> On Jun 13, 2024, at 6:47 AM, Daniel Gustafsson <daniel@yesql.se> wrote:
>
> While not strictly that, there was a patch not too long ago for teaching
> postgres the PROXY protocol.
As I understand it, PROXY protocol support would be nice if one connects through haproxy on standalone hosts, so that
postgrescould show the originating app servers as the client_addr / client_hostname. We used to have standalone host
haproxies,but moved to haproxy instances on each app node for performance and scalability reasons (many app nodes). I
guessit could also help if we were to run pgbouncer on the db nodes?
We're using haproxy to route connections to the appropriate database nodes - RW connections go to the current master in
thecluster, and RO are balanced between replicas. It seems that libpq could allow SSL on UNIX sockets which would
avoidhaving to utilize TCP for the local connections from the application to haproxy.
Is there any way to utilize sslmode=verify-full through something routing connections to the appropriate database
instances,whether that's with haproxy or something else?
--
Thanks,
- Casey