Thread: Regarding SSL Enablement in PostgreSQL Database on different port
Hi PostgreSQL Team,
I want to enable SSL in PostgreSQL Database on a new port.
I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it.
As per my requirement, I cannot use the same port for normal connection and SSL connection.
Hence, we require a new port to be SSL enabled.
Please guide us with proper information and links to achieve the above task.
Thanks & Regards,
Sujay Kadam
On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote: > > Hi PostgreSQL Team, > > > I want to enable SSL in PostgreSQL Database on a new port. > > I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it. > > As per my requirement, I cannot use the same port for normal connection and SSL connection. > > Hence, we require a new port to be SSL enabled. > > > Please guide us with proper information and links to achieve the above task. That is now how SSL in PostgreSQL works. It will always run on the same port, and PostgreSQL will only listen on one port. You can probably do some hacky solution to it by running something like pgbouncer on a different port and enable SSL only in that one. But it will be a hack. I would recommend instead reviewing your requirements and see if you can make them work with how PostgreSQL is designed. -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/
On 02.05.23 12:13, Magnus Hagander wrote: > On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote: >> >> Hi PostgreSQL Team, >> >> >> I want to enable SSL in PostgreSQL Database on a new port. >> >> I don’t want the default port that is 5432 SSL enabled, but I want to configure another port to enable SSL on it. >> >> As per my requirement, I cannot use the same port for normal connection and SSL connection. >> >> Hence, we require a new port to be SSL enabled. >> >> >> Please guide us with proper information and links to achieve the above task. > > That is now how SSL in PostgreSQL works. It will always run on the > same port, and PostgreSQL will only listen on one port. > > You can probably do some hacky solution to it by running something > like pgbouncer on a different port and enable SSL only in that one. > But it will be a hack. I would recommend instead reviewing your > requirements and see if you can make them work with how PostgreSQL is > designed. Oh, I think your idea to use pgbouncer to take care of the SSL termination is elegant. I don't think me I'd characterize it as a hack if properly set up. Why do you consider it a hack? *t
On 5/2/23 13:15, Tomas Pospisek wrote: > > Oh, I think your idea to use pgbouncer to take care of the SSL > termination is elegant. I don't think me I'd characterize it as a hack > if properly set up. Why do you consider it a hack? > *t > > > Let me guess: postgres IS NOT listening on the other port, pgbouncer is with it's own users and mappings and protocol setup and then sending what ever's encrypted to the actual port postgres is listening on which could have been used directly (with maybe on less cert?) I use pgbouncer btw. For balance.
> On May 2, 2023, at 12:15, Tomas Pospisek <tpo2@sourcepole.ch> wrote: > > Oh, I think your idea to use pgbouncer to take care of the SSL termination is elegant. I don't think me I'd characterizeit as a hack if properly set up. Why do you consider it a hack? It's really only a hack in the sense that pgbouncer is being introduced just to do TLS. You might be able to do the samething by running stunnel on the PostgreSQL host on a different port, and have it forward to PostgreSQL.