Regarding SSL Enablement in PostgreSQL Database on different port
Hi PostgreSQL Team,
I want to enable SSL in PostgreSQL Database on a new port.
I don’t want the default port that is 5432 SSL enabled, but I want to
configure another port to enable SSL on it.
As per my requirement, I cannot use the same port for normal connection and
SSL connection.
Hence, we require a new port to be SSL enabled.
Please guide us with proper information and links to achieve the above task.
Thanks & Regards,
Sujay Kadam
On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote:
Hi PostgreSQL Team,
I want to enable SSL in PostgreSQL Database on a new port.
I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it.
As per my requirement, I cannot use the same port for normal connection and SSL connection.
Hence, we require a new port to be SSL enabled.
Please guide us with proper information and links to achieve the above task.
That is now how SSL in PostgreSQL works. It will always run on the
same port, and PostgreSQL will only listen on one port.
You can probably do some hacky solution to it by running something
like pgbouncer on a different port and enable SSL only in that one.
But it will be a hack. I would recommend instead reviewing your
requirements and see if you can make them work with how PostgreSQL is
designed.
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/
On 02.05.23 12:13, Magnus Hagander wrote:
On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote:
Hi PostgreSQL Team,
I want to enable SSL in PostgreSQL Database on a new port.
I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it.
As per my requirement, I cannot use the same port for normal connection and SSL connection.
Hence, we require a new port to be SSL enabled.
Please guide us with proper information and links to achieve the above task.
That is now how SSL in PostgreSQL works. It will always run on the
same port, and PostgreSQL will only listen on one port.You can probably do some hacky solution to it by running something
like pgbouncer on a different port and enable SSL only in that one.
But it will be a hack. I would recommend instead reviewing your
requirements and see if you can make them work with how PostgreSQL is
designed.
Oh, I think your idea to use pgbouncer to take care of the SSL
termination is elegant. I don't think me I'd characterize it as a hack
if properly set up. Why do you consider it a hack?
*t
On 5/2/23 13:15, Tomas Pospisek wrote:
Oh, I think your idea to use pgbouncer to take care of the SSL
termination is elegant. I don't think me I'd characterize it as a hack
if properly set up. Why do you consider it a hack?
*t
Let me guess: postgres IS NOT listening on the other port, pgbouncer is
with it's own users and mappings and protocol setup and then sending
what ever's encrypted to the actual port postgres is listening on
which could have been used directly (with maybe on less cert?)
I use pgbouncer btw. For balance.
On May 2, 2023, at 12:15, Tomas Pospisek <tpo2@sourcepole.ch> wrote:
Oh, I think your idea to use pgbouncer to take care of the SSL termination is elegant. I don't think me I'd characterize it as a hack if properly set up. Why do you consider it a hack?
It's really only a hack in the sense that pgbouncer is being introduced just to do TLS. You might be able to do the same thing by running stunnel on the PostgreSQL host on a different port, and have it forward to PostgreSQL.