PgBouncer is a single-binary connection pooler for PostgreSQL that is open-source and lightweight. It can use TCP and Unix domain sockets to serve clients and pool connections to one or more databases (on possibly distinct servers). For each unique user/database pair, PgBouncer keeps a pool of connections.
The illustration above indicated that pgbouncer is capable of encrypting client/application connection to pgbouncer and also from pgbouncer to database.
The correspnding video attached demonstrates the setup in details.
Private key for PgBouncer to accept client connections.
Certificate for private key. Clients can validate it.
Root certificate file to validate client certificates.
Root certificate file to validate PostgreSQL server certificates.
Private key for PgBouncer to authenticate against PostgreSQL server.
Certificate for private key. PostgreSQL server can validate it.