# Service Level Objectives The **Grey Matter Service Level Objective (SLO)** service is compatible with **Postgres versions 10.x** and **11.x only**. For more information on the SLO service and using its API, see the [usage docs](https://greymatter.gitbook.io/grey-matter-documentation/1.3/usage/application/slo). ## SSL Configuration The server certificate must have a CN that matches the hostname of the Postgres server. See [Postgres Secure TCP/IP Connections with SSL](https://www.postgresql.org/docs/9.5/ssl-tcp.html) for details. To ensure that clients connect via SSL a `pg_hba.conf` file must be configured accordingly. ### Example ```yaml # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv4 remote connections for authenticated users hostssl all www-data 0.0.0.0/0 cert clientcert=1 hostssl all postgres 0.0.0.0/0 cert clientcert=1 ``` Certificates and the `pg_hba.conf` file must be volume mounted into the container and referenced via a Postgres startup command. The same configuration should be followed for production deployments. ```yaml environment: DATABASE_URI: postgres://postgres:mysecretpassword@postgres:5432/slo-db SSL_ENABLED: "true" SSL_SERVER_CA: /etc/gm-slo/certs/postgres/ca.crt SSL_SERVER_CERT: /etc/gm-slo/certs/postgres/server.crt SSL_SERVER_KEY: /etc/gm-slo/certs/postgres/server.key # Uncomment the env vars below to serve over TLS # SERVICE_SSL_ENABLED: "true" # SERVICE_SSL_CA: /etc/gm-slo/certs/server/ca.crt # SERVICE_SSL_CERT: /etc/gm-slo/certs/server/server.crt # SERVICE_SSL_KEY: /etc/gm-slo/certs/server/server.key volumes: - ./docker/postgres/certs/:/etc/gm-slo/certs/postgres/ - ./docker/server/certs/:/etc/gm-slo/certs/server/ ``` ## Configuration Variables | Name | Type | Default | Description | | --------------------- | ------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | | `GITHUB_ACCESS_KEY` | String | "" | OAuth token used to interact with GitHub via automated scripts | | `LOG_LEVEL` | String | debug (dev), error (prod) | Level of messages to log. debug (see [Winston Logger](https://github.com/winstonjs/winston#logging) for more) | | `DROP_SCHEMA` | Boolean | false | Controls whether or not the schema is dropped when DB connection is established. **Use with extreme caution in production.** | | `DATABASE_URI` | String | none | Database connection URL. In production, replace the password string with a secret. | | `SSL_ENABLED` | Boolean | false | Informs service to connect to Postgres via SSL | | `SSL_SERVER_CA` | String | none | Path to CA or intermediate certificate (`SSL_ENABLED=true` is required) | | `SSL_SERVER_CERT` | String | none | Path to server certificate (`SSL_ENABLED=true` is required) | | `SSL_SERVER_KEY` | String | none | Path to server certificate private key (`SSL_ENABLED=true` is required) | | `SERVICE_PORT` | Number | 1337 | Port where gm-slo will listen (overridden to use 443 if `SERVER_SSL_ENABLED=true`) | | `SERVICE_SSL_ENABLED` | Boolean | false | Informs service to receive client connections over SSL only | | `SERVICE_SSL_CA` | String | none | Path to client trust file (`SERVICE_SSL_ENABLED=true` is required) | | `SERVICE_SSL_CERT` | String | none | Path to client certificate (`SERVICE_SSL_ENABLED=true` is required) | | `SERVICE_SSL_KEY` | String | none | Path to client private key (`SERVICE_SSL_ENABLED=true` is required) | ## Questions {% hint style="success" %} **Need help configuring SLOs?** Contact us at [Grey Matter Support](https://support.greymatter.io/support/home). {% endhint %}