我是 openssl 設定、Postgres 和 Progress DataDirect ODBC 驅動程式的新手,我正在嘗試進行設定。我讓 Postgres 在容器中工作,設定為
tjcw:~$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt
Enter pass phrase for fd.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
tjcw:~$ openssl rsa -in fd.key -out fd.plain.key
Enter pass phrase for fd.key:
writing RSA key
tjcw:~$
這在我的 Dockerfile 中
FROM docker.io/postgres
COPY init-user-db.sh /docker-entrypoint-initdb.d
RUN chmod +x /docker-entrypoint-initdb.d/init-user-db.sh
RUN mkdir /var/lib/postgresql/ssl
RUN chown postgres.postgres /var/lib/postgresql/ssl
COPY fd.crt /var/lib/postgresql/ssl/server.crt
COPY fd.plain.key /var/lib/postgresql/ssl/server.key
RUN chown postgres.postgres /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN chmod 400 /var/lib/postgresql/ssl/server.crt /var/lib/postgresql/ssl/server.key
RUN ls -ld /var/ /var/lib/ /var/lib/postgresql/ /var/lib/postgresql/ssl/
RUN sed -i 's/#ssl = off/ssl = on/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's/#ssl/ssl/' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.crt-/var/lib/postgresql/ssl/server.crt-' /usr/share/postgresql/postgresql.conf.sample
RUN sed -i 's-server.key-/var/lib/postgresql/ssl/server.key-' /usr/share/postgresql/postgresql.conf.sample
podman logs顯示伺服器按預期啟動。
但我不知道如何配置客戶端。這就是我在/etc/odbcinst.ini沒有加密的情況下運行的情況
[ODBC Data Sources]
PostgreSQL=DataDirect 8.0 PostgreSQL
# Driver from the postgresql-odbc package
# Setup from the unixODBC package
[PostgreSQL]
Description = ODBC for PostgreSQL
Driver = /home/tjcw/ODBC/drivers/lib/UKpsql95.so
HostName=localhost
PortNumber=5432
Database=acedb
Progress DataDirect 文件位於此處https://docs.progress.com/bundle/datadirect-postgresql-odbc-80/page/Certificate-based-authentication_2.html但我不清楚我需要在客戶端做什麼才能使其正常工作。
請有人給我舉個例子。
答案1
我將以下內容放入 ~/odbc.ini
[ODBC Data Sources]
POSTGRES=DataDirect ODBC Postgres Wire Protocol
;# POSTGRES stanza
[ACEDB]
DRIVER=/home/tjcw/ODBC/drivers/lib/UKpsql95.so
Description=IBM Postgres ODBC Database
Database=acedb
HostName=localhost
PortNumber=5432
;PortNumber=33679
EncryptionMethod=1
HostName=localhost
HostNameInCertificate=localhost
ValidateServerCertificate=0
並執行 SQL 請求。
tjcw:src$ sudo tcpdump -i lo -w tcpdump.log 'tcp port 5432'
dropped privs to tcpdump
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
^C31 packets captured
62 packets received by filter
0 packets dropped by kernel
tjcw:src$ wireshark
給了我下面的圖片
