From 92404becc0430bcce7411d574472ddc041eb33fb Mon Sep 17 00:00:00 2001
From: Sviatoslav Boichuk <sviatoslav.boichuk@plvision.eu>
Date: Wed, 17 Jul 2024 14:21:17 +0300
Subject: [PATCH] Support TLS for Redis & PSQL

---
 utils/docker/certs/key.pem              | 27 +++++++++
 utils/docker/certs/key_psql.pem         | 27 +++++++++
 utils/docker/certs/single_cert.pem      | 76 +++++++++++++++++++++++++
 utils/docker/docker-compose.yml         | 15 ++++-
 utils/docker/postgresql/postgresql.conf |  4 ++
 5 files changed, 148 insertions(+), 1 deletion(-)
 create mode 100755 utils/docker/certs/key.pem
 create mode 100644 utils/docker/certs/key_psql.pem
 create mode 100755 utils/docker/certs/single_cert.pem
 create mode 100644 utils/docker/postgresql/postgresql.conf

diff --git a/utils/docker/certs/key.pem b/utils/docker/certs/key.pem
new file mode 100755
index 0000000..1daf634
--- /dev/null
+++ b/utils/docker/certs/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAp0TN3v7cbZSG92/7SNmbh5db+DzyqRdvFUuYYRjRUfbH9z/Z
+pJCW5z0Tj05qSKIw8A40Wl6jmzHqeEAItEneCxhIPoVsH98ggS3EnEov9NUfH9GT
+pZRNKnNQ5aEM5brUq807uugNhGU3XSP9lWRnkTu5OWyDrdG9JtfVTMLVR5ge7Je3
+6Z+Dv9c1ahEAQj5iAFFKWChM/SAyXb2Xgi0hGcwfEUjZPJOqOvZDFdi/Jp2IOLYW
+aiUapYdBbXrlOZDEMANgSCfc0ly/ygUV3EDiu65Ql/P8HD6wEmOpbVWKQSOi4oJ0
+FUN2rFlNx5qPBk7sB96r7MVsnYG7RbTEd87WaQIDAQABAoIBAQCAF118NjmBJOuS
+Usvgxtumow9H8wx01sA3U5OWT5YEKXKKcffuYNder1PqO0eC5cmKG6aVycGKGFiQ
+y6Cex65lWqwATNY3NfxDUFQux1UgLZDPIgPqGb5aEsLRhlpFFqTEB7+E6y1mxMf3
+6JbJr4DsJAs84U+ZbXNnaoMqbE09rA/4lYGZln631HP1jT9mytcWIfcYY0oW6GiF
+Mx5VcNKG0fJmriQ+VjVeYLTtrdIs52LSkLJvyHs77vuTmm4Um3f0YWWPPnCg7KkN
+dCDg8ATHh3pdDWeArF4MrkgzcgUZ5kgGvxM7CD7LSUBhAO+7qMcMnDT+dAbEFysx
+dvWBBTFxAoGBANx1xw9Jqnf1LrEn7YYy4T7tDyhl1nSRv75m7pOikP7fCJFu/8WD
+vxBPBEb9z1/cfVKYIahIiNBanSY9n5JjMuGDmj0xTPLK0j5dlAP3+XbDo+Cxmsir
+hX9j/a3001cGlpPZPOGOuRCg55KLV1DoYSuThzo1QN+I2/HRqJKFYQXlAoGBAMI7
+3HyeYrl7QvQHnVkoqxMauIDiFN3UnIJR8Y5MqWbAhy7GIxdCdMbeNUT6oD+Ag5uC
+G/4H7YMZeFpfykHsKk/vnmAuBLeF+zH8gZCIL/1TvR4s2sWQ6S+n3MXwHSiDGClJ
+EYhqO7E4KfAHVXmE6zkj60vlL6z8gAszcuMU7EY1AoGALVQeGLuZzE5iSlSeVuBx
+RcHyQuklfhRVq214kmxziaQMG/MJre/Xwh+tDnezQs+QCQJ0sSgw0T5AX5N+EthI
+puurM/fGDYm8Tsxo2aQL6+pv8Iwz+hyiNz4086aKKbOWFFIvXWU+EfgzhQMXcfBF
+wnLz8/jtHMkECCWGlpHMEC0CgYEAsakhdxdEhBXb2uwwH4JUYIgbZT/mCDXV5lnf
+keJLPMIzpDP1muvddp1/qhV4iD0bpB0xT32e4UBl1nwxu3SyCyXI/n55MAisCD/H
+nxUCmDuFC1nJzdZLhJyNErwbX5fxfKnqEJXi/am6qmN66kkLAtv4+BWtMxROZnBr
+0IutxlUCgYEAuU0pYn18d8lyZ8CktQi5Y42nmPpikrt1s/sNArWuC4IMs3J5FIML
+jh6nA33J+rDPTvq1A5Zbbirx+c2mUNF/vB0G4x1Lv4P+vSxaaGrlYloDtFPnnZa8
+Z9vjkCcH3+7qAuP98gByqPFllAStYEoVb9fILuWEkyruJ8Zh5hiy2c0=
+-----END RSA PRIVATE KEY-----
diff --git a/utils/docker/certs/key_psql.pem b/utils/docker/certs/key_psql.pem
new file mode 100644
index 0000000..1daf634
--- /dev/null
+++ b/utils/docker/certs/key_psql.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAp0TN3v7cbZSG92/7SNmbh5db+DzyqRdvFUuYYRjRUfbH9z/Z
+pJCW5z0Tj05qSKIw8A40Wl6jmzHqeEAItEneCxhIPoVsH98ggS3EnEov9NUfH9GT
+pZRNKnNQ5aEM5brUq807uugNhGU3XSP9lWRnkTu5OWyDrdG9JtfVTMLVR5ge7Je3
+6Z+Dv9c1ahEAQj5iAFFKWChM/SAyXb2Xgi0hGcwfEUjZPJOqOvZDFdi/Jp2IOLYW
+aiUapYdBbXrlOZDEMANgSCfc0ly/ygUV3EDiu65Ql/P8HD6wEmOpbVWKQSOi4oJ0
+FUN2rFlNx5qPBk7sB96r7MVsnYG7RbTEd87WaQIDAQABAoIBAQCAF118NjmBJOuS
+Usvgxtumow9H8wx01sA3U5OWT5YEKXKKcffuYNder1PqO0eC5cmKG6aVycGKGFiQ
+y6Cex65lWqwATNY3NfxDUFQux1UgLZDPIgPqGb5aEsLRhlpFFqTEB7+E6y1mxMf3
+6JbJr4DsJAs84U+ZbXNnaoMqbE09rA/4lYGZln631HP1jT9mytcWIfcYY0oW6GiF
+Mx5VcNKG0fJmriQ+VjVeYLTtrdIs52LSkLJvyHs77vuTmm4Um3f0YWWPPnCg7KkN
+dCDg8ATHh3pdDWeArF4MrkgzcgUZ5kgGvxM7CD7LSUBhAO+7qMcMnDT+dAbEFysx
+dvWBBTFxAoGBANx1xw9Jqnf1LrEn7YYy4T7tDyhl1nSRv75m7pOikP7fCJFu/8WD
+vxBPBEb9z1/cfVKYIahIiNBanSY9n5JjMuGDmj0xTPLK0j5dlAP3+XbDo+Cxmsir
+hX9j/a3001cGlpPZPOGOuRCg55KLV1DoYSuThzo1QN+I2/HRqJKFYQXlAoGBAMI7
+3HyeYrl7QvQHnVkoqxMauIDiFN3UnIJR8Y5MqWbAhy7GIxdCdMbeNUT6oD+Ag5uC
+G/4H7YMZeFpfykHsKk/vnmAuBLeF+zH8gZCIL/1TvR4s2sWQ6S+n3MXwHSiDGClJ
+EYhqO7E4KfAHVXmE6zkj60vlL6z8gAszcuMU7EY1AoGALVQeGLuZzE5iSlSeVuBx
+RcHyQuklfhRVq214kmxziaQMG/MJre/Xwh+tDnezQs+QCQJ0sSgw0T5AX5N+EthI
+puurM/fGDYm8Tsxo2aQL6+pv8Iwz+hyiNz4086aKKbOWFFIvXWU+EfgzhQMXcfBF
+wnLz8/jtHMkECCWGlpHMEC0CgYEAsakhdxdEhBXb2uwwH4JUYIgbZT/mCDXV5lnf
+keJLPMIzpDP1muvddp1/qhV4iD0bpB0xT32e4UBl1nwxu3SyCyXI/n55MAisCD/H
+nxUCmDuFC1nJzdZLhJyNErwbX5fxfKnqEJXi/am6qmN66kkLAtv4+BWtMxROZnBr
+0IutxlUCgYEAuU0pYn18d8lyZ8CktQi5Y42nmPpikrt1s/sNArWuC4IMs3J5FIML
+jh6nA33J+rDPTvq1A5Zbbirx+c2mUNF/vB0G4x1Lv4P+vSxaaGrlYloDtFPnnZa8
+Z9vjkCcH3+7qAuP98gByqPFllAStYEoVb9fILuWEkyruJ8Zh5hiy2c0=
+-----END RSA PRIVATE KEY-----
diff --git a/utils/docker/certs/single_cert.pem b/utils/docker/certs/single_cert.pem
new file mode 100755
index 0000000..af9079f
--- /dev/null
+++ b/utils/docker/certs/single_cert.pem
@@ -0,0 +1,76 @@
+-----BEGIN CERTIFICATE-----
+MIIEizCCA3OgAwIBAgIUJPGzSjc1lPM2rEwiCPKNBcAclK0wDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSkwJwYDVQQDEyBUZWxlY29tIEluZnJhIFBy
+b2plY3QgSXNzdWluZyBDQTAeFw0yNDA1MDcxMTIzMjVaFw0yNjA0MTMyMjM4NDZa
+MDMxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNUSVAxFjAUBgNVBAMTDWNhaGIuZGRu
+cy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnRM3e/txtlIb3
+b/tI2ZuHl1v4PPKpF28VS5hhGNFR9sf3P9mkkJbnPROPTmpIojDwDjRaXqObMep4
+QAi0Sd4LGEg+hWwf3yCBLcScSi/01R8f0ZOllE0qc1DloQzlutSrzTu66A2EZTdd
+I/2VZGeRO7k5bIOt0b0m19VMwtVHmB7sl7fpn4O/1zVqEQBCPmIAUUpYKEz9IDJd
+vZeCLSEZzB8RSNk8k6o69kMV2L8mnYg4thZqJRqlh0FteuU5kMQwA2BIJ9zSXL/K
+BRXcQOK7rlCX8/wcPrASY6ltVYpBI6LignQVQ3asWU3Hmo8GTuwH3qvsxWydgbtF
+tMR3ztZpAgMBAAGjggFcMIIBWDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT2oVSB
+M7PYejRIEIX4ggMGV7ICXDAfBgNVHSMEGDAWgBSzG1S44EerPfM4gOQ85f0AYW3R
+6DAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMIGGBggrBgEFBQcBAQR6MHgwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLm9u
+ZS5kaWdpY2VydC5jb20wTAYIKwYBBQUHMAKGQGh0dHA6Ly9jYWNlcnRzLm9uZS5k
+aWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdElzc3VpbmdDQS5jcnQwTQYD
+VR0fBEYwRDBCoECgPoY8aHR0cDovL2NybC5vbmUuZGlnaWNlcnQuY29tL1RlbGVj
+b21JbmZyYVByb2plY3RJc3N1aW5nQ0EuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBw
+XPO7GZnZQqlb/lgB+fDlvOJVgOHcXmEwICL/NAD/Yu2Upjb7tDa8LVNAXkfR8Ytt
+SGyZa7SId+9XopYhcTzgrH6RYFkjxeBhx62g3KcezKmAwBL4jxCtzHqdYqX8rq+T
+nqfME5MfJpEeTHMUd5cXWeBninfwnnEG8Dq47U6q9QdYw6Vj1+xjrHBkMMVCjnqa
+/qwf+X68in7hL1xsvq5/fTyjkTnb3bI3sYN7RR3QQy/t6SJzvy/CVA/KDCKX5CAf
+e81aW+VCsKU+GbTUJHNRHMiMx2IRRbkk5N18jE+xZLyTFIJIPU3MZpCyL39bIel3
+UW7mtw+I6zoOhwtswUc2
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
+qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
+yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
+4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
+ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
+UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
+YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
+98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
+BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
+AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
+cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
+ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
+KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
+IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
+XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
+IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
+DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
+EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+5IOM7ItsRmen6u3qu+JXros54e4juQ==
+-----END CERTIFICATE-----
diff --git a/utils/docker/docker-compose.yml b/utils/docker/docker-compose.yml
index eda5b51..503ef69 100644
--- a/utils/docker/docker-compose.yml
+++ b/utils/docker/docker-compose.yml
@@ -37,16 +37,29 @@ services:
       - "-c"
       - "max_connections=400"
       - "-c"
-      - "shared_buffers=20MB"    
+      - "shared_buffers=20MB"
+      - "-c"
+      - "config_file=/etc/postgresql/postgresql.conf"
     env_file:
       - postgresql.env
     restart: always
     volumes:
       - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
+      - ./postgresql/postgresql.conf:/etc/postgresql/postgresql.conf
+      - ./certs:/usr/local/etc/certs
 
   redis:
     image: 'bitnami/redis:latest'
     ports:
       - "6379:6379"
+    volumes:
+      - ./certs:/usr/local/etc/certs
     environment:
       - ALLOW_EMPTY_PASSWORD=yes
+      - REDIS_PORT_NUMBER=0
+      - REDIS_TLS_ENABLED=yes
+      - REDIS_TLS_PORT_NUMBER=6379
+      - REDIS_TLS_CERT_FILE=/usr/local/etc/certs/single_cert.pem
+      - REDIS_TLS_KEY_FILE=/usr/local/etc/certs/key.pem
+      - REDIS_TLS_CA_DIR=/usr/local/etc/certs
+      - REDIS_TLS_AUTH_CLIENTS=no
diff --git a/utils/docker/postgresql/postgresql.conf b/utils/docker/postgresql/postgresql.conf
new file mode 100644
index 0000000..12a49c5
--- /dev/null
+++ b/utils/docker/postgresql/postgresql.conf
@@ -0,0 +1,4 @@
+# ssl = on
+# ssl_cert_file = '/usr/local/etc/certs/single_cert.pem'
+# ssl_key_file = '/usr/local/etc/certs/key_psql.pem'
+# No client certificate verification