Обсуждение: psql connect over ssl load balancer

Поиск
Список
Период
Сортировка

psql connect over ssl load balancer

От
"dzagashev@gmail.com"
Дата:
Hi.

I want to secure connections to postgress server usings SSL.
My server is deployed on google cloud behind SSL load balancer, which 
terminates SSL connections (using SSL certificates, issued by google) 
and forwards decrypted traffic to the posgres server.

I can connect without problems from nodejs using TLS socket.

But standard psql client don't working:

$ PGSSLMODE=require psql -h proxy.softvisio.net

psql: error: connection to server at "proxy.softvisio.net" 
(34.149.158.159), port 5432 failed: server closed the connection 
unexpectedly
         This probably means the server terminated abnormally
         before or while processing the request.


Seems, that psql will not work withour private keys? But I am not sure.

Could somebody help me to understand, how I can use it?

Re: psql connect over ssl load balancer

От
Tom Lane
Дата:
"dzagashev@gmail.com" <dzagashev@gmail.com> writes:
> I want to secure connections to postgress server usings SSL.
> My server is deployed on google cloud behind SSL load balancer, which 
> terminates SSL connections (using SSL certificates, issued by google) 
> and forwards decrypted traffic to the posgres server.
> But standard psql client don't working:
> $ PGSSLMODE=require psql -h proxy.softvisio.net

That isn't going to work, because PG wraps the SSL handshake inside
its own protocol.  You could set up an SSL tunnel and let psql think
it's making a non-encrypted connection.

            regards, tom lane

Re: psql connect over ssl load balancer

От
"dzagashev@gmail.com"
Дата:
Ah, thanks.
This will make thing more complex.

On 23.05.2022 20:32, Tom Lane wrote:
> "dzagashev@gmail.com" <dzagashev@gmail.com> writes:
>> I want to secure connections to postgress server usings SSL.
>> My server is deployed on google cloud behind SSL load balancer, which
>> terminates SSL connections (using SSL certificates, issued by google)
>> and forwards decrypted traffic to the posgres server.
>> But standard psql client don't working:
>> $ PGSSLMODE=require psql -h proxy.softvisio.net
> 
> That isn't going to work, because PG wraps the SSL handshake inside
> its own protocol.  You could set up an SSL tunnel and let psql think
> it's making a non-encrypted connection.
> 
>             regards, tom lane