rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2025-12-26 07:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
05f6a1394de68b5dbe7100304a3a8bef5e5fa48e
neon/proxy
History
Kirill Bulatov 6abdb12724 Fix 1.62 Clippy errors
2022-07-04 23:46:37 +03:00
..
src
Fix 1.62 Clippy errors
2022-07-04 23:46:37 +03:00
Cargo.toml
Added invariant check for project name. (#1921)
2022-06-22 09:34:24 -04:00
README.md
[proxy] Refactor cplane API and add new console SCRAM auth API
2022-05-02 18:32:18 +03:00

README.md

Proxy

Proxy binary accepts --auth-backend CLI option, which determines auth scheme and cluster routing method. Following backends are currently implemented:

  • legacy old method, when username ends with @zenith it uses md5 auth dbname as the cluster name; otherwise, it sends a login link and waits for the console to call back
  • console new SCRAM-based console API; uses SNI info to select the destination cluster
  • postgres uses postgres to select auth secrets of existing roles. Useful for local testing
  • link sends login link for all usernames

Using SNI-based routing on localhost

Now proxy determines cluster name from the subdomain, request to the my-cluster-42.somedomain.tld will be routed to the cluster named my-cluster-42. Unfortunately /etc/hosts does not support domain wildcards, so I usually use *.localtest.me which resolves to 127.0.0.1. Now we can create self-signed certificate and play with proxy:

openssl req -new -x509 -days 365 -nodes -text -out server.crt -keyout server.key -subj "/CN=*.localtest.me"

now you can start proxy:

./target/debug/proxy -c server.crt -k server.key

and connect to it:

PGSSLROOTCERT=./server.crt psql 'postgres://my-cluster-42.localtest.me:1234?sslmode=verify-full'