Home > mailing lists

Re: [SQL] Encrypting PGBouncer to Postgres DB connections - Mailing list pgsql-admin

From	Albe Laurenz
Subject	Re: [SQL] Encrypting PGBouncer to Postgres DB connections
Date	May 8, 2013 10:47:48
Msg-id	A737B7A37273E048B164557ADEF4A58B05816C8A@ntex2010a.host.magwien.gv.at Whole thread Raw
In response to	Re: [SQL] Encrypting PGBouncer to Postgres DB connections (Bhanu Murthy <bhanu_murthy@yahoo.com>)
Responses	Re: [SQL] Encrypting PGBouncer to Postgres DB connections (handsfree <luke.hansbury@redwood.com>)
List	pgsql-admin

Tree view

Bhanu Murthy wrote:
> handsfree wrote:

>> We're looking to use streaming replication to a target via a secondary host
>> using stunnel.

> I could think of 2 possible solutions:

[...]

> 2. Use streaming replication config features to secure traffic (encrypted data over TCP)
>
> Master configuration on machine-A:
> =>Update replication line in pg_hba.conf to "hostssl"
>
> Slave configuration on machine-B:
> => primary_conninfo='host=machine-A port=5432 sslmode=require'
> or
> => primary_conninfo='host=machine-A port=5432 sslmode=verify-ca'
>
> You could then use cascading replication (available from postgres 9.2) from machine-B to machine-C.

That would be the best solution, but I ran into a problem with it:
http://www.postgresql.org/message-id/D960CB61B694CF459DCFB4B0128514C208A4E93C@exadv11.host.magwien.gv.at

It still works, but the replication connection is lost and restarted
whenever SSL renegotiation takes place.
I wasn't able to figure out what causes the problem.

Yours,
Laurenz Albe

pgsql-admin by date:

From: Achilleas Mantzios
Date: 08 May 2013, 10:03:39
Subject: Re: Installing multiple instances of Postgred on one FreeBSD server

From: handsfree
Date: 08 May 2013, 11:35:51
Subject: Re: [SQL] Encrypting PGBouncer to Postgres DB connections

Re: [SQL] Encrypting PGBouncer to Postgres DB connections - Mailing list pgsql-admin

Previous

Next