[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    Re: Regarding SSL Enablement in PostgreSQL Database on different port
From:       Tomas Pospisek <tpo2 () sourcepole ! ch>
Date:       2023-05-02 19:15:08
Message-ID: fc7edc62-79f8-74c5-cfb8-08ddca84d32b () sourcepole ! ch
[Download RAW message or body]

On 02.05.23 12:13, Magnus Hagander wrote:
> On Tue, May 2, 2023 at 11:43 AM sujay kadam <sujaykadam02@gmail.com> wrote:
> > 
> > Hi PostgreSQL Team,
> > 
> > 
> > I want to enable SSL in PostgreSQL Database on a new port.
> > 
> > I don't want the default port that is 5432 SSL enabled, but I want to configure \
> > another port to enable SSL on it. 
> > As per my requirement, I cannot use the same port for normal connection and SSL \
> > connection. 
> > Hence, we require a new port to be SSL enabled.
> > 
> > 
> > Please guide us with proper information and links to achieve the above task.
> 
> That is now how SSL in PostgreSQL works. It will always run on the
> same port, and PostgreSQL will only listen on one port.
> 
> You can probably do some hacky solution to it by running something
> like pgbouncer on a different port and enable SSL only in that one.
> But it will be a hack. I would recommend instead reviewing your
> requirements and see if you can make them work with how PostgreSQL is
> designed.

Oh, I think your idea to use pgbouncer to take care of the SSL 
termination is elegant. I don't think me I'd characterize it as a hack 
if properly set up. Why do you consider it a hack?
*t


[prev in list] [next in list] [prev in thread] [next in thread]