{"id":16800008,"url":"https://github.com/dajudge/psqlproxy","last_synced_at":"2025-04-11T00:31:48.722Z","repository":{"id":137028374,"uuid":"266302117","full_name":"dajudge/psqlproxy","owner":"dajudge","description":"A PostgreSQL sidecar proxy for moving security concerns out of business services","archived":false,"fork":false,"pushed_at":"2020-10-11T08:39:27.000Z","size":112,"stargazers_count":16,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-24T21:13:05.416Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dajudge.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-23T09:16:02.000Z","updated_at":"2024-12-30T06:44:48.000Z","dependencies_parsed_at":"2023-03-14T20:46:12.863Z","dependency_job_id":null,"html_url":"https://github.com/dajudge/psqlproxy","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajudge%2Fpsqlproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajudge%2Fpsqlproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajudge%2Fpsqlproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajudge%2Fpsqlproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dajudge","download_url":"https://codeload.github.com/dajudge/psqlproxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248322218,"owners_count":21084333,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T09:30:29.714Z","updated_at":"2025-04-11T00:31:48.705Z","avatar_url":"https://github.com/dajudge.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n[![ci](https://gitlab.com/dajudge/psqlproxy/badges/master/pipeline.svg)](https://gitlab.com/dajudge/psqlproxy/-/pipelines)\n[![docker](https://img.shields.io/docker/v/dajudge/psqlproxy?label=dockerhub\u0026sort=semver)](https://hub.docker.com/repository/docker/dajudge/psqlproxy)\n\npsqlproxy\n-\n`psqlproxy` is a proxy server for PostgreSQL that enables you to delegate transport encryption and authentication\nout of your own code into an external runtime component. Its intended purpose is running alongside your business\nservices in a Kubernetes deployment as a sidecar.\n\nIt always requests SSL encrypted communication with the PostgreSQL server and can be configured to reject\nconnections where the server denies SSL communication. \n\nYour application connects to `psqlproxy` instead of the PostgreSQL server itself and the username / password sent\nfrom the application will be replaced by `psqlproxy` with the configured credentials.  \n\n# Example\nIf you have `docker-compose` installed you can try out `psqlproxy` by using the demonstration setup provided in the\n`example` directory. So clone the [proxyproxy repo](https://github.com/dajudge/psqlproxy) and run the following commands:\n\n**Step 1:** Start a PostgreSQL server with `psqlproxy` on port 40000.\n```shell script\n$ docker-compose -f example/docker-compose.yaml up -d \n```\n**Step 2:** Run a psql client against the proxy port (using bogus credentials) and verify that it works.\n```shell script\n$ docker run --rm --net host --entrypoint \"\" -e PGPASSWORD=wrongpass -it postgres:9.6.12 psql -h localhost -p 40000 -U wronguser -d postgres -c \"SELECT version();\"\n```\n**Step 3:** Cleanup.\n```shell script\n$ docker-compose -f example/docker-compose.yaml rm -sf\n```\n\n# Running `psqlproxy` in docker\nEven though `psqlproxy` is built for deployment in Kubernetes environments, as it's built and shipped as a\ndocker container, you can of course simply run it using Docker:\n```shell script\n$ docker run --rm -p 40000:40000 \\\n  -e PSQLPROXY_POSTGRES_HOSTNAME=localhost \\\n  -e PSQLPROXY_POSTGRES_PORT=5432 \\\n  -e PSQLPROXY_BIND_ADDRESS=0.0.0.0 \\\n  -e PSQLPROXY_BIND_PORT=40000 \\\n  -e PSQLPROXY_USERNAME=postgres \\\n  -e PSQLPROXY_PASSWORD=postgres \\\n  -e PSQLPROXY_REQUIRE_SSL=true \\\n  -e PSQLPROXY_TRUSTSTORE_LOCATION=/path/to/truststore.p12 \\\n  -e PSQLPROXY_TRUSTSTORE_PASSWORD_LOCATION=/path/to/truststore.pwd \\\n  -it dajudge/psqlproxy:0.0.2\n```\n\n# Configuration\n`psqlproxy` is configured using the following environment variables.\n\n| Name                                     | Default   | Descrpition\n|------------------------------------------|:---------:|-----\n| `PSQLPROXY_POSTGRES_HOSTNAME`            |           | The hostname of the PostgreSQL server to connect to.\n| `PSQLPROXY_POSTGRES_PORT`                |           | The port of the PostgreSQL server to connect to.\n| `PSQLPROXY_USERNAME`                     |           | The username to use for connecting to the PostgreSQL server.\n| `PSQLPROXY_PASSWORD`                     |           | The password to use for connecting to the PostgreSQL server.\n| `PSQLPROXY_BIND_PORT`                    |           | The port for the proxy to listen on.\n| `PSQLPROXY_BIND_ADDRESS`                 | `0.0.0.0` | The address for the proxy to bind to.\n| `PSQLPROXY_TRUSTSTORE_LOCATION`          |           | The filesystem location of the PKCS12 truststore used to validate the PostgreSQL server's SSL certificate.\n| `PSQLPROXY_TRUSTSTORE_PASSWORD_LOCATION` |           | The filesystem location of the password used to access the PKCS12 truststore.\n| `PSQLPROXY_REQUIRE_SSL`                  | `true`    | Indicates if connections are to be dropped when the PostgreSQL server rejects SSL communication. \n| `PSQLPROXY_VERIFY_HOSTNAME`              | `true`    | Indicates if connections are to be droppen when the PostgreSQL server's SSL certificate doesn't match `PSQLPROXY_POSTGRES_HOSTNAME`.\n| `PSQLPROXY_LOG_LEVEL`                    | `INFO`    | The log level for logging output.\n\nVariables without a default value are mandatory.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdajudge%2Fpsqlproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdajudge%2Fpsqlproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdajudge%2Fpsqlproxy/lists"}