postgres-ha icon indicating copy to clipboard operation
postgres-ha copied to clipboard
verified publisher icon fly-apps

Support exposing to the Internet by adding SSL support

Open jeromegn opened this issue 4 years ago • 1 comments

Even if it's easy to expose a Postgres cluster to the Internet, it needs to be secured.

Right now we don't care much because it's meant to be used internally only. However, it's prety useful to be able to use it from external systems that aren't connected to the app's private network. Adding and configuring wireguard is an option, but not in all cases and always requires a lot of fiddling.

Relevant information:

  • https://www.postgresql.org/docs/current/libpq-ssl.html
  • https://github.com/sorintlab/stolon/blob/master/doc/ssl.md

jeromegn avatar May 25 '21 13:05 jeromegn

Beyond exposing publicly, SSL support is also important for zero trust.

fritzblue avatar May 22 '22 19:05 fritzblue