> On 25/12/2024 19:05, Markus KARG wrote:
>> I am running the official PostgreSQL 17.2 Docker Container (https://
>> hub.docker.com/layers/library/postgres/17.2/images/sha256-
>> c063081175f45f4a3a5ac03c234e060e67618ebe75b49e2a7ffb79f8357bd1e6)
>> proxied by a TLSv1.3 proxy (official Traefik 3.2.3 Docker Container
>> https://hub.docker.com/layers/library/traefik/v3.2.3/images/
>> sha256-06966a9ba1747ad724a490b8f27df1434c64e8eee5d681df03c4761c9653f62c).
>> Traefik utilizes ACME with Let's Encrypt to produce the TLS certificate.
>
> In v17, libpq requests the ALPN extension in the TLS handshake. Looks
> like the proxy doesn't know about the "postgresql" ALPN protocol, and
> rejects the connection.
>
> I guess Traefik needs some configuration changes to tell it that the
> "postgresql" protocol is expected. Or code changes.
Traefik does NOT REJECT the connection (if it would, the error message
from psql would be different).
Traefik is "postgres-aware" already since 3.0.0, while I am running 3.2.3.
Note that psql v16.3 works fine but psql v16.4 is not, so a change
introduced by v17 this CANNOT be the cause of the current problem.
>> Using the official PostgresSQL Docker Container (16.3 vs 16.4+), I am
>> asking psql to connect to my server. While psql 16.3 and earlier
>> versions successfully connect via the TLS proxy to the PostgreSQL
>> server, psql 16.4 and later versions fail doing so:
>>
>> root@hetzner-2:~# docker run -it postgres:16.3 psql
>> "host=headcrashing.eu port=5432 dbname=postgres user=postgres
>> password=... sslmode=require"
>> psql (16.3 (Debian 16.3-1.pgdg120+1), server 17.2 (Debian
>> 17.2-1.pgdg120+1))
>> WARNING: psql major version 16, server major version 17.
>> Some psql features might not work.
>> SSL connection (protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256,
>> compression: off)
>> Type"help" for help.
>>
>> postgres=# \q
>> root@hetzner-2:~# docker run -it postgres:16.4 psql
>> "host=headcrashing.eu port=5432 dbname=postgres user=postgres
>> password=... sslmode=require"
>> psql: error: connection to server at"headcrashing.eu" (49.13.53.107),
>> port 5432 failed: SSL error: tlsv1 alert no application protocol
>
> There were no changes between 16.3 and 16.4 to explain this. When I
> test that with v16 client that I built from sources, I don't get that
> error.
>
> The error message suggests that you're actually using libpq v17. And
> indeed I get that error when connecting with v17 client. Perhaps the
> postgres:16.4 docker image was built with v17 libpq?
I am using the original, pre-built container images found on Docker Hub
and have NOT built them on my own. I am not a PostgresSQL committer
either. So I cannot answer your question.
