-
Notifications
You must be signed in to change notification settings - Fork 33
DB SSL
Isaac edited this page Aug 16, 2022
·
2 revisions
Release v1.0.2 added support for SSL connections to the database.
To get started, change the DB_SSL environment variable to one of the following.
- disable - No SSL
- require - Always SSL (skip verification)
- verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
- verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the - one in the certificate)
Then set the environment variable DB_SSL_ROOT_CERT to the container path of the Database's root certificate. Placing the certificate file in the mounted data folder allows you to set the DB_SSL_ROOT_CERT path to /data/cert-name.crt.
- Recommended
DB_SSLsetting isverify-full. - If you receive an error when using
verify-fullalong the lines ofx509: certificate relies on legacy Common Name field, then setDB_SSLtoverify-caor update your database's root certificate.