[Pgpool-general] About SSL conections with pgpool!!!

Erwan ebs at antelink.com
Wed May 25 07:53:43 UTC 2011 

Hi Lazaro,

I just created my key and my certificat as following:
$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -x509 -days 365 -out server.crt

Then you only have to set the SSL options as following:
...
ssl = true
ssl_key = '/path/to/server.key'
ssl_cert = '/path/to/server.crt'
...

That's all and it works for me.


About the max_pool, everything is explained in the doc: "Please be aware 
that the number of connections from pgpool-II processes to the backends 
may reach |num_init_children| * |max_pool|." So adapt it to your own 
configuration.
Actually there is a summary to simply understand the limits:

max_pool*num_init_children<= (max_connections - superuser_reserved_connections) (no query canceling needed)
max_pool*num_init_children*2<= (max_connections - superuser_reserved_connections) (query canceling needed)

Hope this will help.
/Erwan

On 05/25/2011 03:00 AM, Lazaro Rubén García Martinez wrote:
> Hello everyone in the list. I have a doubt about the configuration for using SSL with Pgpool-II.
>
> In the documentation says that:
>
> ssl_key
>
>      The path to the private key file to use for incoming frontend connections.
>
>      There is no default value for this option, and if left unset SSL will be disabled for incoming frontend connections.
>
> ssl_cert
>
>      The path to the public x509 certificate file to use for incoming frontend connections.
>
>      There is no default value for this option, and if left unset SSL will be disabled for incoming frontend connections.
>
> This path is the data directory of postgresql server, where there is a server.key and a server.cert ?
>
> Or is necesary generate a ssl_key and a ssl_cert for pgpool-II.
>
> Another question, what is the maximun number for the parameter max_pool??
>
> Thank you very much for your time.
> Regards.
> _______________________________________________
> Pgpool-general mailing list
> Pgpool-general at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pgfoundry.org/pipermail/pgpool-general/attachments/20110525/bd8b35c6/attachment.html>

More information about the Pgpool-general mailing list