Mirror Importer SSL support

[exodus-justinz]

Problem

Do we have any plans on supporting SSL on importer, the same way we do with the rest API?

For context, we want to improve our security in general and one way to do this is to require SSL on db connections.

Solution

Alternatives

No response

[steven-sheehy]

It should already be supported via the underlying libraries, though we haven't tested it. Spring boot has nice ssl support via its ssl bundles for everything except jdbc unfortunately. For jdbc, you have to set the ssl connection properties in the spring.datasource.url.

[exodus-justinz]

is there a way to set the SSL config now on importer?

[steven-sheehy]

See above where i mention to set it in the url

[exodus-justinz]

ok... we set the config via environment variables. so does that mean using SPRING_DATASOURCE_USESSL=true will work since we can use spring config?

[steven-sheehy]

No, you set the aforementioned property to something with the appropriate jdbc ssl config parameters e.g. SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/mirror_node?ssl=true&sslmode=require&.....

[exodus-justinz]

We have a script to set the jdbc url and unset the db host, port, and db name to test this

export SPRING_DATASOURCE_URL=jdbc:postgresql://mirror-node-db:5432/mirror_node

unset HEDERA_MIRROR_IMPORTER_DB_HOST
unset HEDERA_MIRROR_IMPORTER_DB_PORT
unset HEDERA_MIRROR_IMPORTER_DB_NAME

## Start application
java org.springframework.boot.loader.launch.JarLauncher

But upon running it, we encounter this error message

2024-01-29T04:31:46.804Z ERROR main c.z.h.p.HikariPool HikariPool-1 - Exception during pool initialization. org.postgresql.util.PSQLException: Connection to 127.0.0.1:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.