1.8 KiB
1.8 KiB
Postgre-TLS - Secure PostgreSQL Docker Setup with SSL/TLS
A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.
Features
- SSL/TLS Encryption: TLSv1.3 with 256-bit AES-GCM encryption
- Certificate Verification: Full SSL certificate verification enabled
- SCRAM-SHA-256 Authentication: Secure password authentication
- Row-Level Security: Built-in support for fine-grained access control
- Audit Logging: Comprehensive audit trail for database operations
- Data Integrity: Checksums enabled for data corruption detection
- Monitoring: Built-in performance monitoring with pg_stat_statements
- Encryption Functions: pgcrypto extension for additional encryption capabilities
Quick Start
-
Start the PostgreSQL container:
./start.sh -
Connect to the database:
./connect.sh -
Stop the container:
docker-compose down
SSL Connection Details
The setup provides enterprise-grade security with:
- Encryption: TLSv1.3 with TLS_AES_256_GCM_SHA384 cipher
- Key Size: 256-bit encryption
- Certificate: Self-signed with full verification
- Authentication: SCRAM-SHA-256 password hashing
Manual Connection
You can also connect manually using psql:
psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
For non-interactive connection, set the PGPASSWORD environment variable:
export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
Project Structure