Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SSL connections to PostgreSQL #63

Closed
billux opened this issue Mar 13, 2020 · 6 comments · Fixed by #268
Closed

Support SSL connections to PostgreSQL #63

billux opened this issue Mar 13, 2020 · 6 comments · Fixed by #268
Assignees
@stepankuzmin
Labels
enhancement

Comments

@billux
Copy link

billux commented Mar 13, 2020

As mentionned here, martin doesn't support SSL connections to PostgreSQL since TlsMode is hardcoded to None here.

Is it possible to make this configurable, either using sslmode variable in the connection string or with a specific setting?

Thank!
@stepankuzmin stepankuzmin self-assigned this Mar 14, 2020
stepankuzmin pushed a commit that referenced this issue May 11, 2020
feat: add ssl/tls support #63
cacbaf2
stepankuzmin pushed a commit that referenced this issue May 11, 2020
feat: add ssl/tls support #63
dd83df6
stepankuzmin added a commit that referenced this issue Jun 2, 2020
@stepankuzmin
feat: add ssl/tls support #63 (#90)
c1c59e1 
* feat: add ssl/tls support #63

* feat: add danger-accept-invalid-certs option

* ci: switch to ekidd/rust-musl-builder:stable

* ci: enable docker/build-push-action
@lkleuver
Copy link

Is this being added in the very near future?
We use a digitalocean managed DB which requires SSL.
Would really like keeping Martin but otherwise, we will need to find a different tile server solution.

I'm still in the very early stages of learning Rust so I'm afraid I can't really contribute (yet)

@StefanBrand
Copy link

@lkleuver It seems it has been merged to master (#90), so you should be able to build martin yourself.

@douglasg14b
Copy link

@stepankuzmin Will there be an updated release that contains these changes?

@shaunakv1
Copy link

shaunakv1 commented Sep 30, 2021
edited
Loading

I second, that, this is a critically needed feature @stepankuzmin !

@stepankuzmin stepankuzmin mentioned this issue Oct 17, 2021
Merged
@stepankuzmin
Copy link
Collaborator

Hi everyone,

Sorry for the extended response, and thanks for your patience. I've published the pre-release version v1.0.0-alpha.0, and updated README adding two recipes of using Martin with DigitalOcean and Heroku Managed PostgreSQL.

Feel free to try it as a urbica/martin:1.0.0-alpha.0 docker image.

Using with DigitalOcean PostgreSQL

You can use Martin with Managed PostgreSQL from DigitalOcean with PostGIS extension

First, you need to download the CA certificate and get your cluster connection string from the dashboard. After that, you can use the connection string and the CA certificate to connect to the database.

martin --ca-root-file ./ca-certificate.crt postgres://user:password@host:port/db?sslmode=require

Using with Heroku PostgreSQL

You can use Martin with Managed PostgreSQL from Heroku with PostGIS extension

heroku pg:psql -a APP_NAME -c 'create extension postgis'

To trust the Heroku certificate, you can disable certificate validation with either the DANGER_ACCEPT_INVALID_CERTS environment variable

DATABASE_URL=$(heroku config:get DATABASE_URL -a APP_NAME) DANGER_ACCEPT_INVALID_CERTS=true martin

or --danger-accept-invalid-certs command-line argument

martin --danger-accept-invalid-certs $(heroku config:get DATABASE_URL -a APP_NAME)

@shaunakv1
Copy link

@stepankuzmin Thanks for this fix! Just tested this on azure webapp backed by azure postgresql and it works well. We run our webapp and postgres on a subnet and trust the certificate so I just set the DANGER_ACCEPT_INVALID_CERTS=true , in case it helps anyone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stepankuzmin stepankuzmin

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: use openssl for tls connections, add CA_ROOT_FILE support maplibre/martin
6 participants
@billux @lkleuver @stepankuzmin @shaunakv1 @douglasg14b @StefanBrand