TLS/SSL conncetion to postgressDB

luke.fishman

How do i connect Fusionauth to Postgress DB using a secure (TLS/SSL) connection?

I ran FusionAuth using dokcer-compose file :

version: '3'

services:
  fusionauth:
    image: funzacr.azurecr.io/fusionauth:v1.27

    environment:
      DATABASE_URL: jdbc:postgresql://<DB_NAME>.postgres.database.azure.com:5432/<DB_TABLE>

      DATABASE_USERNAME: <username>@<DB_NAME>
      DATABASE_PASSWORD: <PASSWORD>
      FUSIONAUTH_APP_MEMORY: 1024M
      FUSIONAUTH_APP_RUNTIME_MODE: production
      FUSIONAUTH_APP_URL: http://fusionauth:9011
      SEARCH_SERVERS: <elasticsearch_url>
      SEARCH_TYPE: elasticsearch

    networks:
      - search
    restart: unless-stopped
    ports:
      - 9011:9011
    volumes:
      - fa_config:/usr/local/fusionauth/config

networks:
  search:
    driver: bridge

volumes:
  fa_config:

joshua

@luke-fishman

I am checking on this for you and will let you know what I find out. One good place to start might be here

https://www.postgresql.org/docs/9.1/libpq-ssl.html

Thanks,
Josh

michael.schramm

you can add to the database_url: ?ssl=true&sslmode=require (pick the mode you actually require)

if your server supports tls1.3+ you should force 1.2 on the client:
FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS="-Djdk.tls.client.protocols=TLSv1.2"
(https://fusionauth.io/community/forum/topic/938/secure-db-connection-with-tls-1-3/4?_=1629097757303)