Skip to content

Commit

Permalink
API: make psql SSL config more flexible (#338)
Browse files Browse the repository at this point in the history 
This works (verified) for our three main scenarios:
- Without SSL, e.g locally: SSL is disabled (`POSTGRESQL_USE_SSL` is
false or undefined)
- With SSL - no self-signed certificate, e.g Azure: SSL is enabled but
no custom CA used (`POSTGRESQL_USE_SSL` is true and `POSTGRESQL_CA_CERT`
is undefined)
- With SSL - with self-signed certificate, e.g. DigitalOcean: SSL is
enabled and custom CA cert can be set using `POSTGRESQL_CA_CERT`
(`POSTGRESQL_USE_SSL` is true and `POSTGRESQL_CA_CERT` is set)
  • Loading branch information
@dkarnutsch
dkarnutsch authored Aug 26, 2024
1 parent 7016736 commit 41312d5
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions api/src/config/environment-variables.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ export class EnvironmentVariables {
@Transform(({ value }) => value === "true")
POSTGRESQL_USE_SSL: boolean;

@IsOptional()
@IsString()
POSTGRESQL_CA_CERT?: string;

@Type(() => Number)
@IsInt()
POSTGRESQL_PORT: number;
Expand Down
2 changes: 1 addition & 1 deletion api/src/db/ormconfig.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export const ormConfig = createOrmConfig({
password: process.env.POSTGRESQL_PASSWORD,
dbName: process.env.POSTGRESQL_DB,
driverOptions: {
connection: { ssl: process.env.POSTGRESQL_USE_SSL === "true" },
connection: { ssl: process.env.POSTGRESQL_USE_SSL === "true" ? { rejectUnauthorized: true, ca: process.env.POSTGRESQL_CA_CERT } : false },
},
namingStrategy: EntityCaseNamingStrategy,
debug: false,
Expand Down

0 comments on commit 41312d5

Please sign in to comment.