Created
July 28, 2019 12:58
-
-
Save euri10/27dafde376b145fa5447a07fd79c2784 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euxo pipefail | |
BASEDIR=$(dirname "$0") | |
mkdir -p ${BASEDIR}/cert && cd ${BASEDIR}/cert | |
sudo rm -f server-key.pem | |
# server certificate | |
openssl req -new -nodes -text -out ca.csr -keyout ca-key.pem -subj "/CN=certificate-authority" | |
openssl x509 -req -in ca.csr -text -extfile /etc/ssl/openssl.cnf -extensions v3_ca -signkey ca-key.pem -out ca-cert.pem | |
openssl req -new -nodes -text -out server.csr -keyout server-key.pem -subj "/CN=pg-server" | |
openssl x509 -req -in server.csr -text -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem | |
# client key and certificate: | |
openssl req -new -nodes -text -out client.csr -keyout client-key.pem -subj "/CN=pg-client" | |
openssl x509 -req -in client.csr -text -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem | |
# Set permissions for client | |
# To simplify the connection, let's use the default names | |
rm -rf client && mkdir -p client | |
cp ca-cert.pem client/root.crt | |
cp client-cert.pem client/postgresql.crt | |
cp client-key.pem client/postgresql.key | |
# perms and users for docker | |
chmod 600 server-key.pem | |
sudo chown 70:70 server-key.pem | |
docker stop encodedb || true && docker rm encodedb || true | |
docker run -d --name encodedb -p 5555:5432 \ | |
-v $PWD/server-cert.pem:/var/lib/postgresql/server-cert.pem:ro \ | |
-v $PWD/server-key.pem:/var/lib/postgresql/server-key.pem:ro \ | |
-v $PWD/ca-cert.pem:/var/lib/postgresql/ca-cert.pem:ro \ | |
postgres:11-alpine \ | |
-c ssl=on \ | |
-c ssl_cert_file=/var/lib/postgresql/server-cert.pem \ | |
-c ssl_key_file=/var/lib/postgresql/server-key.pem \ | |
-c ssl_ca_file=/var/lib/postgresql/ca-cert.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment