pg_autoctl_disable_ssl - Man Page

Name

pg_autoctl disable ssl ā€” pg_autoctl disable ssl

pg_autoctl disable ssl ā€” Disable SSL configuration on this node

Synopsis

It is possible to manage Postgres SSL settings with the pg_autoctl command, both at pg_autoctl create postgres time and then again to change your mind and update the SSL settings at run-time.

 usage: pg_autoctl disable ssl  [ --pgdata ] [ --json ]

--pgdata      path to data directory
--ssl-self-signed setup network encryption using self signed certificates (does NOT protect against MITM)
--ssl-mode        use that sslmode in connection strings
--ssl-ca-file     set the Postgres ssl_ca_file to that file path
--ssl-crl-file    set the Postgres ssl_crl_file to that file path
--no-ssl          don't disable network encryption (NOT recommended, prefer --ssl-self-signed)
--server-key      set the Postgres ssl_key_file to that file path
--server-cert     set the Postgres ssl_cert_file to that file path

Options

--pgdata

Location of the Postgres node being managed locally. Defaults to the environment variable PGDATA. Use --monitor to connect to a monitor from anywhere, rather than the monitor URI used by a local Postgres node managed with pg_autoctl.

--ssl-self-signed

Generate SSL self-signed certificates to provide network encryption. This does not protect against man-in-the-middle kinds of attacks. See Security settings for pg_auto_failover for more about our SSL settings.

--ssl-mode

SSL Mode used by pg_autoctl when connecting to other nodes, including when connecting for streaming replication.

--ssl-ca-file

Set the Postgres ssl_ca_file to that file path.

--ssl-crl-file

Set the Postgres ssl_crl_file to that file path.

--no-ssl

Don't disable network encryption. This is not recommended, prefer --ssl-self-signed.

--server-key

Set the Postgres ssl_key_file to that file path.

--server-cert

Set the Postgres ssl_cert_file to that file path.

Environment

PGDATA

Postgres directory location. Can be used instead of the --pgdata option.

PG_AUTOCTL_MONITOR

Postgres URI to connect to the monitor node, can be used instead of the --monitor option.

XDG_CONFIG_HOME

The pg_autoctl command stores its configuration files in the standard place XDG_CONFIG_HOME. See the XDG Base Directory Specification.

XDG_DATA_HOME

The pg_autoctl command stores its internal states files in the standard place XDG_DATA_HOME, which defaults to ~/.local/share. See the XDG Base Directory Specification.

Author

Microsoft

Info

Jan 26, 2023 2.0 pg_auto_failover