colin
/
postgre-tls
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
postgre-tls/README.md

2.5 KiB
Raw Permalink Blame History

Postgre-TLS - Secure PostgreSQL Docker Setup with SSL/TLS

A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.

Docker Images

This project builds and publishes Docker images to the git.nixc.us registry:

  • Unstable: git.nixc.us/postgre-tls:unstable (latest development)
  • Stable: git.nixc.us/postgre-tls:stable (stable releases)

Features

  • SSL/TLS Encryption: TLSv1.3 with 256-bit AES-GCM encryption
  • Certificate Verification: Full SSL certificate verification enabled
  • SCRAM-SHA-256 Authentication: Secure password authentication
  • Row-Level Security: Built-in support for fine-grained access control
  • Audit Logging: Comprehensive audit trail for database operations
  • Data Integrity: Checksums enabled for data corruption detection
  • Monitoring: Built-in performance monitoring with pg_stat_statements
  • Encryption Functions: pgcrypto extension for additional encryption capabilities

Quick Start

  1. Start the PostgreSQL container:

    ./start.sh

  2. Connect to the database:

    ./connect.sh

  3. Stop the container:

    docker-compose down

SSL Connection Details

The setup provides enterprise-grade security with:

  • Encryption: TLSv1.3 with TLS_AES_256_GCM_SHA384 cipher
  • Key Size: 256-bit encryption
  • Certificate: Self-signed with full verification
  • Authentication: SCRAM-SHA-256 password hashing

Manual Connection

You can also connect manually using psql:

psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"

For non-interactive connection, set the PGPASSWORD environment variable:

export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"

Project Structure

Postgre-TLS/
├── docker-compose.yml    # Container configuration
├── Dockerfile           # Container image definition
├── start.sh            # Initialization and startup script
├── connect.sh          # SSL connection test script
├── postgresql.conf     # PostgreSQL configuration
├── USAGE.md           # Usage guide and commands
├── data/              # PostgreSQL data directory
├── secrets/           # SSL certificates and passwords
└── logs/              # Container logs