feat(db): add SSL/TLS support for PostgreSQL

[Altahrim]

Summary

Add SSL/TLS support for PostgreSQL

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)

[AndyScherzinger]

/backport to stable32

[AndyScherzinger]

/backport to stable31

[AndyScherzinger]

/backport to stable30

[szaimen]

Can we maybe add some CI that tests this automatically?

[kesselb]

🐘

[backportbot]

The backport to stable30 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable30
git pull origin stable30

# Create the new backport branch
git checkout -b backport/55170/stable30

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 58839144

# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/55170/stable30

Error: Failed to push branch backport/55170/stable30: remote: {"auth_status":"auth_error","body":"Invalid username or token. Password authentication is not supported for Git operations."}
fatal: Authentication failed for 'https://github.com/nextcloud/server.git/'

---

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

[AndyScherzinger]

/backport to stable30

[nfk]

@Altahrim and @AndyScherzinger thanks for this feature! What is the best way to bootstrap a NC instance with posgres SSL connection?

SSL parameters are no exposed into the install part

server/core/Command/Maintenance/Install.php

Lines 36 to 52 in 464d12e

	protected function configure(): void {
	$this
	->setName('maintenance:install')
	->setDescription('install Nextcloud')
	->addOption('database', null, InputOption::VALUE_REQUIRED, 'Supported database type', 'sqlite')
	->addOption('database-name', null, InputOption::VALUE_REQUIRED, 'Name of the database')
	->addOption('database-host', null, InputOption::VALUE_REQUIRED, 'Hostname of the database', 'localhost')
	->addOption('database-port', null, InputOption::VALUE_REQUIRED, 'Port the database is listening on')
	->addOption('database-user', null, InputOption::VALUE_REQUIRED, 'Login to connect to the database')
	->addOption('database-pass', null, InputOption::VALUE_OPTIONAL, 'Password of the database user', null)
	->addOption('database-table-space', null, InputOption::VALUE_OPTIONAL, 'Table space of the database (oci only)', null)
	->addOption('disable-admin-user', null, InputOption::VALUE_NONE, 'Disable the creation of an admin user')
	->addOption('admin-user', null, InputOption::VALUE_REQUIRED, 'Login of the admin account', 'admin')
	->addOption('admin-pass', null, InputOption::VALUE_REQUIRED, 'Password of the admin account')
	->addOption('admin-email', null, InputOption::VALUE_OPTIONAL, 'E-Mail of the admin account')
	->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data');
	}

server/lib/private/Setup.php

Line 378 in ed8744e

$dbSetup->initialize($options);

[kesselb]

I think it should work to prepare an additional pgsql_ssl.config.php in config directory with only the pgsql ssl configuration.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-merged-configuration-files for more details.

[nfk]

I think it should work to prepare an additional pgsql_ssl.config.php in config directory with only the pgsql ssl configuration.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-merged-configuration-files for more details.

@kesselb I confirm is working well, still some issues with my certificate but NC see the psqld ssl config. Thanks for the quick reply.