Bhanu Murthy wrote:
> handsfree wrote:
>> We're looking to use streaming replication to a target via a secondary host
>> using stunnel.
> I could think of 2 possible solutions:
[...]
> 2. Use streaming replication config features to secure traffic (encrypted data over TCP)
>
> Master configuration on machine-A:
> =>Update replication line in pg_hba.conf to "hostssl"
>
> Slave configuration on machine-B:
> => primary_conninfo='host=machine-A port=5432 sslmode=require'
> or
> => primary_conninfo='host=machine-A port=5432 sslmode=verify-ca'
>
> You could then use cascading replication (available from postgres 9.2) from machine-B to machine-C.
That would be the best solution, but I ran into a problem with it:
http://www.postgresql.org/message-id/D960CB61B694CF459DCFB4B0128514C208A4E93C@exadv11.host.magwien.gv.at
It still works, but the replication connection is lost and restarted
whenever SSL renegotiation takes place.
I wasn't able to figure out what causes the problem.
Yours,
Laurenz Albe