does rails postgres adapter support ssl?

Question

i\'m trying to configure a rails app to remotely connect to a postgres db. i\'ve noticed that the connection adapters for mysql have options that specify the required info f

Answer 1

Answer for Rails 4 using JRuby

I'm using Rails 4 with JRuby 1.7.8 (1.9.3p392) and activerecord-jdbcpostgresql-adapter 1.3.4

This solution will allow your Rails application to connect to a PostgreSQL server using SSL. In this solution I use a "NonValidatingFactory" which should only be used for testing. To securely setup for production, you should setup a trustStore, which goes beyond my experience thus far.

Steps to setup Postgres SSL

Add gem to gemfile

    gem 'activerecord-jdbcpostgresql-adapter', platform: :jruby 

Add parameters to your database.yml (for development)

    sslmode: require
    properties: { sslfactory: 'org.postgresql.ssl.NonValidatingFactory' }

For production you need to create a store and remove the "NonValidatingFactor' (briefly described in connection_methods.rb)

    # JRuby/JVM needs to be started with :
    #  -Djavax.net.ssl.trustStore=mystore -Djavax.net.ssl.trustStorePassword=...
    # or a non-validating connection might be used (for testing) :
    #  :sslfactory = 'org.postgresql.ssl.NonValidatingFactory'

Reference Info

The Postgres adapter is build on JDBC. The most useful info I found was the interface between Ruby and Java, and the actual JDBC documentation.

The Ruby to Java Interface in adapter: https://github.com/jruby/activerecord-jdbc-adapter/blob/master/lib/arjdbc/postgresql/connection_methods.rb

JDBC Postgres Connection page: http://jdbc.postgresql.org/documentation/80/connect.html

Example of database.yml

development:

    adapter: postgresql
    encoding: unicode
    database: SSL_Test
    pool: 5
    timeout: 5000
    username: postgres
    password: YourPassword!
    sslmode: require
    properties: { sslfactory: 'org.postgresql.ssl.NonValidatingFactory' }
    host: www.example.com
    port: 5432

Caveats

This may work with other configurations and versions. If you do succeed, go ahead and add a comment for others to know this worked in your specific configuration. Thanks.