不能强制 Postgresql 只接受 SSL 连接
Cannot force Postgresql to accept SSL connections only
这是我当前的配置:
postgresql.conf:
ssl = on
ssl_cert_file = '/etc/postgresql/12/main/fullchain.pem'
ssl_key_file = '/etc/postgresql/12/main/privkey.pem'
pg_hba.conf:
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
# IPv4 remote connections:
hostssl all all 0.0.0.0/0 md5
# IPv6 remote connections:
hostssl all all ::/0 md5
不过,我的 Django 应用程序能够迁移数据库更改 with 和 without 'OPTIONS': {'sslmode': 'require'} 而这不是我想要的想。我希望 Postgresql 拒绝非 SSL 连接,但我不知道我在这里遗漏了什么。
P.S:证书有效并由 certbot 创建。
看起来不错。要验证你应该尝试
'OPTIONS': {'sslmode': 'disable'}
它可能默认为 prefer 所以它仍然使用 SSL 连接。
这是我当前的配置:
postgresql.conf:
ssl = on
ssl_cert_file = '/etc/postgresql/12/main/fullchain.pem'
ssl_key_file = '/etc/postgresql/12/main/privkey.pem'
pg_hba.conf:
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
# IPv4 remote connections:
hostssl all all 0.0.0.0/0 md5
# IPv6 remote connections:
hostssl all all ::/0 md5
不过,我的 Django 应用程序能够迁移数据库更改 with 和 without 'OPTIONS': {'sslmode': 'require'} 而这不是我想要的想。我希望 Postgresql 拒绝非 SSL 连接,但我不知道我在这里遗漏了什么。
P.S:证书有效并由 certbot 创建。
看起来不错。要验证你应该尝试
'OPTIONS': {'sslmode': 'disable'}
它可能默认为 prefer 所以它仍然使用 SSL 连接。