Postgres Pro
Downloads
Home   >   mailing lists

Thread: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

From
Date:

Hello everyone,

 

I am trying to encrypt the connection from client side to the pod of pgAdmin 4 (container) on OpenShift. I have included a certificate (server.cert) and a key (server.key), which are extracted from the PFX file from our certificate operator on OpenShift. I have succeeded to encrypt the connection with TLS termination type “edge”, which is defined in YAML file for route for pgAdmin 4. With type “edge”, we only encrypt until the HA-Proxy (Router of OpenShift).

However, when I tried to change the TLS termination type to “reencrypt”, with destination CA certificate provided, I have received a TLS handshake problem. I have tried to research online, and I believed that it is because I am trying to do a SSL connection to a non-SSL pod of pgAdmin 4. Do you know how could we change the config file of pod (NGINX?) and add the line of “host 443 ssl” to the server? (P.S.: I use the image of pgAdmin from crunchydata registry in my deployment YAML file.)

 

Thank you so much for your attention, any help would be much appreciated!

 

 

 

Many thanks and best regards,

 

Boon Hooi Choo

 

Consultant Digital Integration

PU Digital Solutions/Products & Solutions

 

T-Systems International GmbH

Re: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

From
Khushboo Vashi
Date:
Hello,

On Tue, Jun 7, 2022 at 1:58 AM <Boon-Hooi.Choo@t-systems.com> wrote:

Hello everyone,

 

I am trying to encrypt the connection from client side to the pod of pgAdmin 4 (container) on OpenShift. I have included a certificate (server.cert) and a key (server.key), which are extracted from the PFX file from our certificate operator on OpenShift. I have succeeded to encrypt the connection with TLS termination type “edge”, which is defined in YAML file for route for pgAdmin 4. With type “edge”, we only encrypt until the HA-Proxy (Router of OpenShift).

However, when I tried to change the TLS termination type to “reencrypt”, with destination CA certificate provided, I have received a TLS handshake problem. I have tried to research online, and I believed that it is because I am trying to do a SSL connection to a non-SSL pod of pgAdmin 4. Do you know how could we change the config file of pod (NGINX?) and add the line of “host 443 ssl” to the server? (P.S.: I use the image of pgAdmin from crunchydata registry in my deployment YAML file.)

 

You can get the idea regarding NGINX settings at https://www.pgadmin.org/download/pgadmin-4-container/, and this document supports the pgAdmin container image (not the crunchy data registry.).

Thanks,
Khushboo

Thank you so much for your attention, any help would be much appreciated!

 

 

 

Many thanks and best regards,

 

Boon Hooi Choo

 

Consultant Digital Integration

PU Digital Solutions/Products & Solutions

 

T-Systems International GmbH

Re: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

From
Khushboo Vashi
Date:


On Tue, Jun 7, 2022 at 10:29 AM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:
Hello,

On Tue, Jun 7, 2022 at 1:58 AM <Boon-Hooi.Choo@t-systems.com> wrote:

Hello everyone,

 

I am trying to encrypt the connection from client side to the pod of pgAdmin 4 (container) on OpenShift. I have included a certificate (server.cert) and a key (server.key), which are extracted from the PFX file from our certificate operator on OpenShift. I have succeeded to encrypt the connection with TLS termination type “edge”, which is defined in YAML file for route for pgAdmin 4. With type “edge”, we only encrypt until the HA-Proxy (Router of OpenShift).

However, when I tried to change the TLS termination type to “reencrypt”, with destination CA certificate provided, I have received a TLS handshake problem. I have tried to research online, and I believed that it is because I am trying to do a SSL connection to a non-SSL pod of pgAdmin 4. Do you know how could we change the config file of pod (NGINX?) and add the line of “host 443 ssl” to the server? (P.S.: I use the image of pgAdmin from crunchydata registry in my deployment YAML file.)

 

You can get the idea regarding NGINX settings at https://www.pgadmin.org/download/pgadmin-4-container/, and this document supports the pgAdmin container image (not the crunchy data registry.).
  

Thanks,
Khushboo

Thank you so much for your attention, any help would be much appreciated!

 

 

 

Many thanks and best regards,

 

Boon Hooi Choo

 

Consultant Digital Integration

PU Digital Solutions/Products & Solutions

 

T-Systems International GmbH

AW: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

From
Date:

Hi Khushboo,

 

Thank you for your reply. I have permission and company-proxy problem with the image dpage/pgadmin4 from Docker. When I tried to change the permission of work/session directory, it is not allowed, and sudo is not installed.

sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted

sudo: no valid sudoers sources found, quitting

sudo: setresuid() [0, 0, 0] -> [1003600000, -1, -1]: Operation not permitted

sudo: error initializing audit plugin sudoers_audit

[INFO] Starting gunicorn 20.1.0

[INFO] Listening at: http://[::]:443

[INFO] Using worker: gthreads

[INFO] Booting worker with pid: 22

 

Would it be possible if I could change the config of NGINX on the image on OpenShift (Red Hat)? https://catalog.redhat.com/software/containers/crunchydata/crunchy-pgadmin4/595e643a4b339a35612c077d?container-tabs=overview

 

Best regards,

Boon

 

Von: Khushboo Vashi <khushboo.vashi@enterprisedb.com>
Gesendet: Dienstag, 7. Juni 2022 07:01
An: Choo, Boon Hooi <Boon-Hooi.Choo@t-systems.com>
Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org>
Betreff: Re: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

 

 

 

On Tue, Jun 7, 2022 at 10:29 AM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:

Hello,

 

On Tue, Jun 7, 2022 at 1:58 AM <Boon-Hooi.Choo@t-systems.com> wrote:

Hello everyone,

 

I am trying to encrypt the connection from client side to the pod of pgAdmin 4 (container) on OpenShift. I have included a certificate (server.cert) and a key (server.key), which are extracted from the PFX file from our certificate operator on OpenShift. I have succeeded to encrypt the connection with TLS termination type “edge”, which is defined in YAML file for route for pgAdmin 4. With type “edge”, we only encrypt until the HA-Proxy (Router of OpenShift).

However, when I tried to change the TLS termination type to “reencrypt”, with destination CA certificate provided, I have received a TLS handshake problem. I have tried to research online, and I believed that it is because I am trying to do a SSL connection to a non-SSL pod of pgAdmin 4. Do you know how could we change the config file of pod (NGINX?) and add the line of “host 443 ssl” to the server? (P.S.: I use the image of pgAdmin from crunchydata registry in my deployment YAML file.)

 

You can get the idea regarding NGINX settings at https://www.pgadmin.org/download/pgadmin-4-container/, and this document supports the pgAdmin container image (not the crunchy data registry.).

  

 

Thanks,

Khushboo

 

Thank you so much for your attention, any help would be much appreciated!

 

 

 

Many thanks and best regards,

 

Boon Hooi Choo

 

Consultant Digital Integration

PU Digital Solutions/Products & Solutions

 

T-Systems International GmbH