add TOC and fix permissions for SSL certificates

README.md

@@ -1,6 +1,44 @@
 [![Scenario Tests](https://github.com/kartoza/docker-postgis/actions/workflows/build-latest.yaml/badge.svg?branch=develop&event=push)](https://github.com/kartoza/docker-postgis/actions/workflows/build-latest.yaml)
 [![deploy-image](https://github.com/kartoza/docker-postgis/actions/workflows/deploy-image.yaml/badge.svg)](https://github.com/kartoza/docker-postgis/actions/workflows/deploy-image.yaml)
 
+# Table of Contents
+* [docker-postgis](#docker-postgis)
+   * [Tagged versions](#tagged-versions)
+   * [Getting the image](#getting-the-image)
+   * [Building the image](#building-the-image)
+           * [Alternative base distributions builds](#alternative-base-distributions-builds)
+           * [Locales](#locales)
+       * [Environment variables](#environment-variables)
+           * [Cluster Initializations](#cluster-initializations)
+           * [Postgres Encoding](#postgres-encoding)
+           * [Basic configuration](#basic-configuration)
+       * [Schema Initialisation](#schema-initialisation)
+           * [Configures archive mode](#configures-archive-mode)
+           * [Configure WAL level](#configure-wal-level)
+           * [Configure networking](#configure-networking)
+           * [Additional configuration](#additional-configuration)
+   * [Docker secrets](#docker-secrets)
+   * [Running the container](#running-the-container)
+       * [Using the terminal](#using-the-terminal)
+   * [Convenience docker-compose.yml](#convenience-docker-composeyml)
+   * [Connect via psql](#connect-via-psql)
+   * [Running SQL scripts on container startup.](#running-sql-scripts-on-container-startup)
+   * [Storing data on the host rather than the container.](#storing-data-on-the-host-rather-than-the-container)
+   * [Postgres SSL setup](#postgres-ssl-setup)
+       * [Forced SSL: forced using the shipped snakeoil certificates](#forced-ssl-forced-using-the-shipped-snakeoil-certificates)
+       * [Forced SSL with Certificate Exchange: using SSL certificates signed by a certificate authority](#forced-ssl-with-certificate-exchange-using-ssl-certificates-signed-by-a-certificate-authority)
+           * [SSL connection inside the docker container using openssl certificates](#ssl-connection-inside-the-docker-container-using-openssl-certificates)
+   * [Postgres Replication Setup](#postgres-replication-setup)
+       * [Streaming replication](#streaming-replication)
+           * [Database permissions](#database-permissions)
+           * [Sync changes from master to replicant](#sync-changes-from-master-to-replicant)
+           * [Promoting replicant to master](#promoting-replicant-to-master)
+           * [Preventing replicant database destroy on restart](#preventing-replicant-database-destroy-on-restart)
+       * [Logical replication](#logical-replication)
+       * [Docker image versions](#docker-image-versions)
+       * [Support](#support)
+   * [Credits](#credits)
+  
 # docker-postgis
 
 A simple docker container that runs PostGIS

scripts/setup-ssl.sh

@@ -31,6 +31,20 @@ file_env 'SSL_CA_FILE'
 mkdir -p ${PGSTAT_TMP}
 chmod 0777 ${PGSTAT_TMP}
 
+if [ ! -z "${SSL_CA_FILE}" ]; then
+  chmod 0640 ${SSL_CA_FILE}
+fi
+
+if [ ! -z "${SSL_KEY_FILE}" ]; then
+  chmod 0600 ${SSL_KEY_FILE}
+fi
+
+
+if [ ! -z "${SSL_CERT_FILE}" ]; then
+  chmod 0600 ${SSL_CERT_FILE}
+fi
+
+
 # moved from setup.sh
 cat > ${ROOT_CONF}/ssl.conf <<EOF
 ssl = true