Configuring Postgres with TLS

Introduction

This document describes the steps required to configure a TLS connection for Postgres.

Set sslmode

sslmode needs to be set in the Postgres connection string as explained in the official Postgres documentation.

Configure CA for Self-Signed Certificates

This only needs to be done in case you have signed the certificates with your own private CA.

Mount CA PEM File into Container

Your CA PEM file needs to be mounted into the container running the services that should establish a TLS connection with Postgres. You can choose an arbitrary path inside the container.

Set SSL_CERT_FILE or SSL_CERT_DIR

Set either the container environment variable SSL_CERT_FILE or SSL_CERT_DIR to point to the file or directory, respectively, you have mounted your CA PEM file to.