tailscale

Commit Graph

Author	SHA1	Message	Date
David Anderson	fde20f3403	cmd/pgproxy: link to blog post at the top. Signed-off-by: David Anderson <danderson@tailscale.com>	2022-10-04 16:47:12 -07:00
David Anderson	bdf3d2a63f	cmd/pgproxy: open-source our postgres TLS-enforcing proxy. From the original commit that implemented it: It accepts Postgres connections over Tailscale only, dials out to the configured upstream database with TLS (using strong settings, not the swiss cheese that postgres defaults to), and proxies the client through. It also keeps an audit log of the sessions it passed through, along with the Tailscale-provided machine and user identity of the connecting client. In our other repo, this was: commit 92e5edf98e8c2be362f564a408939a5fc3f8c539, Change-Id I742959faaa9c7c302bc312c7dc0d3327e677dc28. Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: David Anderson <danderson@tailscale.com>	2022-10-04 14:54:52 -07:00

Author

SHA1

Message

Date

David Anderson

fde20f3403

cmd/pgproxy: link to blog post at the top.

Signed-off-by: David Anderson <danderson@tailscale.com>

2022-10-04 16:47:12 -07:00

David Anderson

bdf3d2a63f

cmd/pgproxy: open-source our postgres TLS-enforcing proxy.

From the original commit that implemented it:

  It accepts Postgres connections over Tailscale only, dials
  out to the configured upstream database with TLS (using
  strong settings, not the swiss cheese that postgres defaults to),
  and proxies the client through.

  It also keeps an audit log of the sessions it passed through,
  along with the Tailscale-provided machine and user identity
  of the connecting client.

In our other repo, this was:
commit 92e5edf98e8c2be362f564a408939a5fc3f8c539,
Change-Id I742959faaa9c7c302bc312c7dc0d3327e677dc28.

Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: David Anderson <danderson@tailscale.com>

2022-10-04 14:54:52 -07:00

2 Commits