You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/concepts/managed-storage/managed-postgres.mdx
+40-3Lines changed: 40 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,6 +37,43 @@ You can also set the following optional environment variables to configure the m
37
37
38
38
You can connect to the managed Postgres instance using the name of your service as the hostname, `POSTGRES_USER`, `POSTGRES_DB`, and `POSTGRES_PASSWORD` environment variables.
39
39
40
+
#### SSL
41
+
42
+
By default, Defang configures managed Postgres instances to require SSL connections. To connect to the database, you will need to use a connection string that includes `sslmode=require`.
43
+
44
+
If your application does not connect using SSL, you will see an error message like the following:
45
+
46
+
```
47
+
error: no pg_hba.conf entry for host "10.0.12.123", user "mydbuser", database "myappdatabase", no encryption
48
+
```
49
+
50
+
We recommend setting a defang config variable for the `SSL_MODE`, and then using that variable in your connection string. That way you can keep it empty for local development, and set it to `require` for production.
51
+
52
+
```
53
+
$ defang config set SSL_MODE=require
54
+
```
55
+
Then you can set up your `compose.yaml` file like this:
56
+
```yaml
57
+
app:
58
+
# [...]
59
+
environment:
60
+
POSTGRES_HOST: database
61
+
POSTGRES_USER: postgres
62
+
POSTGRES_DB: postgres
63
+
POSTGRES_PASSWORD: # load from defang config
64
+
# Note: you can create a connection string by using interpolation,
65
+
# reference config variables by using ${<config name>}
0 commit comments