diff --git a/CommonServer/Config.ts b/CommonServer/Config.ts index ae3bc560db..5cf89c8030 100644 --- a/CommonServer/Config.ts +++ b/CommonServer/Config.ts @@ -36,6 +36,22 @@ export const DatabasePassword: string = export const DatabaseName: string = process.env['DATABASE_NAME'] || 'oneuptimedb'; +export const DatabaseSslCa: string | undefined = + process.env['DATABASE_SSL_CA'] || undefined; + +export const DatabaseSslKey: string | undefined = + process.env['DATABASE_SSL_KEY'] || undefined; + +export const DatabaseSslCert: string | undefined = + process.env['DATABASE_SSL_CERT'] || undefined; + +export const DatabaseRejectUnauthorized: boolean = + process.env['DATABASE_SSL_REJECT_UNAUTHORIZED'] === 'true'; + +export const ShouldDatabaseSslEnable: boolean = Boolean( + DatabaseSslCa || (DatabaseSslCert && DatabaseSslKey) +); + export const EncryptionSecret: ObjectID = new ObjectID( process.env['ENCRYPTION_SECRET'] || 'secret' ); @@ -48,7 +64,7 @@ export const ClusterKey: ObjectID = new ObjectID( process.env['ONEUPTIME_SECRET'] || 'secret' ); -export const hasClusterKey: boolean = Boolean(process.env['ONEUPTIME_SECRET']); +export const HasClusterKey: boolean = Boolean(process.env['ONEUPTIME_SECRET']); export const Domain: Hostname = Hostname.fromString( process.env['DOMAIN'] || 'localhost' diff --git a/CommonServer/Infrastructure/PostgresConfig.ts b/CommonServer/Infrastructure/PostgresConfig.ts index 776baa6847..041758fbee 100644 --- a/CommonServer/Infrastructure/PostgresConfig.ts +++ b/CommonServer/Infrastructure/PostgresConfig.ts @@ -5,6 +5,11 @@ import { DatabasePassword, DatabasePort, DatabaseUsername, + DatabaseSslCa, + DatabaseSslKey, + DatabaseSslCert, + DatabaseRejectUnauthorized, + ShouldDatabaseSslEnable, Env, } from '../Config'; import Entities from 'Model/Models/Index'; @@ -23,6 +28,14 @@ export const dataSourceOptions: DataSourceOptions = { migrationsTableName: 'migrations', migrations: Migrations, entities: Entities, + ssl: ShouldDatabaseSslEnable + ? { + rejectUnauthorized: DatabaseRejectUnauthorized, + ca: DatabaseSslCa, + key: DatabaseSslKey, + cert: DatabaseSslCert, + } + : false, // logging: 'all', // synchronize: Env === AppEnvironment.Development, synchronize: true, diff --git a/Probe/Services/Register.ts b/Probe/Services/Register.ts index 961f712a50..52b5be82d8 100644 --- a/Probe/Services/Register.ts +++ b/Probe/Services/Register.ts @@ -7,7 +7,7 @@ import { PROBE_NAME, } from '../Config'; import URL from 'Common/Types/API/URL'; -import { ClusterKey, hasClusterKey } from 'CommonServer/Config'; +import { ClusterKey, HasClusterKey } from 'CommonServer/Config'; import logger from 'CommonServer/Utils/Logger'; import HTTPResponse from 'Common/Types/API/HTTPResponse'; import { JSONObject } from 'Common/Types/JSON'; @@ -15,7 +15,7 @@ import LocalCache from 'CommonServer/Infrastructure/LocalCache'; export default class Register { public static async registerProbe(): Promise { - if (hasClusterKey) { + if (HasClusterKey) { const resullt: HTTPResponse = await API.post( URL.fromString(PROBE_API_URL.toString()).addRoute('/register'), { diff --git a/config.example.env b/config.example.env index af9c656add..2224ebcc65 100644 --- a/config.example.env +++ b/config.example.env @@ -59,6 +59,13 @@ DATABASE_USERNAME=postgres DATABASE_NAME=oneuptimedb DATABASE_HOST=postgres +# Used to connect to managed postgres providers. +# Fill only what your provider needs. +DatabaseRejectUnauthorized=false +DatabaseSslCa= +DatabaseSslKey= +DatabaseSslCert= + # Redis DB Settings. REDIS_HOST=redis diff --git a/docker-compose.base.yml b/docker-compose.base.yml index e6b96c66a7..576243f316 100644 --- a/docker-compose.base.yml +++ b/docker-compose.base.yml @@ -42,6 +42,10 @@ x-common-server-variables: &common-server-variables DATABASE_PASSWORD: ${DATABASE_PASSWORD} DATABASE_NAME: ${DATABASE_NAME} DATABASE_HOST: ${DATABASE_HOST} + DATABASE_SSL_CA: ${DATABASE_SSL_CA} + DATABASE_SSL_KEY: ${DATABASE_SSL_KEY} + DATABASE_SSL_CERT: ${DATABASE_SSL_CERT} + DATABASE_SSL_REJECT_UNAUTHORIZED: ${DATABASE_SSL_REJECT_UNAUTHORIZED} REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_HOST: ${REDIS_HOST}