저는 openssl 구성, Postgres 및 Progress DataDirect ODBC 드라이버를 처음 사용하며 이를 설정하려고 합니다. Postgres가 컨테이너에서 작동하도록 설정했습니다.
tjcw:~$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt
Enter pass phrase for fd.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
tjcw:~$ openssl rsa -in fd.key -out fd.plain.key
Enter pass phrase for fd.key:
writing RSA key
tjcw:~$
그리고 이건 내 Dockerfile에 있어요
FROM docker.io/postgres
COPY init-user-db.sh /docker-entrypoint-initdb.d
RUN chmod +x /docker-entrypoint-initdb.d/init-user-db.sh
RUN mkdir /var/lib/postgresql/ssl
RUN chown postgres.postgres /var/lib/postgresql/ssl
COPY fd.crt /var/lib/postgresql/ssl/server.crt
COPY fd.plain.key /var/lib/postgresql/ssl/server.key
RUN chown postgres.postgres /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN chmod 400 /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN ls -ld /var/ /var/lib/ /var/lib/postgresql/ /var/lib/postgresql/ssl/
RUN sed -i 's/#ssl = off/ssl = on/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's/#ssl/ssl/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.crt-/var/lib/postgresql/ssl/server.crt-' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.key-/var/lib/postgresql/ssl/server.key-' /usr/share/postgresql/postgresql.conf.sample
podman logs서버가 예상대로 시작되는 것을 보여줍니다.
하지만 클라이언트를 구성하는 방법을 모르겠습니다. 이것이 /etc/odbcinst.ini암호화 없이 실행해야 했던 것입니다.
[ODBC Data Sources]
PostgreSQL=DataDirect 8.0 PostgreSQL
# Driver from the postgresql-odbc package
# Setup from the unixODBC package
[PostgreSQL]
Description = ODBC for PostgreSQL
Driver = /home/tjcw/ODBC/drivers/lib/UKpsql95.so
HostName=localhost
PortNumber=5432
Database=acedb
Progress DataDirect 문서는 여기에 있습니다.https://docs.progress.com/bundle/datadirect-postgresql-odbc-80/page/Certificate-based-authentication_2.html하지만 이 작업을 수행하려면 클라이언트 측에서 무엇을 해야 하는지 명확하지 않습니다.
누군가 나에게 이에 대한 예를 들어 줄 수 있습니까?
답변1
~/odbc.ini에 다음을 넣었습니다.
[ODBC Data Sources]
POSTGRES=DataDirect ODBC Postgres Wire Protocol
;# POSTGRES stanza
[ACEDB]
DRIVER=/home/tjcw/ODBC/drivers/lib/UKpsql95.so
Description=IBM Postgres ODBC Database
Database=acedb
HostName=localhost
PortNumber=5432
;PortNumber=33679
EncryptionMethod=1
HostName=localhost
HostNameInCertificate=localhost
ValidateServerCertificate=0
그리고 SQL 요청을 실행했습니다.
tjcw:src$ sudo tcpdump -i lo -w tcpdump.log 'tcp port 5432'
dropped privs to tcpdump
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
^C31 packets captured
62 packets received by filter
0 packets dropped by kernel
tjcw:src$ wireshark
나에게 다음 사진을 줬어
