SecNex/pgproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ssl): Add LetsEncrypt certificate option

Browse Source
This commit is contained in:
Björn Benouarets
2025-12-16 14:15:16 +01:00
parent 69a42d957d
commit eec632ff97
10 changed files with 568 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
generate-cert.sh Normal file
View File

@@ -0,0 +1,64 @@
#!/bin/bash
# Generate self-signed certificate for PostgreSQL proxy
# Usage: ./generate-cert.sh [hostname1] [hostname2] ...
HOSTNAMES=("dev.db.deinserver.co" "tst.db.deinserver.co" "prd.db.deinserver.co")
# Add additional hostnames from command line arguments
if [ $# -gt 0 ]; then
HOSTNAMES=("$@")
fi
# Create certs directory if it doesn't exist
mkdir -p certs
# Build subject alternative names (SAN)
SAN=""
for hostname in "${HOSTNAMES[@]}"; do
if [ -n "$SAN" ]; then
SAN="${SAN},DNS:${hostname}"
else
SAN="DNS:${hostname}"
fi
done
echo "Generating self-signed certificate for: ${HOSTNAMES[*]}"
echo "SAN: ${SAN}"
# Generate private key
openssl genrsa -out certs/server.key 2048
# Generate certificate signing request
openssl req -new -key certs/server.key -out certs/server.csr -subj "/CN=${HOSTNAMES[0]}" -addext "subjectAltName=${SAN}"
# Generate self-signed certificate (valid for 10 years)
openssl x509 -req -days 3650 -in certs/server.csr -signkey certs/server.key -out certs/server.crt -extensions v3_req -extfile <(
cat <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[v3_req]
subjectAltName = @alt_names
[alt_names]
EOF
for i in "${!HOSTNAMES[@]}"; do
echo "DNS.$((i+1)) = ${HOSTNAMES[$i]}"
done
)
# Clean up CSR
rm certs/server.csr
echo "Certificate generated successfully!"
echo "Certificate: certs/server.crt"
echo "Private key: certs/server.key"
echo ""
echo "Add to your config.yaml:"
echo "tls:"
echo " enabled: true"
echo " cert_file: /path/to/certs/server.crt"
echo " key_file: /path/to/certs/server.key"