Hi GoodData team! I have 1 question regarding SSL ...
# gd-beginners
Hi GoodData team! I have 1 question regarding SSL connection to our database. I saw some great content online and past convos in this Slack workspace, but I'm hoping to get a little clear cut direction on how to get our DB connected to complete our eval. We're liking what we see so far! Also for reference, @Albert Kristof is our POC. Here's our setup: • RDS Postgres server in a private subnet • EC2 proxy (bastion) server in a public subnet (this is how we ssh tunnel from our local workstations to the private DB) • Used Let's Encrypt to create a certificate on the proxy and used this site to confirm it's all good using TLS 1.2 • I set up HAProxy on the proxy server and began changing the config file to try to forward postgres commands from the proxy's port 5432 (with TLS enabled) to our private DB's port 5432, but it got a little complicated there. I thought I'd pause here to ask if I'm going in the wrong direction and if there's guidance on a setup like our's to eval our DB with GD's query engine. Just not sure what the standard protocol is for connecting a 3rd party public system to our private DB. Thanks!
Update: Without ssl setup in the HAProxy config, I was able to connect to the private DB through GD. Will play with ssl more next.
🙌 1
Circling back here. I ran some extensive tests. I found that our proxy config is correct, as I could make https requests to any port on the proxy, and successfully route the request to an api server in our public and private subnets and with/without ssl at the endpoint (ports 443 and 80). Switching back from http calls to GD's jdbc:postgresql calls, I successful connected to the private DB (port 5432) via the proxy server without ssl (any port). However, when enabling ssl on the proxy port, GD doesn't connect. Not sure if there's a peculiarity with the jdbc:postgresql request and ssl when the proxy is decrypting.
Hi Chad, that's quite interesting use case you have there. It's amazing that you've been able to make it to this point and we appreciate you sharing it here. We'll review the information you provided to see how we can help you to move further. Just for the completeness of the information here - Albert confirmed that you are trying out our GoodData Platform product.
👍 1
Hi Chad, could you please test if you are able to connect from some SQL client using this configuration? (i.e. DBeaver, Data Grip or similar)
Hi @Boris I use pgAdmin. With pgAdmin and GD, I can connect via Prefer and Required SSL modes. But Verify-Full is the one that will definitely make sure the connection is encrypted. In pgAdmin, I see usually it comes with needing a client certificate. I don't see that in GoodData. Not sure exactly how that works. Have any thoughts there?
Hi @Chad Becker, Sorry about the radio silence here. Do you still need help with this?
Hi @Moises Morales we're ok for now thanks