stunnel.conf

 

; stunnel.conf
client = yes
[postgres]
accept = 127.0.0.1:30003
connect = db1.uptrio8888.com:30003
sni = db1.uptrio8888.com

 

https://www.stunnel.org/downloads/stunnel-5.74-win64-installer.exe

 

        - name: KONG_KONG_DEBUG
          value: "1"
        - name: KONG_LOG_LEVEL
          value: debug

 

2025/01/13 07:02:57 [debug] 1294#0: *138186 stream [lua] init.lua:1361: balancer(): setting address (try 1): 10.96.192.185:5432

 

String url = "jdbc:postgresql://<host>:<port>/<database>?ssl=true&sslfactory=com.example.CustomSniSSLSocketFactory";

 

 

CustomSniSSLSocketFactory

import org.postgresql.ssl.WrappedFactory;

import javax.net.ssl.*;
import java.io.IOException;
import java.net.Socket;
import java.util.Collections;

public class CustomSniSSLSocketFactory extends WrappedFactory {

    @Override
    protected SSLSocketFactory createDefaultSSLSocketFactory() {
        try {
            // 기본 SSL 컨텍스트 초기화
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, null, null); // 필요시 사용자 정의 TrustManager 또는 KeyManager 추가
            return sslContext.getSocketFactory();
        } catch (Exception e) {
            throw new RuntimeException("Failed to create SSL Socket Factory", e);
        }
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException {
        Socket socket = super.createSocket(host, port);

        if (socket instanceof SSLSocket sslSocket) {
            // SNI를 설정
            SSLParameters sslParameters = sslSocket.getSSLParameters();
            sslParameters.setServerNames(Collections.singletonList(new SNIHostName(host)));
            sslSocket.setSSLParameters(sslParameters);
        }

        return socket;
    }
}​