32

I want to force Django to use SSL to connect to my postgres database.

This question indicates that I need to pass sslmode='require' to the psycopg2 connect call. How do I add this to Django's database paremeters?

Improve this question

4 Answers 4

Reset to default
66

Add 'OPTIONS': {'sslmode': 'require'}, to your database config. For example:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': "db_name",
        'USER': "db_username",
        'PASSWORD': "db_password",
        'HOST': "db_host",
        'OPTIONS': {'sslmode': 'require'},
    },
}

As jklingen92 points out, if you are using a database URL, such as through django-environ, add ?sslmode=require to the end of your database URL. For example:

postgres://<DB_USERNAME>:<DB_PASSWORD>@<DB_HOST>:<PORT>/<DB_NAME>?sslmode=require
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Are you not supposed to pass a certificat ?
@Florent The database client doesn't need to specify a certificate unless you're using the optional clientcert authentication options. How to do that in Django is a separate question
10

If you're configuring a database URL, you can pass options as query parameters:

DATABASE_URL=postgres://USER:PASSWORD@HOST:PORT/NAME?sslmode=require

This works with both Django Configurations and with Django Environ. Django Configurations is built off of dj_database_url, so you can also pass ssl_require=True as @frmdstryr said:

DATABASES = values.DatabaseURLValue(environ_required=True, ssl_require=True)
Improve this answer

2 Comments

where to specify the certificate ?
@SandeepBalagopal You can specify paths to SSL certificate by adding the following to OPTIONS (along the aforementioned sslmode attribute): { 'sslmode': 'require', 'sslcert': '/path/to/file', 'sslkey': '/path/to/file', 'sslrootcert': '/path/to/file'}
5

If you're using dj_database_url you can pass ssl_require=True which sets the option for you.

import dj_database_url
DATABASES['default'] = dj_database_url.config(ssl_require=True)
Improve this answer

Comments

1

Edit the settings.py file like this:

DATABASES = {
    # 'default': {
    #     'ENGINE': 'django.db.backends.sqlite3',
    #     'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
    # },
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'HOST': 'server-ip',
        'PORT': '5432',
        'NAME': 'database-name',
        'USER': 'username',
        'PASSWORD': 'password',
        'OPTIONS': {
            'sslmode': 'require',
            'sslcert': '/path/to/file',
            'sslkey': '/path/to/file',
            'sslrootcert': '/path/to/file',
        },
    },
}

references visit here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.