We use Postgres 11.2 and Alpine 3.9.
The entrypoint creates a self-signed certificate in /etc/ega/pg.cert
and the associated private key in /etc/ega/pg.key.
Security is hardened:
- We do not use 'trust' even for local connections
- Requiring password authentication for all
- Using scram-sha-256 is stronger than md5
- Enforcing SSL communication
There are 2 users (lega_in and lega_out), and 2 schemas
(local_ega and local_ega_download). A special one is included for
EBI to access the data through local_ega_ebi.
The following environment variables can be used to configure the database:
| Variable | Description | Default value |
|---|---|---|
| PGDATA | The data directory | /ega/data |
| DB_LEGA_IN_PASSWORD | lega_in's password |
- |
| DB_LEGA_OUT_PASSWORD | lega_out's password |
- |
| SSL_SUBJ | Subject for the self-signed certificate creation | /C=ES/ST=Spain/L=Barcelona/O=CRG/OU=SysDevs/CN=LocalEGA/[email protected] |
| TZ | Timezone for the Postgres server | Europe/Madrid |