PgBouncer
PgBouncer is made available on Bridge instances by default to ease connection management by multiplexing native Postgres connections across its own “virtual” connections.
Although the PgBouncer service is available on Bridge instances by default, you’ll need to take one extra step on each database you want to use it on by installing the crunchy_pooler
extension.
Activating PgBouncer with the crunchy_pooler
extension
As the superuser, run this in the database to install the crunchy_pooler
extension:
CREATE EXTENSION crunchy_pooler;
crunchy_pooler
is simple extension which creates a user called crunchy_pooler
with access to a single function called user_lookup
that allows PgBouncer to authenticate incoming connections. Now when a client makes a connection to PgBouncer, it can check whether its credentials are valid by querying Postgres’ canonical user store.
Connecting to PgBouncer
Clients will connect to PgBouncer using the same connection string they’d use for the main Postgres database, except on port 5431
instead of the usual 5432
:
psql postgres://my_application_user:[email protected]bridge.com:5431/mydb
The user_lookup
function created by crunchy_pooler
will deny lookups on superusers – only non-superusers will be able to connect through PgBouncer. The default role made available through the Bridge Dashboard is a superuser, so you’ll need to create a new role by running CREATE ROLE
SQL from the database:
CREATE ROLE my_application_user WITH PASSWORD 'my_application_password';
Or by using the cluster roles API.
💡Hint
The terms “user” and “role” in Postgres are largely synonymous, with a minor difference being thatCREATE USER
(versus CREATE ROLE
) implies LOGIN
privilege, so according to the principle of least privilege, CREATE ROLE
is the better choice for users/roles that meant for use by applications rather than people.
Disabling PgBouncer
Dropping the crunchy_pooler
exception will functionally disable PgBouncer as it’ll no longer be able to authenticate:
DROP EXTENSION crunchy_pooler;