[Pgpool-hackers] [PATCH 2/3] Add (English) documentation on new SSL configuration options.
Sean Finney
sean at stickybit.se
Wed Jan 27 16:44:42 UTC 2010
---
doc/pgpool-en.html | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/doc/pgpool-en.html b/doc/pgpool-en.html
index a9e0179..f3b8d2f 100644
--- a/doc/pgpool-en.html
+++ b/doc/pgpool-en.html
@@ -118,8 +118,10 @@ Also packages are provided for various platforms including CentOS, RedHat Enterp
</p>
<p>Installing pgpool-II from source code requires gcc 2.9 or higher, and GNU
-make. Also, pgpool-II links libpq library, so it must be installed on
-a machine used to build pgpool-II.</p>
+make. Also, pgpool-II links libpq library, so the libpq library and development
+headers must be installed on a machine used to build pgpool-II. Additionally
+the OpenSSL library and development headers must be present in order to
+enable OpenSSL support in pgpool-II</p>
<dl>
<dt>configure</dt>
@@ -140,6 +142,9 @@ directory. Default value is <code>/usr/local</code></li>
<li><code>--with-pgsql=path</code><br/>
Top directory where PostgreSQL's client libraries are
installed. Default value is obtained by <code>pg_config</code></li>
+ <li><code>--with-openssl</code><br/>
+ pgpool-II binaries will be built with OpenSSL support. The default
+ is that OpenSSL support is disabled.</li>
</ul>
</p>
</dd>
@@ -670,9 +675,58 @@ You need to reload pgpool.conf if you change the value.
</p>
</dd>
+ <dt>ssl</dt>
+ <dd>
+ <p>
+ If true, enable SSL support for both the frontend and backend
+ connections. Note that <code>ssl_key</code> and <code>ssl_cert</code>
+ must also be set in order for SSL to work in the frontend connections.
+ </p>
+
+ <p>
+ The default is that SSL is off. Note that OpenSSL support must also
+ have been configured at compilation time, as mentioned in the
+ <a href="#install">installation</a> section.
+ </p>
+
+ <p>
+ The pgpool-II daemon must be restarted when updating SSL related settings.
+ </p>
+ </dd>
+
+ <dt>ssl_key</dt>
+ <dd>
+ <p>
+ The path to the private key file to use for incoming frontend connections.
+ </p>
+ <p>
+ There is no default value for this option, and if left unset SSL will
+ be disabled for incoming frontend connections.
+ </p>
+ </dd>
+
+ <dt>ssl_cert</dt>
+ <dd>
+ <p>
+ The path to the public x509 certificate file to use for incoming
+ frontend connections.
+ </p>
+
+ <p>
+ There is no default value for this option, and if left unset SSL will
+ be disabled for incoming frontend connections.
+ </p>
+ </dd>
</dl>
+<h4>Generating SSL certificates</h4>
+
+Certificate handling is outside the scope of this document. The
+<a href="http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html">
+Secure TCP/IP Connections with SSL</a> page at postgresql.org has pointers
+with sample commands for how to generate self-signed certificates.
+
<h4><p>Failover in the raw Mode</p></h4>
<p>Failover can be performed in the raw mode if multiple servers are
--
1.6.6
More information about the Pgpool-hackers
mailing list