Skip to content

Instantly share code, notes, and snippets.

@tigusigalpa

tigusigalpa/database.php

Last active March 5, 2025 05:17
Show Gist options
  • Save tigusigalpa/2d1ec6e258ed96221abf9679622d274a to your computer and use it in GitHub Desktop.
Save tigusigalpa/2d1ec6e258ed96221abf9679622d274a to your computer and use it in GitHub Desktop.
Download ZIP
Laravel PostgreSQL SSL encryption connection config
Raw
database.php
<?php
/**
* 1. You have to store your client SSL certificates on your Laravel server, in my case this is /var/certs/mydomain.com/...
* 2. You have to right select SSL mode for PostgreSQL (see https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS), verify-full means your server CA is signed for real domain name for the PostgreSQL server (recommended)
* 3. Go to Laravel config/database.php to the section 'pgsql' and extend it to the following:
*/
return [
/*...*/
'connections' => [
/*'mysql' etc*/
'pgsql' => [
/*driver, host, database, username etc*/
// sslmode
// depends on your security level
// @link https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
'sslmode' => 'verify-ca',
/** DEPRECATED SINCE LARAVEL 10: 'option' KEY, */
/** THANKS TO @andrewdevelop **/
/*'options' => [
'sslrootcert' => '/var/certs/mysite.com/postgresql-root.crt',
'sslcert' => '/var/certs/mysite.com/postgresql-client.crt',
'sslkey' => '/var/certs/mysite.com/postgresql-client.key',
]*/
/** --- WORKING FOR NOW --- */
'sslrootcert' => '/var/certs/mysite.com/postgresql-root.crt',
'sslcert' => '/var/certs/mysite.com/postgresql-client.crt',
'sslkey' => '/var/certs/mysite.com/postgresql-client.key',
]
]
];
@andrewdevelop
Copy link

I'm not sure exactly since which version of Laravel, but since version 10 the syntax has definitely changed. Instead of the options key, now the SSL parameters must be specified in the pgsql array

<?php
return [
    'connections' => [
        'pgsql' => [
	    // default settings here
            'sslmode' => 'verify-full',
            'sslrootcert' => base_path('/path/to/ca.crt'),
            'sslcert' => base_path('/path/to/client.crt'),
            'sslkey' => base_path('/path/to/client.key'),
        ],
//...

@ALTELMA
Copy link

ALTELMA commented Mar 3, 2025

Thanks @andrewdevelop +1

@tigusigalpa
Copy link
Author

I'm not sure exactly since which version of Laravel, but since version 10 the syntax has definitely changed. Instead of the options key, now the SSL parameters must be specified in the pgsql array

<?php
return [
    'connections' => [
        'pgsql' => [
	    // default settings here
            'sslmode' => 'verify-full',
            'sslrootcert' => base_path('/path/to/ca.crt'),
            'sslcert' => base_path('/path/to/client.crt'),
            'sslkey' => base_path('/path/to/client.key'),
        ],
//...

Thanks a lot!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment