Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
ProGet with Postgres database using SSL Host base authentication
-
Hello everybody,
I'm currently experimenting ProGet with docker container. ProGet is configured to work with a Postgres database hosted in a public cloud. I would like that the connection between ProGet and Postgres database are encrypted through ssl and clients authentication are made with a client certificate.
Postgres database is well configured and I have already tested the SSL encryption and SSL host authentication with others applications.
My problem is on the ProGet docker container side : I can etablish a SSL connection between ProGet docker container and the database but I get an error telling me that the database require a client certificate. I have mounted the proget docker container with three secrets : one for the client certificate, on for the client private key and one for root certificate authority certificate. The problem is that a I don't know where ProGet is configured to look for theses files.
Is it possible to specified theses files in the connection string ? or through environment variables ?
I have seen in the ProGet stack trace that you are using NPSQL in order to communicate with Postgres database. On git hub, one of NPSQL maintainer said that is it possible to handle client certificate.
Here is the github post.
On the NPSQL official web site it is stated in the Security and Encryption section that :
"Note that by default, Npgsql will verify that your server's certificate is valid. If you're using a self-signed certificate this will fail. You can instruct Npgsql to ignore this by specifying Trust Server Certificate=true in the connection string. To precisely control how the server's certificate is validated, you can register UserCertificateValidationCallback on NpgsqlConnection (this works just like on .NET's SSLStream).
You can also have Npgsql provide client certificates to the server by registering the ProvideClientCertificatesCallback on NpgsqlConnection (this works just like on .NET's SSLStream)."
Its seems that it is also not possible to specifies theses files in the connection string since there is no sslcert, sslkey or sslrootcert attributes. Here is the available connection string attribute.
Thanks in advance for your help.
Product: ProGet
Version: 5.2.0-beta.57
-
Postgres is deprecated, see upgrade note for 5.2
-
Thank you for taking the time to give me an answer.
Is there a special reason why Postgres will not be supported in the future release ?
Thank in advance,
-
The Postgres container has had a lot of performance problems at scale, and neither our customers nor engineers could figure it out. A regular instance was fine, but our customers wanted containers.
But in the long term, maintaining two separate code bases doesn't make sense. And now that Sql Server is available, it makes sense to do it.
-
Thank you very much for your precision. I realy appreciate it. I personaly work with non conterize Postgres database in order to avoid data corruption issue; but I understand your make this decision.
Hava a good day,
Mathieu HOFERT