aherman
/
proxysql
mirror of https://github.com/sysown/proxysql
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6d6015a203'
${ noResults }
proxysql/test/infra/docker-pgsql16-single/conf/pgsql/pgsql1/pg_hba.conf

42 lines
2.5 KiB
Raw Blame History

# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# CAUTION: Configuring the system for local "trust" authentication
# allows any local user to connect as any PostgreSQL user, including
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
host all all all scram-sha-256
# export PGSSLMODE=<mode> or psql --set=sslmode=<mode> ??? doesn't work ???
# disable: No encryption is used, and no security is provided.
# allow: Encryption is used only if the server requires it; otherwise, the connection proceeds without encryption.
# prefer: The client attempts to use encryption if the server supports it, but falls back to non-encrypted connections if necessary.
# require: Encryption is enforced, and the connection will fail if the server does not support SSL. However, no certificate verification is performed, so MITM protection is not provided.
# verify-ca: Encryption is used, and the server's certificate is verified against a trusted Certificate Authority (CA) on the client side. This provides eavesdropping protection and depends on the CA policy for MITM protection.
# verify-full: Encryption is used, and the client verifies both the server's certificate chain and the server's hostname against the certificate's Subject Alternative Name (SAN) or Common Name (CN). This mode provides the highest level of security, including MITM protection, and is recommended for security-sensitive environments.
#hostssl all all all cert clientcert=0
hostssl all all all cert
Reference in new issue View Git Blame Copy Permalink