.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "PG_AUTOCTL ENABLE SSL" "1" "Nov 06, 2022" "2.0" "pg_auto_failover" .SH NAME pg_autoctl enable ssl \- pg_autoctl enable ssl .sp pg_autoctl enable ssl \- Enable SSL configuration on this node .SH SYNOPSIS .sp It is possible to manage Postgres SSL settings with the \fBpg_autoctl\fP command, both at \fI\%pg_autoctl create postgres\fP time and then again to change your mind and update the SSL settings at run\-time. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C usage: pg_autoctl enable ssl [ \-\-pgdata ] [ \-\-json ] \-\-pgdata path to data directory \-\-ssl\-self\-signed setup network encryption using self signed certificates (does NOT protect against MITM) \-\-ssl\-mode use that sslmode in connection strings \-\-ssl\-ca\-file set the Postgres ssl_ca_file to that file path \-\-ssl\-crl\-file set the Postgres ssl_crl_file to that file path \-\-no\-ssl don\(aqt enable network encryption (NOT recommended, prefer \-\-ssl\-self\-signed) \-\-server\-key set the Postgres ssl_key_file to that file path \-\-server\-cert set the Postgres ssl_cert_file to that file path .ft P .fi .UNINDENT .UNINDENT .SH OPTIONS .INDENT 0.0 .TP .B \-\-pgdata Location of the Postgres node being managed locally. Defaults to the environment variable \fBPGDATA\fP\&. Use \fB\-\-monitor\fP to connect to a monitor from anywhere, rather than the monitor URI used by a local Postgres node managed with \fBpg_autoctl\fP\&. .TP .B \-\-ssl\-self\-signed Generate SSL self\-signed certificates to provide network encryption. This does not protect against man\-in\-the\-middle kinds of attacks. See \fI\%Security settings for pg_auto_failover\fP for more about our SSL settings. .TP .B \-\-ssl\-mode SSL Mode used by \fBpg_autoctl\fP when connecting to other nodes, including when connecting for streaming replication. .TP .B \-\-ssl\-ca\-file Set the Postgres \fBssl_ca_file\fP to that file path. .TP .B \-\-ssl\-crl\-file Set the Postgres \fBssl_crl_file\fP to that file path. .TP .B \-\-no\-ssl Don\(aqt enable network encryption. This is not recommended, prefer \fB\-\-ssl\-self\-signed\fP\&. .TP .B \-\-server\-key Set the Postgres \fBssl_key_file\fP to that file path. .TP .B \-\-server\-cert Set the Postgres \fBssl_cert_file\fP to that file path. .UNINDENT .SH ENVIRONMENT .sp PGDATA .INDENT 0.0 .INDENT 3.5 Postgres directory location. Can be used instead of the \fB\-\-pgdata\fP option. .UNINDENT .UNINDENT .sp PG_AUTOCTL_MONITOR .INDENT 0.0 .INDENT 3.5 Postgres URI to connect to the monitor node, can be used instead of the \fB\-\-monitor\fP option. .UNINDENT .UNINDENT .sp XDG_CONFIG_HOME .INDENT 0.0 .INDENT 3.5 The pg_autoctl command stores its configuration files in the standard place XDG_CONFIG_HOME. See the \fI\%XDG Base Directory Specification\fP\&. .UNINDENT .UNINDENT .sp XDG_DATA_HOME .INDENT 0.0 .INDENT 3.5 The pg_autoctl command stores its internal states files in the standard place XDG_DATA_HOME, which defaults to \fB~/.local/share\fP\&. See the \fI\%XDG Base Directory Specification\fP\&. .UNINDENT .UNINDENT .SH AUTHOR Microsoft .SH COPYRIGHT Copyright (c) Microsoft Corporation. All rights reserved. .\" Generated by docutils manpage writer. .