kopia lustrzana https://github.com/kartoza/docker-postgis
fix ssl connection string in replication (#375)
* fix SSL connection string in streaming replicationpull/380/head
rodzic
a36eab044a
commit
2078d4e0a5
|
@ -133,10 +133,6 @@ if [ -z "${EXTRA_CONF_DIR}" ]; then
|
|||
EXTRA_CONF_DIR=${DEFAULT_EXTRA_CONF_DIR}
|
||||
fi
|
||||
|
||||
# SSL mode
|
||||
if [ -z "${PGSSLMODE}" ]; then
|
||||
PGSSLMODE=require
|
||||
fi
|
||||
# Enable hstore and topology by default
|
||||
if [ -z "${HSTORE}" ]; then
|
||||
HSTORE=true
|
||||
|
@ -250,6 +246,19 @@ if [ -z "${SSL_KEY_FILE}" ]; then
|
|||
SSL_KEY_FILE='/etc/ssl/private/ssl-cert-snakeoil.key'
|
||||
fi
|
||||
|
||||
# SSL mode
|
||||
function postgres_ssl_setup() {
|
||||
if [ -z "${PGSSLMODE}" ]; then
|
||||
PGSSLMODE=require
|
||||
fi
|
||||
if [[ ${PGSSLMODE} == 'verify-ca' || ${PGSSLMODE} == 'verify-full' ]]; then
|
||||
export PARAMS="sslmode=${PGSSLMODE}&sslcert=${SSL_CERT_FILE}&sslkey=${SSL_KEY_FILE}&sslrootcert=${SSL_CA_FILE}"
|
||||
elif [[ ${PGSSLMODE} == 'disable' || ${PGSSLMODE} == 'allow' || ${PGSSLMODE} == 'prefer' || ${PGSSLMODE} == 'require' ]]; then
|
||||
export PARAMS="sslmode=${PGSSLMODE}"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
if [ -z "${POSTGRES_MULTIPLE_EXTENSIONS}" ]; then
|
||||
if [[ $(dpkg -l | grep "timescaledb") > /dev/null ]];then
|
||||
POSTGRES_MULTIPLE_EXTENSIONS='postgis,hstore,postgis_topology,postgis_raster,pgrouting,timescaledb'
|
||||
|
|
|
@ -59,7 +59,7 @@ fi
|
|||
|
||||
# Create a config for streaming replication
|
||||
if [[ "${REPLICATION}" =~ [Tt][Rr][Uu][Ee] && "$WAL_LEVEL" == 'replica' ]]; then
|
||||
|
||||
postgres_ssl_setup
|
||||
cat > ${ROOT_CONF}/streaming_replication.conf <<EOF
|
||||
wal_level = ${WAL_LEVEL}
|
||||
max_wal_senders = ${PG_MAX_WAL_SENDERS}
|
||||
|
@ -68,7 +68,7 @@ min_wal_size = ${MIN_WAL_SIZE}
|
|||
max_wal_size = ${WAL_SIZE}
|
||||
hot_standby = on
|
||||
checkpoint_timeout = ${CHECK_POINT_TIMEOUT}
|
||||
primary_conninfo = 'host=${REPLICATE_FROM} port=${REPLICATE_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} sslmode=${PGSSLMODE}'
|
||||
primary_conninfo = 'host=${REPLICATE_FROM} port=${REPLICATE_PORT} user=${REPLICATION_USER} password=${REPLICATION_PASS} ${PARAMS}'
|
||||
recovery_target_timeline=${TARGET_TIMELINE}
|
||||
recovery_target_action=${TARGET_ACTION}
|
||||
promote_trigger_file = '${PROMOTE_FILE}'
|
||||
|
|
Ładowanie…
Reference in New Issue