Database
How to Configure SSL on PostgreSQL
Generate SSL Certificate
- The first step is to generate an SSL certificate that will be used to secure the communication between the client and the server.
- This can be done using a tool such as OpenSSL.
- For example, to generate a self-signed certificate, you can use the following command:
openssl req -new -x509 -nodes -out server.crt -keyout server.key
This will generate a certificate and a private key file in the current directory.
-
Configure PostgreSQL Server
- The next step is to configure the PostgreSQL server to use SSL.
- Open the
postgresql.conf
file and uncomment thessl
line and set its value toon
. - Also, uncomment the
ssl_cert_file
andssl_key_file
lines and set their values to the paths of the certificate and private key files generated in step 1.
-
Configure PostgreSQL Client
- The PostgreSQL client must also be configured to use SSL to communicate with the server.
- Open the
pg_hba.conf
file and add an entry for SSL connections. - For example:
hostssl all all 0.0.0.0/0 md5 clientcert=1
This will allow SSL connections from any IP address using the md5 authentication method and require the client to provide a valid SSL certificate.
-
Restart PostgreSQL Server
- After making the above changes, you need to restart the PostgreSQL server for the changes to take effect.
-
Test SSL Connection
- To test the SSL connection, you can use the
psql
command-line tool with the-sslmode
option set torequire
. - For example:
- To test the SSL connection, you can use the
psql -h -U -d -sslmode=require
This will establish an SSL-encrypted connection to the PostgreSQL server.
Note: It’s important to keep the SSL certificate and private key files secure and to configure the server and client to use strong encryption protocols and ciphers.
Enable SSL in PostgreSQL client
Configure following three files on ~/.postgresql/ directory
root.crt (trusted root certificate)
postgresql.crt (client certificate)
postgresql.key (private key)
genarte postgresql.key on client side machine and purge the passphrase.
$ openssl genrsa -des3 -out /tmp/postgresql.key 1024
$ openssl rsa -in /crt/postgresql.key -out /crt/postgresql.key
genrate postgresql.crt, and sign it with using the trusted root (private key file from the database server). Please note, when you are prompted for certificate common name (CN), set it to database name.
$ openssl req -new -key /tmp/postgresql.key -out /tmp/postgresql.csr
$ openssl x509 -req -in server.req -out /tmp/postgresql.csr -CA root.crt -CAkey server.key -out /tmp/postgresql.crt -CAcreateserial
Copy the three files created in server’s /tmp directory to client machine.
Copy root.crt from server /tmp directory to client’s ~/.postgresql/ directory.
Once all is done connect to database from client
and on database check if you are able to see the connection with ssl = True (T) using floowing quesry
SELECT datname,usename, ssl, client_addr
FROM pg_stat_ssl
JOIN pg_stat_activity
ON pg_stat_ssl.pid = pg_stat_activity.pid;
How to Start and Stop the PostgreSQL Database
AWS
aws rds start-db-instance --db-instance-identifier
aws rds stop-db-instance --db-instance-identifier
Linux
--Run as postgresql linux user
pg_ctl start -D
--Run as postgresql linux user
pg_ctl stop -D
sudo systemctl start postgresql
sudo systemctl stop postgresql
Azure
az login
az postgres server stop --resource-group --name
az postgres server start --resource-group --name
awscli Command to Find PostgreSQL rds Free and Used Space
To determine the free and used disk space of a PostgreSQL RDS instance using the AWS CLI, you can use the describe-db-instances command and filter the output to show the FreeStorageSpace and AllocatedStorage fields:
aws rds describe-db-instances --query 'DBInstances[*].{ID:DBInstanceIdentifier, Free:FreeStorageSpace, Allocated:AllocatedStorage}' --output table
This will give you a table with the ID of the RDS instance, the Free disk space in GB, and the Allocated disk space in GB. You can use these values to calculate the used disk space by subtracting the free disk space from the allocated disk space.
How to Resize PostgreSQL rds Disk Size Using awscli commands
To resize the disk size of a PostgreSQL RDS instance using the AWS CLI, you need to follow these steps but before that try to get the used and free space by running these commands from my artical
1.First, stop the RDS instance.
aws rds stop-db-instance --db-instance-identifier
Modify the RDS instance’s disk size using the modify-db-instance command:
aws rds modify-db-instance --db-instance-identifier --allocated-storage
start the instance
aws rds start-db-instance --db-instance-identifier