Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSL certificate setting for PostgreSQL monitor #2062

Open
1 task done
bjoliveau opened this issue Sep 9, 2022 · 4 comments
Open
1 task done

Add SSL certificate setting for PostgreSQL monitor #2062

bjoliveau opened this issue Sep 9, 2022 · 4 comments
Labels
area:monitor Everything related to monitors feature-request Request for new features to be added type:enhance-existing feature wants to enhance existing monitor

Comments

@bjoliveau
Copy link

⚠️ Please verify that this feature request has NOT been suggested before.

  • I checked and didn't find similar feature request

🏷️ Feature Request Type

Other

🔖 Feature description

Feature to monitor postgresql services is added and it is great !

It would be really nice to have the ability to enable SSL with a boolean or toggle and in this case the SSL related information

✔️ Solution

It would be really nice to have the ability to enable SSL with a boolean or toggle and in this case the SSL related information

❓ Alternatives

We could bypass with a third-party API service and POST the sql request in this API on an existing type monitor as HTTP

📝 Additional Context

No response
@bjoliveau bjoliveau added the feature-request Request for new features to be added label Sep 9, 2022
@CommanderStorm CommanderStorm added the area:monitor Everything related to monitors label Dec 7, 2023
@CommanderStorm CommanderStorm added the type:enhance-existing feature wants to enhance existing monitor label Feb 28, 2024
@TimmiORG
Copy link

TimmiORG commented Apr 5, 2024
edited
Loading

This would be great if this could be supported. Basically with the same features as you could do SSL checks on HTTP endpoints.

@CommanderStorm
Copy link
Collaborator

In the case of postgres that would likely be just a shorthand for adding ssl=true to the connection string as discussed in #3868

@TimmiORG
Copy link

TimmiORG commented Apr 8, 2024

Hi @CommanderStorm

but this would only allow the connection through SSL and it should fail if the certificate is expired.
I understood this request to get also the possibility to get a notification in case of the certificate is about to expire and to be able to see the validity "in days" of the certificate on the status page. Same you it is done for HTTP certificates.

@davidfrickert
Copy link

davidfrickert commented Aug 21, 2024
edited
Loading

This is currently possible by adding sslmode=require in the connection string, but uptime-kuma is trying to validate the certificate and fails with "self-signed certificate" error.
According to postgres docs the require mode should not try to validate the certificate, only the verify-ca or verify-full modes should do it. --> https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION
Could this be fixed?

If this project is using the node-postgres library, then the issue might be in this library: brianc/node-postgres#2375

Edit: there is a workaround which is to use sslmode=no-verify in the connection string

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:monitor Everything related to monitors feature-request Request for new features to be added type:enhance-existing feature wants to enhance existing monitor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TimmiORG @bjoliveau @davidfrickert @CommanderStorm