rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-01-07 21:42:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e14bbb889a24c06ea34314c1c864eec2c10c0d4e
neon/proxy
History
Dmitry Ivanov 607c0facfc [proxy] Propagate more console API errors to the user 
This patch aims to fix some of the inconsistencies in error reporting,
for example "Internal error" or "Console request failed" instead of
"password authentication failed for user '<NAME>'".
2022-12-13 16:16:31 +03:00
..
src
[proxy] Propagate more console API errors to the user
2022-12-13 16:16:31 +03:00
Cargo.toml
Move pq_proto to its own crate
2022-11-03 22:56:04 +03:00
README.md
Follow-up for neondatabase/neon#2448 (#2452)
2022-09-15 15:21:22 +03:00

README.md

Proxy

Proxy binary accepts --auth-backend CLI option, which determines auth scheme and cluster routing method. Following backends are currently implemented:

  • console new SCRAM-based console API; uses SNI info to select the destination project (endpoint soon)
  • postgres uses postgres to select auth secrets of existing roles. Useful for local testing
  • link sends login link for all usernames

Using SNI-based routing on localhost

Now proxy determines project name from the subdomain, request to the round-rice-566201.somedomain.tld will be routed to the project named round-rice-566201. Unfortunately, /etc/hosts does not support domain wildcards, so I usually use *.localtest.me which resolves to 127.0.0.1. Now we can create self-signed certificate and play with proxy:

openssl req -new -x509 -days 365 -nodes -text -out server.crt -keyout server.key -subj "/CN=*.localtest.me"

start proxy

./target/debug/proxy -c server.crt -k server.key

and connect to it

PGSSLROOTCERT=./server.crt psql 'postgres://my-cluster-42.localtest.me:1234?sslmode=verify-full'