在Rails应用程序中为PostgreSQL提供SSL证书
[英]Provide SSL certificate to PostgreSQL in a Rails app
问题描述
I have a Rails app on Elastic Beanstalk using an Amazon RDS PostgreSQL instance. 
我使用Amazon RDS PostgreSQL实例在Elastic Beanstalk上有一个Rails应用程序。
I'd like pg to use SSL to connect to this DB. 我想pg使用SSL连接到这个数据库。
Following http://docs.aws.amazon.com/AmazonRDS/[...] , I saved rds-combined-ca-bundle.pem at /config/ca/rds.pem and my database.yml looks like this: 关于http://docs.aws.amazon.com/AmazonRDS/ [...] ,我在/config/ca/rds.pem保存了rds-combined-ca-bundle.pem ,我的database.yml如下所示:
production:
adapter: postgresql
database: <%= ENV['DB_NAME'] %>
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
host: <%= ENV['DB_ADDRESS'] %>
port: <%= ENV['DB_PORT'] %>
sslmode: 'require'
sslrootcert: 'config/ca/rds.pem'
But I have no idea if it's really using SSL: I can change sslrootcert path to anything, and my app is still up. 但我不知道它是否真的使用SSL:我可以将sslrootcert路径更改为任何内容,而我的应用程序仍在运行。 What am I missing? 我错过了什么?
1 个解决方案
解决方案1
10 已采纳 2015-02-26 06:53:16
In your database.yml you have to use sslmode: 'verify-full' instead of sslmode: 'require' in order to verify the instance endpoint against the endpoint in the SSL certificate. 在您的database.yml您必须使用sslmode: 'verify-full'而不是sslmode: 'require' ,以便在SSL证书中验证针对端点的实例端点。 This way the certificate is used. 这样就可以使用证书了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.