I'm trying to set up gitlab omnibus with a remote postgresql database. The connection between gitlab and postgres should be encrypted but I'm having trouble with the configuration.
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "utf8"
gitlab_rails['db_collation'] = nil
gitlab_rails['db_database'] = "gitlabhq_production"
gitlab_rails['db_pool'] = 10
gitlab_rails['db_username'] = "gitlab"
gitlab_rails['db_password'] = "MYPASSWORD"
gitlab_rails['db_host'] = "db.example.com"
gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
# gitlab_rails['db_sslmode'] = nil
gitlab_rails['db_sslrootcert'] = "/usr/local/share/ca-certificates/cacert-class3.crt"
gitlab_rails['db_prepared_statements'] = true
gitlab_rails['db_statements_limit'] = 1000
With this configuration gilab-ctl reconfigure fails with:
PG::ConnectionBad: SSL error: certificate verify failed
FATAL: no pg_hba.conf entry for host "MY_IP", user "gitlab", database "gitlabhq_production", SSL off
I'm a bit lost here and couldn't find any documentation about available options for db_sslmode which I suspect to be misconfigured. I only found verify-full, but don't want to have certificates in two places, as long as it's signed that should be sufficient.
I can connect to the database when running psql manually.
Are there any other options to set?
