Home > OS >  Cannot force Postgresql to accept SSL connections only
Cannot force Postgresql to accept SSL connections only

Time:03-09

Here's my current config:

postgresql.conf:

ssl = on
ssl_cert_file = '/etc/postgresql/12/main/fullchain.pem'
ssl_key_file = '/etc/postgresql/12/main/privkey.pem'

pg_hba.conf:

local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            md5
host    replication     all             ::1/128                 md5
# IPv4 remote connections:
hostssl all             all             0.0.0.0/0               md5
# IPv6 remote connections:
hostssl all             all             ::/0                    md5

Still, my Django application is able to migrate database changes with and without 'OPTIONS': {'sslmode': 'require'} and that is not what I want. I want Postgresql to reject non-ssl connections and I don't know what I'm missing here.

P.S: Certificate is valid and created by certbot.

CodePudding user response:

Looks ok. To verify you should try with

'OPTIONS': {'sslmode': 'disable'}

It probably defaults to prefer so it was still connecting using SSL.

Page link:https//www.codepudding.com/os/328949.html

Prev:Django TypeError at /signup/ 'in <string>' requires string as left operand, not list
Next:Django How do I check that a choices field is not blank in a filter
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding