Dokploy
Postgres unencrypted
I've set up a postgres instance in one of my projects and set up for external access but when I connect to it using Postico, it says the connection is unencrypted? How do I ensure this is encrypted?
If I set my cloudflare DNS to 'DNS Only' I get this message but can connect, if I set it to 'Proxied' I can't connect at all - the SSL connection is set to 'Full'
I will need to test this, because I've used pgadmin and dbeaber and 0 issues, probably it may need to adjust the database connection because it depends on the driver the tool are using
@danverbs I test and it was working looks like using the domain as hostname is not working only with the ip of the vps
Ok so don't use the url provided in Dokploy settings? Just the ip of the vps?
Correct @danverbs, for now just use the IP when I have more time I will investigate about this, but for now is functional
I tried with just the IP and it still says 'The server doesn't support TLS' and is unencrypted. Could you share the steps you took to set this up?
Hey @danverbs , I tested and it was working I share the configuration
- Create a postgres database (In my case only set the database name)
- Expose port, type 5432 and then save.
- copy the postgresql connection.
- go to Postico
- type the postgresql connection but remember to remove the domain and set the ip of your vps
- Click add server
- Select the database, click on test button it will appear some alert about TLS just accept it
- Then click on test to check the connection is working
Thanks - I can connect as shown in your steps but Postico still says the connection is unencrypted? Surely we want it to be encrypted?
The question is that it marks you that it is not a secure connection because we do not implement any configuration for the domain with that port, but making adjustments with some traefik configuration would be enough to achieve that result.
What I recommend in case you are afraid or something like that that the probability that it will happen is really low, is simply when you finish doing your tasks in the database remove the exposed port that way no one will be able to access the database from outside.
Thanks - I can connect as shown in your steps but Postico still says the connection is unencrypted? Surely we want it to be encrypted?
I agree with you, that it should be encrypted or have an option to make it so. @Siumauricio could you provide a working example config for adding this in traefik? Or is there an option to add it to the creation workflow directly (checkbox or something)?
You could add Traefik labels and put them under a subdomain like db.yourdomain.tld In this way, you'll have SSL for the subdomain - you'll connect on the port 80.
Or we could follow railway's postgres template, where they issue their own certificate internally.
https://github.com/railwayapp-templates/postgres-ssl
Hi @Siumauricio , I'm trying to connect my PostgreSQL database from cloudflare hyperdrive but it requires SSL/TLS connection. I used (create service -> database -> postgres) option from the ui to create the database. Now I can't find the dockerfile/compose file to modify the config to add traefik config which will allow SSL/TLS. So what should I do now?
Thanks Sakib
Yeah would be great if it could somehow define our own SSL certificate or one gets automatically added. Since it is required for a lot of things I do I dont have any databases on dokploy currently sadly.
For info, Coolify is implementing this and I think it's a must-have
https://github.com/coollabsio/coolify/discussions/3976#discussioncomment-11934111
