PgBouncer is a single-binary connection pooler for PostgreSQL that is open-source and lightweight. It can use TCP and Unix domain sockets to serve clients and pool connections to one or more databases (on possibly distinct servers). For each unique user/database pair, PgBouncer keeps a pool of connections.
The illustration above indicated that pgbouncer is capable of encrypting client/application connection to pgbouncer and also from pgbouncer to database.
The correspnding video attached demonstrates the setup in details.
client_tls_key_file
Private key for PgBouncer to accept client connections.
client_tls_cert_file
Certificate for private key. Clients can validate it.
client_tls_ca_file
Root certificate file to validate client certificates.
server_tls_ca_file
Root certificate file to validate PostgreSQL server certificates.
server_tls_key_file
Private key for PgBouncer to authenticate against PostgreSQL server.
server_tls_cert_file
Certificate for private key. PostgreSQL server can validate it.
