Skip to content

Commit

Permalink
Support self-signed certificates
Browse files Browse the repository at this point in the history 
Related to #3243
  • Loading branch information
@adriankumpf
adriankumpf committed Jun 13, 2023
1 parent 71789c9 commit 56a6aa3
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
22 changes: 21 additions & 1 deletion config/runtime.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,30 @@ config :teslamate, TeslaMate.Repo,
database: Util.fetch_env!("DATABASE_NAME", dev: "teslamate_dev", test: "teslamate_test"),
hostname: Util.fetch_env!("DATABASE_HOST", all: "localhost"),
port: System.get_env("DATABASE_PORT", "5432"),
ssl: System.get_env("DATABASE_SSL", "false") == "true",
pool_size: System.get_env("DATABASE_POOL_SIZE", "10") |> String.to_integer(),
timeout: System.get_env("DATABASE_TIMEOUT", "60000") |> String.to_integer()

case System.get_env("DATABASE_SSL") do
"true" ->
ca_cert_file =
System.get_env("DATABASE_SSL_CA_CERT_FILE") || raise "DATABASE_SSL_CA_CERT_FILE must be set"

config :teslamate, TeslaMate.Repo,
ssl: true,
ssl_opts: [
verify: :verify_peer,
cacertfile: ca_cert_file
]

"noverify" ->
config :teslamate, TeslaMate.Repo,
ssl: true,
ssl_opts: [verify: :verify_none]

_false ->
config :teslamate, TeslaMate.Repo, ssl: false
end

if System.get_env("DATABASE_IPV6") == "true" do
config :teslamate, TeslaMate.Repo, socket_options: [:inet6]
end
Expand Down
3 changes: 2 additions & 1 deletion website/docs/configuration/environment_variables.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ TeslaMate accepts the following environment variables for runtime configuration:
| **DATABASE_PORT** | Port of the database server | 5432 |
| **DATABASE_POOL_SIZE** | Size of the database connection pool | 10 |
| **DATABASE_TIMEOUT** | The time in milliseconds to wait for database query calls to finish | 60000 |
| **DATABASE_SSL** | Set to `true` if SSL should be used | false |
| **DATABASE_SSL** | Set to `true` if SSL should be enabled or `noverify` if certificate verification should not be performed. | false |
| **DATABASE_SSL_CA_CERT_FILE** | Path to a file containing PEM-encoded CA certificates (required if `DATABASE_SSL` is set to `true`) | |
| **DATABASE_IPV6** | Set to `true` if IPv6 should be used | false |
| **VIRTUAL_HOST** | Host part used for generating URLs throughout the app | localhost |
| **CHECK_ORIGIN** | Configures whether to check the origin header or not. May be `true` (**recommended**), `false` (_default_) or a comma-separated list of hosts that are allowed (e.g. `https://example.com,//another.com:8080`). Hosts also support wildcards. If `true`, it will check against the host value in `VIRTUAL_HOST`. | false |
Expand Down

0 comments on commit 56a6aa3

Please sign in to comment.