap sign postgres --CA pictrsCA
mkdir -p ./storage/
sudo mkdir -p ./storage/postgres
sudo tee ./storage/postgres/pg_hba.conf << EOF
host all all all trust
hostssl all all all cert clientcert=verify-full
EOF