PGBOUNCER SERVER/CLIENT TLS CONFIGURATION

PgBouncer is a single-binary connection pooler for PostgreSQL that is open-source and lightweight. It can use TCP and Unix domain sockets to serve clients and pool connections to one or more databases (on possibly distinct servers). For each unique user/database pair, PgBouncer keeps a pool of connections.

The illustration above indicated that pgbouncer is capable of encrypting client/application connection to pgbouncer and also from pgbouncer to database.

The correspnding video attached demonstrates the setup in details.

client_tls_key_file

Private key for PgBouncer to accept client connections.

client_tls_cert_file

Certificate for private key. Clients can validate it.

client_tls_ca_file

Root certificate file to validate client certificates.

server_tls_ca_file

Root certificate file to validate PostgreSQL server certificates.

server_tls_key_file

Private key for PgBouncer to authenticate against PostgreSQL server.

server_tls_cert_file

Certificate for private key. PostgreSQL server can validate it.

About the author

bensonyerima

Hi, I'm Benson Yerima, a database administrator with an obsession for all things tech. This blog is dedicated for helping people learn about database technology.

View all posts