80 lines
2.1 KiB
Markdown
80 lines
2.1 KiB
Markdown
# Postgre-TLS Usage Guide
|
|
|
|
## Quick Start
|
|
|
|
1. **Start the PostgreSQL container:**
|
|
```bash
|
|
./start.sh
|
|
```
|
|
|
|
2. **Connect to the database:**
|
|
```bash
|
|
./connect.sh
|
|
```
|
|
|
|
3. **Stop the container:**
|
|
```bash
|
|
docker-compose down
|
|
```
|
|
|
|
## Common Operations
|
|
|
|
### Database Management
|
|
- **View container status:** `docker ps`
|
|
- **View container logs:** `docker logs postgre_tls-db`
|
|
- **Access PostgreSQL shell:** `./connect.sh`
|
|
- **Restart container:** `docker-compose restart`
|
|
|
|
### SSL Connection Testing
|
|
The setup uses TLSv1.3 with 256-bit encryption. Connection details:
|
|
- **Host:** localhost
|
|
- **Port:** 5432
|
|
- **Database:** postgre_tls
|
|
- **User:** postgre_tls_user
|
|
- **SSL Mode:** verify-full (certificate verification enabled)
|
|
|
|
### Data Persistence
|
|
- Database data is stored in `./data/` directory
|
|
- SSL certificates are in `./secrets/` directory
|
|
- All data remains in the project directory (userspace)
|
|
|
|
### Security Features
|
|
- ✅ SSL/TLS encryption (TLSv1.3)
|
|
- ✅ Certificate verification
|
|
- ✅ SCRAM-SHA-256 authentication
|
|
- ✅ Row-level security enabled
|
|
- ✅ Audit logging
|
|
- ✅ Encryption functions (pgcrypto)
|
|
|
|
## Troubleshooting
|
|
|
|
### Container Issues
|
|
- **Container won't start:** Check `docker logs postgre_tls-db`
|
|
- **Port conflicts:** Ensure port 5432 is available
|
|
- **Permission issues:** Check file permissions in `secrets/` directory
|
|
|
|
### SSL Connection Issues
|
|
- **Certificate errors:** Verify certificates exist in `secrets/`
|
|
- **Connection refused:** Ensure container is running and healthy
|
|
- **Authentication failed:** Check password in `secrets/postgres_password.txt`
|
|
|
|
## Development
|
|
|
|
### Making Changes
|
|
1. Stop the container: `docker-compose down`
|
|
2. Make your changes
|
|
3. Rebuild and restart: `./start.sh`
|
|
|
|
### Viewing SSL Status
|
|
Connect to the database and run:
|
|
```sql
|
|
SELECT ssl, version, cipher, bits FROM pg_stat_ssl WHERE pid = pg_backend_pid();
|
|
```
|
|
|
|
## Files Overview
|
|
- `docker-compose.yml` - Container configuration
|
|
- `start.sh` - Initialization and startup script
|
|
- `connect.sh` - SSL connection test script
|
|
- `Dockerfile` - Container image definition
|
|
- `secrets/` - SSL certificates and passwords
|
|
- `data/` - PostgreSQL data directory |