| From: | Samba <saasira(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Streaming Replication Over SSL |
| Date: | 2011-12-01 12:48:19 |
| Message-ID: | CAKgWO9KAdQPaY5Sm7aFbyGPO976WCthTqZ_q_PM-tA0EzN76ZQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi all,
I searched a lot to find if some one has written about this but could not
find any successful attempt, hence thought of posting it here.
setting the sslmode='require' in the 'primary_conninfo' parameter in the
recovery.conf file on standby server would make the standby server make an
SSL connection with the master server for streaming replication.
If we want to authenticate the master server before we fetch data from it,
then copy the CA certificate from the postgres server on master to
$PG_DATA/.postgresql directory as 'root.crt' and set the above mentioned
parameter to sslmode='verify-ca'.
complete string:
primary_conninfo='host=master port=5432 sslmode=require' or
primary_conninfo='host=master port=5432 sslmode=verify-ca'
However, I'm not sure how to confirm if the standby server is really making
the connection to master and fetching the XLOG contents over SSL. I tried
intercepting the traffic using wireshark but could not find any hint to
that effect; all it says is that the traffic is over tcp.
Can someone suggest any way to confirm that this setting would really make
streaming replication work of SSL?
Thanks and Regards,
Samba
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Buttafuoco | 2011-12-01 13:07:15 | Replication issue |
| Previous Message | Magnus Hagander | 2011-12-01 12:47:38 | Re: Limiting number of connections to PostgreSQL per IP (not per DB/user)? |