added PG_SSL parameter to enable/disable SSL support

`PG_SSL` is automatically set to `on` if `server.crt` and `server.key`
can be found at `/etc/postgresql/certs`

Closes #32
This commit is contained in:
Sameer Naik
2015-11-26 20:42:55 +05:30
parent 5f6024062f
commit 6418c9e044
2 changed files with 22 additions and 0 deletions
+1
View File
@@ -6,6 +6,7 @@
- `PSQL_MODE` config parameter renamed to `REPLICATION_MODE`
- `PSQL_SSLMODE` config parameter renamed to `REPLICATION_SSLMODE`
- defined `/etc/postgresql/certs` as the mountpoint to install SSL key and certificate
- added `PG_SSL` parameter to enable/disable SSL support
**9.4-2**
- added replication options
+21
View File
@@ -1,6 +1,7 @@
#!/bin/bash
set -e
PG_SSL=${PG_SSL:-}
PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-$PSQL_TRUST_LOCALNET} # backward compatibility
PG_TRUST_LOCALNET=${PG_TRUST_LOCALNET:-false}
@@ -114,6 +115,25 @@ set_hba_param() {
fi
}
configure_ssl() {
## NOT SURE IF THIS IS A GOOD ALTERNATIVE TO ENABLE SSL SUPPORT BY DEFAULT ##
## BECAUSE USERS WHO PULL A PREBUILT IMAGE WILL HAVE THE SAME CERTIFICATES ##
# if [[ ! -f ${PG_CERTDIR}/server.crt && ! -f ${PG_CERTDIR}/server.key ]]; then
# if [[ -f /etc/ssl/certs/ssl-cert-snakeoil.pem && -f /etc/ssl/private/ssl-cert-snakeoil.key ]]; then
# ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem ${PG_CERTDIR}/server.crt
# ln -sf /etc/ssl/private/ssl-cert-snakeoil.key ${PG_CERTDIR}/server.key
# fi
# fi
if [[ -f ${PG_CERTDIR}/server.crt && -f ${PG_CERTDIR}/server.key ]]; then
PG_SSL=${PG_SSL:-on}
set_postgresql_param "ssl_cert_file" "${PG_CERTDIR}/server.crt"
set_postgresql_param "ssl_key_file" "${PG_CERTDIR}/server.key"
fi
PG_SSL=${PG_SSL:-off}
set_postgresql_param "ssl" "${PG_SSL}"
}
configure_hot_standby() {
case ${REPLICATION_MODE} in
slave|snapshot) ;;
@@ -341,6 +361,7 @@ if [[ -z ${1} ]]; then
create_rundir
initialize_database
configure_ssl
trust_localnet
create_user