57 lines
1.8 KiB
Markdown
57 lines
1.8 KiB
Markdown
# Postgre-TLS - Secure PostgreSQL Docker Setup with SSL/TLS
|
|
|
|
A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.
|
|
|
|
## Features
|
|
|
|
- **SSL/TLS Encryption**: TLSv1.3 with 256-bit AES-GCM encryption
|
|
- **Certificate Verification**: Full SSL certificate verification enabled
|
|
- **SCRAM-SHA-256 Authentication**: Secure password authentication
|
|
- **Row-Level Security**: Built-in support for fine-grained access control
|
|
- **Audit Logging**: Comprehensive audit trail for database operations
|
|
- **Data Integrity**: Checksums enabled for data corruption detection
|
|
- **Monitoring**: Built-in performance monitoring with pg_stat_statements
|
|
- **Encryption Functions**: pgcrypto extension for additional encryption capabilities
|
|
|
|
## Quick Start
|
|
|
|
1. **Start the PostgreSQL container**:
|
|
```bash
|
|
./start.sh
|
|
```
|
|
|
|
2. **Connect to the database**:
|
|
```bash
|
|
./connect.sh
|
|
```
|
|
|
|
3. **Stop the container**:
|
|
```bash
|
|
docker-compose down
|
|
```
|
|
|
|
## SSL Connection Details
|
|
|
|
The setup provides enterprise-grade security with:
|
|
- **Encryption**: TLSv1.3 with TLS_AES_256_GCM_SHA384 cipher
|
|
- **Key Size**: 256-bit encryption
|
|
- **Certificate**: Self-signed with full verification
|
|
- **Authentication**: SCRAM-SHA-256 password hashing
|
|
|
|
## Manual Connection
|
|
|
|
You can also connect manually using psql:
|
|
```bash
|
|
psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
|
|
```
|
|
|
|
For non-interactive connection, set the PGPASSWORD environment variable:
|
|
```bash
|
|
export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
|
|
psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
|
|
```
|
|
|
|
## Project Structure
|
|
|
|
```
|
|
``` |