[pgpool-general: 7519] Re: pgpool listen port

Rozmus Andrzej Andrzej.Rozmus at asseco.pl
Fri Apr 23 20:57:12 JST 2021 

Hello Tatsuo,
Thank you very much for your answer, it is very helpfull for us. We have found information that using ssl connections from clients to pgpool also force using of ssl between pgpool and postgresql backends. Can you confirm that? Can pgpool act as ssl-termination point and have connections to its backends configured without traffic encryption?
Kind regards

Andrzej Rozmus
Starszy Technolog
Departament Systemów Administracji Rządowej
Dział Ministerstwo Finansów
Zespół Projektowy AIS/AES
Asseco Poland S.A.
ul. Branickiego 13
02-972 Warszawa
tel. kom. +48 502 270 059
andrzej.rozmus at asseco.pl



-----Original Message-----
From: pgpool-general <pgpool-general-bounces at pgpool.net> On Behalf Of Tatsuo Ishii
Sent: Friday, April 23, 2021 12:00 PM
To: Rozmus Andrzej <Andrzej.Rozmus at asseco.pl>
Cc: Wierzbicki Sebastian <sebastian.wierzbicki at asseco.pl>; pgpool-general at pgpool.net; tomasz.pajda at mf.gov.pl
Subject: [pgpool-general: 7517] Re: pgpool listen port

> Hi,
> Does anyone know if pgpool can listen on more than one port?

Yes:
listen_addresses = '*'

However it's not possible to specify particular ports to be listened.

> Is it possible to separate encrypted and non-encrypted connections 
> defining more than one listen port

No. I believe this is not possible with PostgreSQL neither.

> or there is another way to force some connections to be encrypted ?

Yes.

enable_pool_hba = on

and create appropreate pool_hba.conf entry. For example,

hostssl    all         all         192.168.10.1/32          trust
host       all         all         192.168.10.2/32          trust

Any connection from 192.168.10.1 is only allowed if the connection is encrypted with SSL, while 192.168.10.1 is allowed with/without SSL.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sraoss.co.jp%2Findex_en.php&data=04%7C01%7CAndrzej.Rozmus%40asseco.pl%7Cd0fdbdbe788f49b5d24d08d9063eb2d5%7C88152bdecfa34a5cb981a785c624bb42%7C0%7C0%7C637547688624118496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=aw8aGnwS3%2FIdjRnpJ3Xt9%2F6srD18BLpc%2Bl2RnKV3yC8%3D&reserved=0
Japanese:https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sraoss.co.jp%2F&data=04%7C01%7CAndrzej.Rozmus%40asseco.pl%7Cd0fdbdbe788f49b5d24d08d9063eb2d5%7C88152bdecfa34a5cb981a785c624bb42%7C0%7C0%7C637547688624118496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=S7u21ZT%2FsSx1atQMTXiVtGTb%2BcEefjHyMbSM%2BVTecKI%3D&reserved=0
_______________________________________________
pgpool-general mailing list
pgpool-general at pgpool.net
https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pgpool.net%2Fmailman%2Flistinfo%2Fpgpool-general&data=04%7C01%7CAndrzej.Rozmus%40asseco.pl%7Cd0fdbdbe788f49b5d24d08d9063eb2d5%7C88152bdecfa34a5cb981a785c624bb42%7C0%7C0%7C637547688624118496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eTQVUlWZEsxQm%2B3oI1tlbqgcGfd57wkStAheCUK5aJ8%3D&reserved=0

More information about the pgpool-general mailing list