testcontainers-node icon indicating copy to clipboard operation
testcontainers-node copied to clipboard
verified publisher icon testcontainers

Feature Request: Enable SSL support for postgres

Open pjrobertson opened this issue 4 months ago • 4 comments

The testcontainers-go repo has an easy WithSSLSettings option (see here) that allows easily enabling SSL.

I've tried to manually enable SSL by generating and storing the certs, then copying them over to the container, but I'm not 100% there. It'd be nice if there was an easy option to enable SSL like for the go port.

Below is the code I have right now. Here's the postgres docs: https://www.postgresql.org/docs/15/ssl-tcp.html

this.container = await new PostgreSqlContainer(databaseType)
      .withDatabase(`test_db`)
      .withUsername(`postgres`)
      .withPassword(`test_pass`)
      .withCopyFilesToContainer(
        [
          {
            source: path.join(__dirname, 'server.crt'),
            target: '/var/lib/postgresql/data/server.crt',
            mode: 0o600
          },
          {
            source: path.join(__dirname, 'server.key'),
            target: '/var/lib/postgresql/data/server.key',
            mode: 0o600
          }
        ]
      )
      .start()

pjrobertson avatar Aug 18 '25 09:08 pjrobertson

So you want to contribute this @pjrobertson? Indeed, it sounds fine to just copy the logic from tc-go.

Note that this method only deals with copying the files and modifying the entry point to launch with SSL. It does not handle the generation of certificate and other key material (and we should follow this approach).

kiview avatar Aug 18 '25 11:08 kiview

I'd love to help, but I couldn't figure it out. Making those changes just makes the test container fail to run/hang. Not sure if the healthcheck test needs changing.

pjrobertson avatar Aug 18 '25 12:08 pjrobertson

Did you notice, you need to change the ENTRYPOINT as well? https://github.com/testcontainers/testcontainers-go/blob/main/modules/postgres/postgres.go#L229

However, just copying the files you like you, should definitely not make the container hang, unless he takes the certs by default, enables SSL, and the healthcheck is not able to connect, because it does not trust the cert 🤔

kiview avatar Aug 18 '25 12:08 kiview

Yes I think if the certs are there then postgres starts with SSL enabled. That's all that's needed. So I guess the client is the part that needs changing, to use the certs

On Mon, Aug 18, 2025, 2:57 PM Kevin Wittek @.***> wrote:

kiview left a comment (testcontainers/testcontainers-node#1113) https://github.com/testcontainers/testcontainers-node/issues/1113#issuecomment-3196691582

Did you notice, you need to change the ENTRYPOINT as well?

https://github.com/testcontainers/testcontainers-go/blob/main/modules/postgres/postgres.go#L229

However, just copying the files you like you, should definitely not make the container hang, unless he takes the certs by default, enables SSL, and the healthcheck is not able to connect, because it does not trust the cert 🤔

— Reply to this email directly, view it on GitHub https://github.com/testcontainers/testcontainers-node/issues/1113#issuecomment-3196691582, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABEXHYRZYTDV6S6RZHNUYT3OHETDAVCNFSM6AAAAACEEO22I2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCOJWGY4TCNJYGI . You are receiving this because you were mentioned.Message ID: @.***>

pjrobertson avatar Aug 18 '25 16:08 pjrobertson