Specifically, asking about POSTGRES_CUSTOM_SSL_CERT_ALTNAME_REGEX env var, but i couldn't add it in the title due to title constraints.
In setting up Self hosted retool, (i'm running as a container in GCP Cloud Run) I encountered an issue getting the installation to talk to my Postgres DB in GCP CloudSQL (its a private only instance)
The issue specifically was validating the certificates. (Error: Hostname/IP does not match certificate's altnames:
) The problem is that the certificates issued by cloud sql, changed a while back and now they don't include the instance name making it near imposible to properly validate them. See this thread for more details: pg with google cloud postgres · Issue #79 · brianc/node-postgres-docs · GitHub
I came across an undocumented env var POSTGRES_CUSTOM_SSL_CERT_ALTNAME_REGEX
, that i took a guess at configuring based on the name (REGEX lol) I set its value to .*
and now the ssl validation is succeeding. I'd like to know if there is
a) a better way to achieve this
b) documentation on what the var does, so i can attempt to set something more specific that a wildcard