[英]Provide SSL certificate to PostgreSQL in a Rails app
I have a Rails app on Elastic Beanstalk using an Amazon RDS PostgreSQL instance. 我使用Amazon RDS PostgreSQL实例在Elastic Beanstalk上有一个Rails应用程序。
I'd like pg to use SSL to connect to this DB. 我想pg使用SSL连接到这个数据库。
Following http://docs.aws.amazon.com/AmazonRDS/[...] , I saved rds-combined-ca-bundle.pem at /config/ca/rds.pem
and my database.yml
looks like this: 关于http://docs.aws.amazon.com/AmazonRDS/ [...] ,我在
/config/ca/rds.pem
保存了rds-combined-ca-bundle.pem ,我的database.yml
如下所示:
production:
adapter: postgresql
database: <%= ENV['DB_NAME'] %>
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
host: <%= ENV['DB_ADDRESS'] %>
port: <%= ENV['DB_PORT'] %>
sslmode: 'require'
sslrootcert: 'config/ca/rds.pem'
But I have no idea if it's really using SSL: I can change sslrootcert
path to anything, and my app is still up. 但我不知道它是否真的使用SSL:我可以将
sslrootcert
路径更改为任何内容,而我的应用程序仍在运行。 What am I missing? 我错过了什么?
In your database.yml
you have to use sslmode: 'verify-full'
instead of sslmode: 'require'
in order to verify the instance endpoint against the endpoint in the SSL certificate. 在您的
database.yml
您必须使用sslmode: 'verify-full'
而不是sslmode: 'require'
,以便在SSL证书中验证针对端点的实例端点。 This way the certificate is used. 这样就可以使用证书了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.