0

I need ssl connection between postgresql (patroni cluster) and Haproxy but I didnt find any related docs. Is it possible to configure haproxy via ssl without using pgbouncer or pgpool tools.

I can connect directly to the database server with ssl configuration but I can't connect by using Haproxy,

-bash-4.2$ psql -d "host=x.x.x.x port=7010 dbname=postgres user=test"
psql: error: server closed the connection unexpectedly
    This probably means the server terminated abnormally
    before or while processing the request.
-bash-4.2$

there is no log record on postgresql.

Thanks.

Adelino Silva
  • 577
  • 3
  • 16
aliosman
  • 1
  • 3
  • Is there a log record on haproxy? – jjanes Oct 18 '22 at 14:49
  • Please also show the command that connects directly. – jjanes Oct 18 '22 at 14:49
  • there is no log record, because log not configured, test command; -bash-4.2$ psql -d "host=x.x.x.x port=5432 dbname=postgres user=test" Password for user test: psql (12.11, server 12.12) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) Type "help" for help. postgres=> – – aliosman Oct 18 '22 at 19:15
  • Are the x.x.x.x the same and only the port number differ? If you 'unconfigure' ssl, can you then connect through haproxy? – jjanes Oct 18 '22 at 19:34
  • No, haproxy works on different machines, so ip and port number different on haproxy test connection, I connected by server:5432 configuration and I also connected haproxyip:port without ssl config, but I could not connect after ssl configuration. – aliosman Oct 19 '22 at 06:58
  • For me it "just worked" with the bare-bones configuration (TCP proxying 5431 to 5432 on the same host). I didn't have to do anything special to get it to work over SSL. – jjanes Oct 19 '22 at 13:02
  • Do you have any good documantation about haproxy-postgresql-ssl configuration. I think I did missconfiguration. Thanks. – aliosman Oct 20 '22 at 07:48
  • Sorry, I don't. I've never used haproxy before, I just installed it with apt, did the configuration and experiment already described (both with and without ssl), then reported the result and used apt to uninstall it. – jjanes Oct 20 '22 at 17:21

0 Answers0