Skip to main content
Version: 8.5

Database

note

Web Modeler Self-Managed is available to enterprise customers only.

This page describes advanced database connection configuration for Web Modeler. For a general guide on how to set up Web Modeler's database connection, visit the configuration overview.

Configuring SSL for the database connection

The generic way to configure an SSL connection between Web Modeler and the database is as follows:

  • Modify the JDBC URL SPRING_DATASOURCE_URL and customize connection parameters.
  • Provide SSL certificates and keys to the restapi component, if required.

Consult the PostgreSQL documentation for a description of the different SSL modes and the security provided.

For a full list of all available connection parameters, visit the PostgreSQL documentation.

Below are examples for common scenarios, increasing in the level of security they provide.

SSL mode "require"

In this mode, an SSL connection is established between Web Modeler and the database. It is still prone to person-in-the-middle attacks.

To enable this mode, modify the JDBC URL as follows: jdbc:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?sslmode=require

No certificates are needed in Web Modeler for this mode.

SSL mode "verify-full"

In this mode, Web Modeler requests a certificate from the database server to verify its identity. It is not prone to person-in-the-middle attacks.

To enable this mode, mount the root certificate with which the server certificate was signed and follow these steps:

  1. Provide the root certificate at this location: myCA.crt -> ~/.postgresql/root.crt.
  2. Modify the JDBC URL: jdbc:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?ssl=true.

SSL mode "verify-full" with client certificates

In this mode, Web Modeler requests a certificate from the database server to verify the server's identity, and the server requests a certificate from the client to verify the client's identity.

To enable this mode, mount the client certificates and follow these steps:

  1. Provide client certificates at these locations:
    1. myClientCertificate.pk8 -> ~/.postgresl/postgresql.pk8
    2. myClientCertificate.crt -> ~/.postgresl/postgresql.crt
  2. Provide the root certificate at this location: myCA.crt -> ~/.postgresql/root.crt.
  3. Modify the JDBC URL: jdbc:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?ssl=true.

Furthermore, configure the database server to verify client certificates: PostgreSQL documentation.

Running Web Modeler on Amazon Aurora PostgreSQL

Web Modeler supports running on Amazon Aurora PostgreSQL. To connect Web Modeler with your Amazon Aurora PostgreSQL instance, make the following configuration adjustments:

  1. Modify the SPRING_DATASOURCE_URL environment variable: jdbc:aws-wrapper:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME].
  2. Add the environment variable SPRING_DATASOURCE_DRIVER_CLASS_NAME with the value software.amazon.jdbc.Driver.

For a full list of available driver parameters visit the AWS JDBC Driver documentation.

AWS IAM authentication

To use AWS Identity and Access Management (IAM) database authentication with your Amazon Aurora PostgreSQL instance, in addition to the adjustments described above, follow these steps:

  1. Modify the SPRING_DATASOURCE_URL environment variable as follows: jdbc:aws-wrapper:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?wrapperPlugins=iam.
  2. Modify the SPRING_DATASOURCE_USERNAME environment variable to match the database user you configured for AWS IAM authentication as described in the Amazon Aurora documentation.
  3. Remove the SPRING_DATASOURCE_PASSWORD environment variable.