Add SSL verification example for PostgreSQL #13838
Description
Before You Submit
- I have checked for existing issues and pull requests related to my suggestion.
- I have posted on the Nextcloud Community Help Forum if my suggestion is a troubleshooting scenario or I'm unsure about the solution.
Type of Suggestion
Suggesting an improvement
Relevant Documentation Links
Summary
Add SSL verification example for PostgreSQL
Details
The manual presently only has SSL verification instructions for MySQL
'dbdriveroptions' => [
\PDO::MYSQL_ATTR_SSL_KEY => '/../ssl-key.pem',
\PDO::MYSQL_ATTR_SSL_CERT => '/../ssl-cert.pem',
\PDO::MYSQL_ATTR_SSL_CA => '/../ca-cert.pem',
\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => true,
],It would be very useful (and make a lot of sense) if an equivalent instruction was provided for PostgreSQL users.
Additional Notes
Edit to add
Might be related nextcloud/server#55256 needs to be documented ?
But I'm not at all familiar with the Nextcloud codebase, so someone else will need to verify and write the docs ? Maybe @Altahrim who submitted the merged patch could document it too ?
Edit to add more...
This desperately needs documenting by someone in the know !!!!!
A standalone PHP test:
<?php
$db = pg_connect("host=foo.example.com port=1234 dbname=example user=example password=secretsquirrel sslmode=verify-ca sslrootcert=test.pem");
echo pg_dbname();Works fine. Connects instantly.
But neither this
'dbname' => 'example',
'dbhost' => 'foo.example.com',
'dbport' => '1234',
'dbtableprefix' => 'oc_',
'dbuser' => 'example',
'dbpassword' => 'example',
'pgsql_ssl' => [
'mode' => 'verify-ca',
'cert' => '',
'key' => '',
'crl' => '',
'rootcert' => 'test.pem',
],It doesn't matter if I use the full patch to rootcert in the config.php. Nextcloud just hangs.
Removing pgsql_ssl, nextcloud connects fine.
I've no idea what's going on. 🤷