# Postgre-TLS Usage Guide

## Quick Start

1. **Start the PostgreSQL container:**
   ```bash
   ./start.sh
   ```

2. **Connect to the database:**
   ```bash
   ./connect.sh
   ```

3. **Stop the container:**
   ```bash
   docker-compose down
   ```

## Common Operations

### Database Management
- **View container status:** `docker ps`
- **View container logs:** `docker logs postgre_tls-db`
- **Access PostgreSQL shell:** `./connect.sh`
- **Restart container:** `docker-compose restart`

### SSL Connection Testing
The setup uses TLSv1.3 with 256-bit encryption. Connection details:
- **Host:** localhost
- **Port:** 5432
- **Database:** postgre_tls
- **User:** postgre_tls_user
- **SSL Mode:** verify-full (certificate verification enabled)

### Data Persistence
- Database data is stored in `./data/` directory
- SSL certificates are in `./secrets/` directory
- All data remains in the project directory (userspace)

### Security Features
- ✅ SSL/TLS encryption (TLSv1.3)
- ✅ Certificate verification
- ✅ SCRAM-SHA-256 authentication
- ✅ Row-level security enabled
- ✅ Audit logging
- ✅ Encryption functions (pgcrypto)

## Troubleshooting

### Container Issues
- **Container won't start:** Check `docker logs postgre_tls-db`
- **Port conflicts:** Ensure port 5432 is available
- **Permission issues:** Check file permissions in `secrets/` directory

### SSL Connection Issues
- **Certificate errors:** Verify certificates exist in `secrets/`
- **Connection refused:** Ensure container is running and healthy
- **Authentication failed:** Check password in `secrets/postgres_password.txt`

## Development

### Making Changes
1. Stop the container: `docker-compose down`
2. Make your changes
3. Rebuild and restart: `./start.sh`

### Viewing SSL Status
Connect to the database and run:
```sql
SELECT ssl, version, cipher, bits FROM pg_stat_ssl WHERE pid = pg_backend_pid();
```

## Files Overview
- `docker-compose.yml` - Container configuration
- `start.sh` - Initialization and startup script
- `connect.sh` - SSL connection test script
- `Dockerfile` - Container image definition
- `secrets/` - SSL certificates and passwords
- `data/` - PostgreSQL data directory