colin
/
postgre-tls
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags 39 KiB
Go to file
Leopere 1f4d57471c Rename project from PloughGres to Postgre-TLS 
- Updated all references from ploughgres to postgre_tls
- Changed container name to postgre-tls-db
- Updated database and user names
- Added Docker registry configuration for git.nixc.us
- Created build-push.sh script for image management
- Updated documentation to reflect new project name
- Configured for unstable/stable image tags
 		2025-07-14 14:17:00 -04:00
.gitignore Initial commit of Postgre-TLS project 2025-07-14 14:10:19 -04:00
Dockerfile Initial commit of Postgre-TLS project 2025-07-14 14:10:19 -04:00
README.md Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00
USAGE.md Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00
build-push.sh Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00
connect.sh Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00
docker-compose.yml Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00
entrypoint.sh Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00
postgresql.conf Initial commit of Postgre-TLS project 2025-07-14 14:10:19 -04:00
start.sh Rename project from PloughGres to Postgre-TLS 2025-07-14 14:17:00 -04:00

README.md

Postgre-TLS - Secure PostgreSQL Docker Setup with SSL/TLS

A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.

Docker Images

This project builds and publishes Docker images to the git.nixc.us registry:

  • Unstable: git.nixc.us/postgre-tls:unstable (latest development)
  • Stable: git.nixc.us/postgre-tls:stable (stable releases)

Features

  • SSL/TLS Encryption: TLSv1.3 with 256-bit AES-GCM encryption
  • Certificate Verification: Full SSL certificate verification enabled
  • SCRAM-SHA-256 Authentication: Secure password authentication
  • Row-Level Security: Built-in support for fine-grained access control
  • Audit Logging: Comprehensive audit trail for database operations
  • Data Integrity: Checksums enabled for data corruption detection
  • Monitoring: Built-in performance monitoring with pg_stat_statements
  • Encryption Functions: pgcrypto extension for additional encryption capabilities

Quick Start

  1. Start the PostgreSQL container:

    ./start.sh

  2. Connect to the database:

    ./connect.sh

  3. Stop the container:

    docker-compose down

SSL Connection Details

The setup provides enterprise-grade security with:

  • Encryption: TLSv1.3 with TLS_AES_256_GCM_SHA384 cipher
  • Key Size: 256-bit encryption
  • Certificate: Self-signed with full verification
  • Authentication: SCRAM-SHA-256 password hashing

Manual Connection

You can also connect manually using psql:

psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"

For non-interactive connection, set the PGPASSWORD environment variable:

export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"

Project Structure

Postgre-TLS/
├── docker-compose.yml    # Container configuration
├── Dockerfile           # Container image definition
├── start.sh            # Initialization and startup script
├── connect.sh          # SSL connection test script
├── postgresql.conf     # PostgreSQL configuration
├── USAGE.md           # Usage guide and commands
├── data/              # PostgreSQL data directory
├── secrets/           # SSL certificates and passwords
└── logs/              # Container logs