mirror
/
docker-postgis
kopia lustrzana https://github.com/kartoza/docker-postgis
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

fix ssl connection string in replication (#375) 

* fix SSL connection string in streaming replication
pull/380/head
mazano 2022-05-09 18:12:01 +02:00 zatwierdzone przez GitHub
rodzic a36eab044a
commit 2078d4e0a5
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
2 zmienionych plików z 15 dodań i 6 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

17
scripts/env-data.sh
Wyświetl plik

@ -133,10 +133,6 @@ if [ -z "${EXTRA_CONF_DIR}" ]; then
EXTRA_CONF_DIR=${DEFAULT_EXTRA_CONF_DIR}
fi
# SSL mode
if [ -z "${PGSSLMODE}" ]; then
PGSSLMODE=require
fi
# Enable hstore and topology by default
if [ -z "${HSTORE}" ]; then
HSTORE=true
@ -250,6 +246,19 @@ if [ -z "${SSL_KEY_FILE}" ]; then
SSL_KEY_FILE='/etc/ssl/private/ssl-cert-snakeoil.key'
fi
# SSL mode
function postgres_ssl_setup() {
if [ -z "${PGSSLMODE}" ]; then
PGSSLMODE=require
fi
if [[ ${PGSSLMODE} == 'verify-ca' || ${PGSSLMODE} == 'verify-full' ]]; then
export PARAMS="sslmode=${PGSSLMODE}&sslcert=${SSL_CERT_FILE}&sslkey=${SSL_KEY_FILE}&sslrootcert=${SSL_CA_FILE}"
elif [[ ${PGSSLMODE} == 'disable' || ${PGSSLMODE} == 'allow' || ${PGSSLMODE} == 'prefer' || ${PGSSLMODE} == 'require' ]]; then
export PARAMS="sslmode=${PGSSLMODE}"
fi
}
if [ -z "${POSTGRES_MULTIPLE_EXTENSIONS}" ]; then
if [[ $(dpkg -l | grep "timescaledb") > /dev/null ]];then
POSTGRES_MULTIPLE_EXTENSIONS='postgis,hstore,postgis_topology,postgis_raster,pgrouting,timescaledb'

4
scripts/setup-conf.sh
Wyświetl plik

@ -59,7 +59,7 @@ fi
# Create a config for streaming replication
if [[ "${REPLICATION}" =~ [Tt][Rr][Uu][Ee] && "$WAL_LEVEL" == 'replica' ]]; then
postgres_ssl_setup
cat > ${ROOT_CONF}/streaming_replication.conf <<EOF
wal_level = ${WAL_LEVEL}
max_wal_senders = ${PG_MAX_WAL_SENDERS}
@ -68,7 +68,7 @@ min_wal_size = ${MIN_WAL_SIZE}
max_wal_size = ${WAL_SIZE}
hot_standby = on
checkpoint_timeout = ${CHECK_POINT_TIMEOUT}
primary_conninfo = 'host=${REPLICATE_FROM} port=${REPLICATE_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PGSSLMODE}'
primary_conninfo = 'host=${REPLICATE_FROM} port=${REPLICATE_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} ${PARAMS}'
recovery_target_timeline=${TARGET_TIMELINE}
recovery_target_action=${TARGET_ACTION}
promote_trigger_file = '${PROMOTE_FILE}'