archive-gh-me/node-postgres
1
0
Fork 0
mirror of https://github.com/brianc/node-postgres.git synced 2025-12-08 20:16:25 +00:00
Code Issues Projects Releases Wiki Activity
node-postgres/docs/pages/features/ssl.mdx
Brian C 1aa08274a5
Migrate docs repo into monorepo (#2823) 
* Move files over

* Finish initial port of content
2022-10-10 12:20:46 -05:00

62 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

---
title: SSL
slug: /features/ssl
---
node-postgres supports TLS/SSL connections to your PostgreSQL server as long as the server is configured to support it. When instantiating a pool or a client you can provide an `ssl` property on the config object and it will be passed to the constructor for the [node TLSSocket](https://nodejs.org/api/tls.html#tls_class_tls_tlssocket).
## Self-signed cert
Here's an example of a configuration you can use to connect a client or a pool to a PostgreSQL server.
```js
const config = {
database: 'database-name',
host: 'host-or-ip',
// this object will be passed to the TLSSocket constructor
ssl: {
rejectUnauthorized: false,
ca: fs.readFileSync('/path/to/server-certificates/root.crt').toString(),
key: fs.readFileSync('/path/to/client-key/postgresql.key').toString(),
cert: fs.readFileSync('/path/to/client-certificates/postgresql.crt').toString(),
},
}
import { Client, Pool } from 'pg'
const client = new Client(config)
client.connect(err => {
if (err) {
console.error('error connecting', err.stack)
} else {
console.log('connected')
client.end()
}
})
const pool = new Pool(config)
pool
.connect()
.then(client => {
console.log('connected')
client.release()
})
.catch(err => console.error('error connecting', err.stack))
.then(() => pool.end())
```
## Usage with `connectionString`
If you plan to use a combination of a database connection string from the environment and SSL settings in the config object directly, then you must avoid including any of `sslcert`, `sslkey`, `sslrootcert`, or `sslmode` in the connection string. If any of these options are used then the `ssl` object is replaced and any additional options provided there will be lost.
```js
const config = {
connectionString: 'postgres://user:password@host:port/db?sslmode=require',
// Beware! The ssl object is overwritten when parsing the connectionString
ssl: {
rejectUnauthorized: false,
ca: fs.readFileSync('/path/to/server-certificates/root.crt').toString(),
},
}
```
Reference in New Issue View Git Blame Copy Permalink