Thread: Regarding SSL Enablement in PostgreSQL Database on different port

Regarding SSL Enablement in PostgreSQL Database on different port

From
sujay kadam
Date:

Hi PostgreSQL Team,I want to enable SSL in PostgreSQL Database on a new port.I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it.As per my requirement, I cannot use the same port for normal connection and SSL connection.Hence, we require a new port to be SSL enabled.

Please guide us with proper information and links to achieve the above task.Thanks & Regards,Sujay Kadam

Re: Regarding SSL Enablement in PostgreSQL Database on different port

From
Magnus Hagander
Date:
On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote:
>
> Hi PostgreSQL Team,
>
>
> I want to enable SSL in PostgreSQL Database on a new port.
>
> I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it.
>
> As per my requirement, I cannot use the same port for normal connection and SSL connection.
>
> Hence, we require a new port to be SSL enabled.
>
>
> Please guide us with proper information and links to achieve the above task.

That is now how SSL in PostgreSQL works. It will always run on the
same port, and PostgreSQL will only listen on one port.

You can probably do some hacky solution to it by running something
like pgbouncer on a different port and enable SSL only in that one.
But it will be a hack. I would recommend instead reviewing your
requirements and see if you can make them work with how PostgreSQL is
designed.

--
 Magnus Hagander
 Me: https://www.hagander.net/
 Work: https://www.redpill-linpro.com/



Re: Regarding SSL Enablement in PostgreSQL Database on different port

From
Tomas Pospisek
Date:
On 02.05.23 12:13, Magnus Hagander wrote:
> On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote:
>>
>> Hi PostgreSQL Team,
>>
>>
>> I want to enable SSL in PostgreSQL Database on a new port.
>>
>> I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it.
>>
>> As per my requirement, I cannot use the same port for normal connection and SSL connection.
>>
>> Hence, we require a new port to be SSL enabled.
>>
>>
>> Please guide us with proper information and links to achieve the above task.
> 
> That is now how SSL in PostgreSQL works. It will always run on the
> same port, and PostgreSQL will only listen on one port.
> 
> You can probably do some hacky solution to it by running something
> like pgbouncer on a different port and enable SSL only in that one.
> But it will be a hack. I would recommend instead reviewing your
> requirements and see if you can make them work with how PostgreSQL is
> designed.

Oh, I think your idea to use pgbouncer to take care of the SSL 
termination is elegant. I don't think me I'd characterize it as a hack 
if properly set up. Why do you consider it a hack?
*t




Re: Regarding SSL Enablement in PostgreSQL Database on different port

From
Rob Sargent
Date:
On 5/2/23 13:15, Tomas Pospisek wrote:
>
> Oh, I think your idea to use pgbouncer to take care of the SSL 
> termination is elegant. I don't think me I'd characterize it as a hack 
> if properly set up. Why do you consider it a hack?
> *t
>
>
>
Let me guess:  postgres IS NOT listening on the other port, pgbouncer is 
with it's own users and mappings and protocol setup and then sending 
what ever's  encrypted to the actual port postgres  is listening on 
which could have been used directly (with maybe on less cert?)

I use pgbouncer btw.  For balance.



Re: Regarding SSL Enablement in PostgreSQL Database on different port

From
Christophe Pettus
Date:

> On May 2, 2023, at 12:15, Tomas Pospisek <tpo2@sourcepole.ch> wrote:
>
> Oh, I think your idea to use pgbouncer to take care of the SSL termination is elegant. I don't think me I'd
characterizeit as a hack if properly set up. Why do you consider it a hack? 

It's really only a hack in the sense that pgbouncer is being introduced just to do TLS.  You might be able to do the
samething by running stunnel on the PostgreSQL host on a different port, and have it forward to PostgreSQL.