diff --git a/CHANGELOG.md b/CHANGELOG.md
index e92ed5b5..55331646 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@
- Make it possible to disable TS2019 with build flag [#928](https://github.com/juanfont/headscale/pull/928)
- Fix OIDC registration issues [#960](https://github.com/juanfont/headscale/pull/960) and [#971](https://github.com/juanfont/headscale/pull/971)
- Add support for specifying NextDNS DNS-over-HTTPS resolver [#940](https://github.com/juanfont/headscale/pull/940)
+- Make more sslmode available for postgresql connection [#927](https://github.com/juanfont/headscale/pull/927)
## 0.16.4 (2022-08-21)
diff --git a/README.md b/README.md
index 661895a6..943c51d1 100644
--- a/README.md
+++ b/README.md
@@ -269,6 +269,13 @@ make build
Mike Lloyd
+
+
+ 
+
+ Anton Schubert
+
+ |
@@ -283,6 +290,8 @@ make build
Eugen Biegler
|
+
+
@@ -290,15 +299,6 @@ make build
Azz
|
-
-
-
-
-
-
- Anton Schubert
-
- |
@@ -327,6 +327,15 @@ make build
Fernando De Lucchi
|
+
+
+ 
+
+ Orville Q. Song
+
+ |
+
+
@@ -334,8 +343,6 @@ make build
hdhoang
|
-
-
@@ -371,6 +378,8 @@ make build
Mevan Samaratunga
|
+
+
@@ -378,8 +387,6 @@ make build
Michael G.
|
-
-
@@ -415,6 +422,8 @@ make build
Artem Klevtsov
|
+
+
@@ -422,8 +431,6 @@ make build
Casey Marshall
|
-
-
@@ -445,6 +452,13 @@ make build
Silver Bullet
|
+
+
+ 
+
+ Steven Honson
+
+ |
@@ -452,6 +466,8 @@ make build
Victor Freire
|
+
+
@@ -466,8 +482,6 @@ make build
thomas
|
-
-
@@ -496,6 +510,15 @@ make build
Aofei Sheng
|
+
+
+
+
+ 
+
+ Arnar
+
+ |
@@ -510,8 +533,6 @@ make build
Bryan Stenson
|
-
-
@@ -533,6 +554,8 @@ make build
Felix Kronlage-Dammers
|
+
+
@@ -554,8 +577,6 @@ make build
Jim Tittsler
|
-
-
@@ -570,13 +591,6 @@ make build
Pierre Carru
|
-
-
- 
-
- Pontus N
-
- |
@@ -584,6 +598,8 @@ make build
Rasmus Moorats
|
+
+
@@ -598,8 +614,6 @@ make build
Mend Renovate
|
-
-
@@ -628,6 +642,8 @@ make build
sophware
|
+
+
@@ -642,8 +658,6 @@ make build
Teteros
|
-
-
@@ -672,6 +686,8 @@ make build
Tjerk Woudsma
|
+
+
@@ -686,8 +702,6 @@ make build
Yujie Xia
|
-
-
@@ -716,6 +730,8 @@ make build
derelm
|
+
+
@@ -730,8 +746,13 @@ make build
ignoramous
|
-
-
+
+
+ 
+
+ suhelen
+
+ |
@@ -739,6 +760,13 @@ make build
sharkonet
|
+
+
+ 
+
+ manju-rn
+
+ |
@@ -746,6 +774,8 @@ make build
pernila
|
+
+
diff --git a/app.go b/app.go
index e09483f8..d840fd78 100644
--- a/app.go
+++ b/app.go
@@ -11,6 +11,7 @@ import (
"os"
"os/signal"
"sort"
+ "strconv"
"strings"
"sync"
"syscall"
@@ -127,8 +128,12 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {
cfg.DBuser,
)
- if !cfg.DBssl {
- dbString += " sslmode=disable"
+ if sslEnabled, err := strconv.ParseBool(cfg.DBssl); err == nil {
+ if !sslEnabled {
+ dbString += " sslmode=disable"
+ }
+ } else {
+ dbString += fmt.Sprintf(" sslmode=%s", cfg.DBssl)
}
if cfg.DBport != 0 {
diff --git a/config-example.yaml b/config-example.yaml
index 2028d332..57866785 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -143,6 +143,9 @@ db_path: ./db.sqlite
# db_name: headscale
# db_user: foo
# db_pass: bar
+
+# If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
+# in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
# db_ssl: false
### TLS configuration
diff --git a/config.go b/config.go
index b4cad5be..11883565 100644
--- a/config.go
+++ b/config.go
@@ -51,7 +51,7 @@ type Config struct {
DBname string
DBuser string
DBpass string
- DBssl bool
+ DBssl string
TLS TLSConfig
@@ -545,7 +545,7 @@ func GetHeadscaleConfig() (*Config, error) {
DBname: viper.GetString("db_name"),
DBuser: viper.GetString("db_user"),
DBpass: viper.GetString("db_pass"),
- DBssl: viper.GetBool("db_ssl"),
+ DBssl: viper.GetString("db_ssl"),
TLS: GetTLSConfig(),
|