rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2025-12-28 00:23:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb06d281ea8cdcde69461e5be31e05efe511e345
neon/proxy/README.md
Alexey Kondratov 757e2147c1 Follow-up for neondatabase/neon#2448 (#2452) 
* remove `legacy` mode from the proxy readme
* explicitly specify `authBackend` in the link auth proxy helm-values
  for all envs
2022-09-15 15:21:22 +03:00

1.1 KiB
Raw Blame History

Proxy

Proxy binary accepts --auth-backend CLI option, which determines auth scheme and cluster routing method. Following backends are currently implemented:

  • console new SCRAM-based console API; uses SNI info to select the destination project (endpoint soon)
  • postgres uses postgres to select auth secrets of existing roles. Useful for local testing
  • link sends login link for all usernames

Using SNI-based routing on localhost

Now proxy determines project name from the subdomain, request to the round-rice-566201.somedomain.tld will be routed to the project named round-rice-566201. Unfortunately, /etc/hosts does not support domain wildcards, so I usually use *.localtest.me which resolves to 127.0.0.1. Now we can create self-signed certificate and play with proxy:

openssl req -new -x509 -days 365 -nodes -text -out server.crt -keyout server.key -subj "/CN=*.localtest.me"

start proxy

./target/debug/proxy -c server.crt -k server.key

and connect to it

PGSSLROOTCERT=./server.crt psql 'postgres://my-cluster-42.localtest.me:1234?sslmode=verify-full'