Contact usRequest a demo

Setting up PostgreSQL for Unblu

To create the unblu database and users on PostgreSQL, run the following commands:

Listing 1. Create the unblu database and users 
create database unblu;

-- activate database: \c unblu
create user unblu with password '<user-pwd>';
create user unblu_admin with password '<admin-pwd>';
grant usage, create on schema public to unblu_admin;

-- run as unblu_admin
alter default privileges for user unblu_admin in schema public grant select, update, insert, delete on tables to unblu;
alter default privileges for user unblu_admin in schema public grant usage, select on sequences to unblu;

Next, configure Unblu to use your PostgreSQL database. The example configuration below connects to the database unblu and relies on the default schema public, which you don’t need to create.

Listing 2. Unblu PostgreSQL configuration 
com.unblu.storage.database.platform=org.eclipse.persistence.platform.database.PostgreSQLPlatform
com.unblu.storage.database.driver=org.postgresql.Driver
com.unblu.storage.database.url=jdbc\:postgresql\://<server>\:5432/unblu (1)
com.unblu.storage.database.user=unblu
com.unblu.storage.database.password=<user-pwd> (2)
com.unblu.storage.database.adminUser=unblu_admin
com.unblu.storage.database.adminPassword=<admin-pwd> (3)
com.unblu.storage.database.schema=public
com.unblu.storage.database.liquibaseSchema=public
1 Replace <server> with your database hostname or IP address.
2 Replace <user-pwd> with the password of the unblu user.
3 Replace <admin-pwd> with the password of the unblu_admin user.

Transparent encrypted SSL connection

This additional configuration property enables the connection to use SSL encryption (connecting a SSL-enabled database):

Listing 3. Unblu PostgreSQL SSL configuration 
com.unblu.storage.database.jdbcProperties=\
  sslmode\=verify-ca,\
  sslrootcert\=path/to/root-ca.pem.crt,\ (1)
  sslcert\=path/to/client-cert.pem.crt,\ (1)
  sslkey\=path/to/client-key.pem.pk8 (1)
1 Replace the values with valid paths and filenames

Your certificates must be binary DER encoded, and the key file must be a binary DER encoded key (for example PKCS #8). You can convert PEM files to the PKCS #8 format as follows:

Listing 4. Commands to convert PEM files to PKCS #8 
# Create key file
openssl pkcs8 -topk8 \
  -in KEY_FILE.pem -inform pem \
  -out KEY_FILE.pem.pk8 -outform der \ -nocrypt

# Create certificate file
openssl x509 \
  -in CERT_FILE.pem \
  -out CERT_FILE.pem.crt -outform DER

For more information on PostgreSQL encryption options, refer to the "Encryption Options" section of the PostgreSQL documentation.