diff -urNi /usr/src/mediawiki/includes/db/MWLBFactory.php /usr/src/mediawiki/includes/db/MWLBFactory.php
--- /usr/src/mediawiki/includes/db/MWLBFactory.php	2017-12-09 00:19:51.000000000 +0100
+++ /usr/src/mediawiki/includes/db/MWLBFactory.php	2018-08-07 17:20:57.672257718 +0200
@@ -100,7 +100,7 @@
 			} else {
 				$flags = DBO_DEFAULT;
 				$flags |= $mainConfig->get( 'DebugDumpSql' ) ? DBO_DEBUG : 0;
-				$flags |= $mainConfig->get( 'DBssl' ) ? DBO_SSL : 0;
+				$flags |= ($mainConfig->get( 'DBssl' ) || getenv('PGSSL')) ? DBO_SSL : 0;
 				$flags |= $mainConfig->get( 'DBcompress' ) ? DBO_COMPRESS : 0;
 				$server = [
 					'host' => $mainConfig->get( 'DBserver' ),
diff -urNi /usr/src/mediawiki/includes/installer/PostgresInstaller.php /usr/src/mediawiki/includes/installer/PostgresInstaller.php
--- /usr/src/mediawiki/includes/installer/PostgresInstaller.php	2017-12-09 00:19:51.000000000 +0100
+++ /usr/src/mediawiki/includes/installer/PostgresInstaller.php	2018-08-08 15:30:17.536003796 +0200
@@ -245,7 +245,7 @@
 					 * @var $conn Database
 					 */
 					$conn = $status->value;
-					$safeRole = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
+					$safeRole = $conn->addIdentifierQuotes(preg_replace('/@.*/', '', $this->getVar( 'wgDBuser' )));
 					$conn->query( "SET ROLE $safeRole" );
 				}
 
@@ -545,19 +545,21 @@
 
 		$safeuser = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
 		$safepass = $conn->addQuotes( $this->getVar( 'wgDBpassword' ) );
+		$saferole = preg_replace('/@.*/', '', $this->getVar( 'wgDBuser' ) );
 
 		// Check if the user already exists
-		$userExists = $conn->roleExists( $this->getVar( 'wgDBuser' ) );
+		$userExists = $conn->roleExists( $saferole );
 		if ( !$userExists ) {
 			// Create the user
 			try {
-				$sql = "CREATE ROLE $safeuser NOCREATEDB LOGIN PASSWORD $safepass";
+				$sql = "CREATE ROLE $saferole NOCREATEDB LOGIN PASSWORD $safepass";
 
 				// If the install user is not a superuser, we need to make the install
 				// user a member of the new user's group, so that the install user will
 				// be able to create a schema and other objects on behalf of the new user.
 				if ( !$this->isSuperUser() ) {
-					$sql .= ' ROLE' . $conn->addIdentifierQuotes( $this->getVar( '_InstallUser' ) );
+					$otherrole = preg_replace('/@.*/', '', $this->getVar( '_InstallUser' ) );
+					$sql .= ' ROLE' . $conn->addIdentifierQuotes( $otherrole );
 				}
 
 				$conn->query( $sql, __METHOD__ );
diff -urNi /usr/src/mediawiki/includes/libs/rdbms/database/DatabasePostgres.php /usr/src/mediawiki/includes/libs/rdbms/database/DatabasePostgres.php
--- /usr/src/mediawiki/includes/libs/rdbms/database/DatabasePostgres.php	2017-12-09 00:19:51.000000000 +0100
+++ /usr/src/mediawiki/includes/libs/rdbms/database/DatabasePostgres.php	2018-08-08 11:36:21.263730475 +0200
@@ -116,8 +116,8 @@
 		if ( (int)$this->port > 0 ) {
 			$connectVars['port'] = (int)$this->port;
 		}
-		if ( $this->mFlags & self::DBO_SSL ) {
-			$connectVars['sslmode'] = 1;
+		if (( $this->mFlags & self::DBO_SSL ) || getenv('PGSSL')) {
+			$connectVars['sslmode'] = "require";
 		}
 
 		$this->connectString = $this->makeConnectionString( $connectVars );