[PP-1775] Ensure that application to talk to postgres when SSL is req…

…uired.

Additional updates:
   * upgrades image to python 3.12
   * upgrades postgres to 16 (to match latest RDS deployment)

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.10-slim
+FROM python:3.12-slim
 
 ENV APP_DIR=/virtual_library_card/ \
     DJANGO_SETTINGS_MODULE=virtual_library_card.settings.prod \
@@ -22,6 +22,11 @@ ENV UWSGI_MASTER=1 \
     UWSGI_POST_BUFFERING=1 \
     UWSGI_LOGFORMAT="[pid: %(pid)|app: -|req: -/-] %(addr) (%(user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(clean_uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))"
 
+# required for postgres ssl: the crt file doesn't exist
+# but the path must point to a visible directory otherwise we 
+# get a permissions error
+ENV PGSSLCERT /tmp/postgresql.crt
+
 ARG POETRY_VERSION=1.7.1
 ARG REPO=ThePalaceProject/virtual-library-card
 

docker-compose.yml

@@ -23,11 +23,15 @@ services:
       SUPERUSER_PASSWORD: "test"
 
   pg:
-    image: "postgres:12"
+    image: "postgres:16"
     environment:
       POSTGRES_USER: vlc
       POSTGRES_PASSWORD: test
       POSTGRES_DB: virtual_library_card_dev
+    command: >
+      -c ssl=on 
+      -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+      -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 
   minio:
     image: "bitnami/minio:2023.2.27"

virtual_library_card/settings/dev.py

@@ -22,6 +22,7 @@
         "PASSWORD": "test",
         "HOST": os.environ.get("VLC_DEV_DB_HOST", "pg"),
         "PORT": os.environ.get("VLC_DEV_DB_PORT", "5432"),
+        "OPTIONS": {"sslmode": "require"},
     }
 }