Enable TLS with dev postgres container
This commit is contained in:
parent
19147e2035
commit
f3cd2e3246
4 changed files with 28 additions and 1 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -5,6 +5,7 @@
|
|||
/docker/object-storage/storage
|
||||
/docker/object-storage/pict-rs-garage.toml
|
||||
/docker/object-storage/*.log
|
||||
/docker/object-storage/out
|
||||
/result
|
||||
/.ash_history
|
||||
/.direnv
|
||||
|
|
9
docker/object-storage/Dockerfile.postgres
Normal file
9
docker/object-storage/Dockerfile.postgres
Normal file
|
@ -0,0 +1,9 @@
|
|||
FROM postgres:15-alpine
|
||||
|
||||
COPY --chown=0:70 --chmod=640 ./out/postgres.key ./etc/
|
||||
COPY --chown=0:70 --chmod=640 ./out/postgres.crt ./etc/
|
||||
|
||||
COPY --chown=0:70 --chmod=640 ./out/pictrsCA.crt ./etc/
|
||||
COPY --chown=0:70 --chmod=640 ./out/pictrsCA.crl ./etc/
|
||||
|
||||
CMD ["-c", "ssl=on", "-c", "ssl_cert_file=/etc/postgres.crt", "-c", "ssl_key_file=/etc/postgres.key", "-c", "ssl_ca_file=/etc/pictrsCA.crt", "-c", "ssl_crl_file=/etc/pictrsCA.crl"]
|
|
@ -53,7 +53,9 @@ services:
|
|||
- ./garage.toml:/etc/garage.toml
|
||||
|
||||
postgres:
|
||||
image: postgres:15-alpine
|
||||
build:
|
||||
context: .
|
||||
dockerfile: ./Dockerfile.postgres
|
||||
ports:
|
||||
- "5432:5432"
|
||||
environment:
|
||||
|
|
15
docker/object-storage/setup-tls.sh
Executable file
15
docker/object-storage/setup-tls.sh
Executable file
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -xe
|
||||
|
||||
certstrap init --common-name pictrsCA
|
||||
certstrap request-cert --common-name postgres --domain localhost
|
||||
certstrap sign postgres --CA pictrsCA
|
||||
|
||||
mkdir -p ./storage/
|
||||
sudo mkdir -p ./storage/postgres
|
||||
|
||||
sudo tee ./storage/postgres/pg_hba.conf << EOF
|
||||
host all all all trust
|
||||
hostssl all all all cert clientcert=verify-full
|
||||
EOF
|
Loading…
Reference in a new issue