Refactor database SSL configuration for improved clarity and flexibility

- Updated SSL settings in database.module.ts and ormconfig.ts to use DATABASE_SSL environment variable for better control over SSL usage. - Clarified comments to indicate that SSL is only necessary for remote PostgreSQL instances, enhancing understanding for local development setups.
2026-02-13 17:28:28 +00:00
parent b8ab347c68
commit 8c43448306
2 changed files with 10 additions and 13 deletions
--- a/backend/src/database/database.module.ts
+++ b/backend/src/database/database.module.ts
@@ -37,12 +37,11 @@ import { Unique } from './validators/unique.validator';
          query_timeout: 30_000,
          statement_timeout: 30_000,
        },
-        // No SSL for local/Docker environments
-        ssl:
-          configService.get('ENVIRONMENT') === 'local' ||
-          configService.get('ENVIRONMENT') === 'development'
-            ? false
-            : { rejectUnauthorized: false },
+        // SSL is only needed for remote/managed PostgreSQL (e.g. AWS RDS).
+        // Self-hosted Docker setups use an internal network — no SSL required.
+        ssl: configService.get('DATABASE_SSL') === 'true'
+          ? { rejectUnauthorized: false }
+          : false,
      }),
    }),
  ],
--- a/backend/src/database/ormconfig.ts
+++ b/backend/src/database/ormconfig.ts
@@ -18,11 +18,9 @@ export default new DataSource({
  migrations: ['dist/database/migrations/*.{ts,js}'],
  migrationsTableName: 'typeorm_migrations',
  synchronize: false,
-  ssl:
-    configService.get('ENVIRONMENT') === 'local' ||
-    configService.get('ENVIRONMENT') === 'development'
-      ? false
-      : {
-          rejectUnauthorized: false,
-        },
+  // SSL is only needed for remote/managed PostgreSQL (e.g. AWS RDS).
+  // Self-hosted Docker setups use an internal network — no SSL required.
+  ssl: configService.get('DATABASE_SSL') === 'true'
+    ? { rejectUnauthorized: false }
+    : false,
 });