@@ -107,20 +107,25 @@ runs:
107107 --no-instructions
108108
109109 # Create new ssl certificate
110- openssl req -new -x509 -days 365 -nodes -text -out $PGDATA/server.crt -keyout $PGDATA/server.key -subj "/CN=localhost"
111- chmod og-rwx $PGDATA/server.key $PGDATA/server.crt
112- cp $PGDATA/server.crt ${{ inputs.ca_file_output }}
110+ if [ ${{ inputs.ssl_on }} == "on" ]; then
111+ openssl req -new -x509 -days 365 -nodes -text -out $PGDATA/server.crt -keyout $PGDATA/server.key -subj "/CN=localhost"
112+ chmod og-rwx $PGDATA/server.key $PGDATA/server.crt
113+ cp $PGDATA/server.crt ${{ inputs.ca_file_output }}
114+ fi
113115
114116 # Do not create unix sockets since they are created by default in the
115117 # directory we have no permissions to (owned by system postgres user).
116118 echo "unix_socket_directories = ''" >> "$PGDATA/postgresql.conf"
117119 echo "port = ${{ inputs.port }}" >> "$PGDATA/postgresql.conf"
118- pg_ctl start
119120
120121 # Set new configuration option with ssl to Postgres
121- echo "ssl = on" >> "$PGDATA/postgresql.conf"
122- echo "ssl_cert_file = '$PGDATA/server.crt'" >> "$PGDATA/postgresql.conf"
123- echo "ssl_key_file = '$PGDATA/server.key'" >> "$PGDATA/postgresql.conf"
122+ if [ ${{ inputs.ssl_on }} == "on&quo
6948
t; ]; then
123+ echo "ssl = on" >> "$PGDATA/postgresql.conf"
124+ echo "ssl_cert_file = '$PGDATA/server.crt'" >> "$PGDATA/postgresql.conf"
125+ echo "ssl_key_file = '$PGDATA/server.key'" >> "$PGDATA/postgresql.conf"
126+ fi
127+
128+ pg_ctl start
124129
125130 # Save required connection parameters for created superuser to the
126131 # connection service file [1]. This allows using these connection
0 commit comments