I feel more comfortable with this approach... I'll learn more about ssh tunnel...
Note that ssh tunnel won't be an option for something like RDS. You simply cannot ssh into that DB server. Period.
Using client certificate based authentication would be my suggestion in this case.
Regards, Jan
[]s
Márcio
On Wed, Dec 21, 2016 at 10:57 PM, Hannu Krosing <hkrosing@gmail.com> wrote:
On 12/17/2016 02:58 PM, Marcio Duarte wrote: > Hello ppl, > > My name is Márcio, from Brazil and I need help in understanding the > streaming replication process. > > I have a PostgreSQL data base hosted in an internal server. I need to > replicate this database on Heroku for read only access, but I need to > keep this Heroku instance synced with my internal server... I don't > want to expose this PostgreSQL internal server to the Web... > > What I understood > in https://wiki.postgresql.org/wiki/Streaming_Replication is that > standby will read data from master and not the other way... In this > case, I will need to expose the internal database server to the Web > via TCP, right? Maybe not web, but at least to the replica.
And otherways full PostgreSQL security applies., like requiring SSL connection, fine-grained control of client addresses etc.
And, you can always set up an ssh tunnel if you are more comfortable with this than with postgreSQL-s ssl. And you can even initiate the tunneling SSH connection from the master :) > > If so, there is a way to make the master send the data to standby?
Not easily.
Cheers -- Hannu Krosing PostgreSQL Consultant Performance, Scalability and High Availability https://2ndquadrant.com/