From: | Dave Page <dpage(at)pgadmin(dot)org> |
---|---|
To: | rossco <rosscoe(dot)pico(at)gmail(dot)com> |
Cc: | "pgadmin-support lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Unable configure pgadmin on Google Cloud Run with SSL certs |
Date: | 2021-04-21 08:35:58 |
Message-ID: | CA+OCxoyWOnRXfE+k-gAFCvz2D4WPi6+D2E=h6rm09eQENEVC3w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
Hi
On Tue, Apr 20, 2021 at 10:42 PM rossco <rosscoe(dot)pico(at)gmail(dot)com> wrote:
> Hi,
>
> I would like to know how I can use pgadmin with a database that requires
> SSL Certificates
>
> The Problem
>
> - I am deploying pgadmin onto Google Cloud Run which does not allow
> mapped drives when starting the container
>
> Urgh. That would make running PostgreSQL very painful!
>
> - I have tried uploading the certificates via the pgadmin UI, however
> the key file has the wrong permissions and I am unable to change them
> - Error message says key file requires 0600 permissions
> - I have tried adding the certificates with a small modified
> Dockerfile, however the files end up in /pgadmin which I can not access
> from the UI
>
> *Simple Dockerfile to try and pre-load the certs*
>
> FROM dpage/pgadmin4
> COPY client-cert.pem client-key.pem server-ca.pem ./
>
The storage root in the container is
under /var/lib/pgadmin/storage/<username>, however the username has @
replaced with _, so on a simple deploy here with a username of
user(at)domain(dot)com, the path is:
/var/lib/pgadmin/storage/user_domain.com
Any files you place in there will be visible to the user(at)domain(dot)com user
account in the file dialog (including when selecting a certificate). You
may need to add something like:
RUN chown pgadmin:pgadmin /var/lib/pgadmin/storage/user_domain.com/* &&
chmod 600 /var/lib/pgadmin/storage/user_domain.com/client-key.pem
to your wrapper dockerfile.
> *I can't look around the file system as I don't know the sudo password*
> $ docker exec -it
> b5ad237a7eee2873190087c0c132a21007b80c856d3aabf77119ae498683d892 sudo ls /
>
There isn't a sudo password - you shouldn't need to use sudo at all, e.g
$ docker exec -it naughty_ride /bin/sh
/pgadmin4 $ ls -al /var/lib/pgadmin/storage
total 12
drwxr-xr-x 3 pgadmin pgadmin 4096 Apr 21 08:22 .
drwx------ 4 pgadmin pgadmin 4096 Apr 21 08:24 ..
drwx------ 2 pgadmin pgadmin 4096 Apr 21 08:24 user_domain.com
/pgadmin4 $ whoami
pgadmin
/pgadmin4 $ ls -al /etc | head -5
total 232
drwxr-xr-x 1 root root 4096 Apr 21 08:17 .
drwxr-xr-x 1 root root 4096 Apr 21 08:17 ..
-rw-r--r-- 1 root root 7 Apr 14 10:25 alpine-release
drwxr-xr-x 1 root root 4096 Apr 19 12:01 apk
--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake
From | Date | Subject | |
---|---|---|---|
Next Message | Akshay Joshi | 2021-04-22 11:40:47 | pgAdmin 4 v5.2 Released |
Previous Message | rossco | 2021-04-20 21:42:21 | Unable configure pgadmin on Google Cloud Run with SSL certs |