az postgres server create --name $server --resource-group $resourceGroup --location "$location" --admin-user $login --admin-password $password --sku-name $sku
az postgres server create -n gspgdb -g demo --location "northeurope" --admin-user dbuser --admin-password p4ssword
az postgres up -g MyResourceGroup -s MyServer -d MyDatabase -u MyUsername -p MyPassword
NB: USERNAME BECOMES gjermund@gspgdb:
az postgres up -g demo -s gspgdb -d mydb -u gjermund -p p4ssword
az postgres flexible-server create -n gspgdb -g demo --location "northeurope" --admin-user dbadmin --admin-password p4ssword
az postgres flexible-server create -n gspgdb --subnet /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Network/virtualNetworks/{VNetName}/subnets/{SubnetName}
az postgres flexible-server create -n gspgdb -g demo --location "northeurope" --admin-user dbadmin --admin-password p4ssword --vnet vnet-acquapgb --address-prefixes 10.0.0.0/24 --subnet subnet-obkpbupj --subnet-prefixes 10.0.0.0/24
NB: Check that the subnet is correct in the vnet!
az postgres flexible-server create -n gspgdb -g demo --location "northeurope" --admin-user keycloak --admin-password keycloak --vnet vnet-acquapgb --subnet subnet-nqnlui6nuir6e
psql -h gspgdb.postgres.database.azure.com -p 5432 -U keycloak postgres
az postgres server firewall-rule create -g demo -s dbservername -n {rule_name} --start-ip-address {ip_address} --end-ip-address {ip_address}
"Azure Database for PostgreSQL flexible server" uses another SSL alg then "Azure Database for PostgreSQL single server"
SSL/TLS Ref.: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking-ssl-tls
Data encryption can only be configured during creation of a new server, not as an update to the existing Flexible Server. You may also wish to restore existing PITR backup to a new server and enable data encryption with Customer Managed Keys.
Disable ssl with:
--ssl-enforcement Disabled
Check databases for ssl:
SELECT datname as "Database name", usename as "User name", ssl, client_addr, application_name, backend_type
FROM pg_stat_ssl
JOIN pg_stat_activity
ON pg_stat_ssl.pid = pg_stat_activity.pid
ORDER BY ssl;
Ref.:
Download DigiCert Global Root CA for Azure Postgres flexible server.
psql "sslmode=verify-full sslrootcert=DigiCertGlobalRootCA.crt.pem host=gspgdb.postgres.database.azure.com dbname=postgres user=keycloak"
psql --host=<server_name>.postgres.database.azure.com --port=5432 --username=<admin_user>@<server_name> --dbname=postgres
psql postgresql://<admin_user>%40<server_name>@<server_name>.postgres.database.azure.com:5432/postgres
Database=keycloak;Server=gspostgres.postgres.database.azure.com;UserId=keycloak;Password=keycloak
postgres://dbuser%40gspgdb:p4ssword@gspgdb.postgres.database.azure.com/postgres?sslmode=require
postgresql://dbadmin:p4ssword@gspgdb.postgres.database.azure.com/flexibleserverdb?sslmode=require