Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate Path when connecting to database via SSL #160

Closed
GuruCharan94 opened this issue Dec 20, 2019 · 7 comments
Closed

Certificate Path when connecting to database via SSL #160

GuruCharan94 opened this issue Dec 20, 2019 · 7 comments
Labels
enhancement P1

Comments

@GuruCharan94
Copy link

@GuruCharan94 GuruCharan94 commented Dec 20, 2019

Hi, I am unable to connect to Postgres when I set --storage.sqlConnectionSsl to true.
I am guessing (and I may be wrong here) that the solution is related to this stackoverflow answer

If that is the case, how do I specify the certificate path?

FWIW, The lighthouse server and Postgres is running on Azure.

@GuruCharan94 GuruCharan94 changed the title Connecting to Postgres via SSL Certificate Path when connecting to Postgres via SSL Dec 20, 2019
@patrickhulce patrickhulce changed the title Certificate Path when connecting to Postgres via SSL Certificate Path when connecting to database via SSL Dec 20, 2019
@patrickhulce patrickhulce added enhancement P2 labels Dec 20, 2019
@patrickhulce
Copy link
Collaborator

@patrickhulce patrickhulce commented Dec 20, 2019

Ah lhci doesn't currently expose the manual certificate options if it's self-signed, sorry! That's a good feature request though 👍

@mcr85
Copy link

@mcr85 mcr85 commented Apr 22, 2020

Hi, any plans to expose SSL cert configuration for database connection?

@patrickhulce
Copy link
Collaborator

@patrickhulce patrickhulce commented Apr 22, 2020

It already is.

@albertoal
Copy link

@albertoal albertoal commented Jun 4, 2020

When upgrading my LHCI server from 0.3.7 to 0.4.1 and using --storage.sqlConnectionSsl I was getting this error:

(node:16) UnhandledPromiseRejectionWarning: SequelizeConnectionError: no pg_hba.conf entry for host "private IP - redacted", user "*******", database "***", SSL off

My Postgres DB requires SSL on all the connections.

Adding ?ssl=true to the connection string didn't help either.

Found this SO answer which advised to also require SSL on sqlDialectOptions so implemented it as follows on my LHCI server:

  storage: {
    storageMethod: 'sql',
    sqlDialect: 'postgres',
    sqlConnectionSsl: true,
    sqlConnectionUrl: process.env.DB_CONN_URL,
    sqlDialectOptions: {
      ssl: {
        require: true,
      },
    }

After adding the above, my server worked fine.

Do you want me to add this use case to the docs @patrickhulce ? It would seem that --storage.sqlConnectionSsl doesn't seem to work on Postgres servers where SSL is enforced.

@patrickhulce
Copy link
Collaborator

@patrickhulce patrickhulce commented Jun 4, 2020

Hm, we didn't change anything in the SQL options between those versions that I'm aware of. Are you positive that you didn't update the postgres dependency at the same time?

Happy to add this to the docs though once we figure out why the support change!

@albertoal
Copy link

@albertoal albertoal commented Jun 4, 2020

Thanks Patrick, looking at the package-lock.json diff, I only see sequelize going from^4.42.0 to ^4.44.3 but didn't touched pg at all. I don't have a lot of time to test this locally but should be able to repro locally assuming the local PG instance requires SSL. Unfortunately when using the default postgres Docker container and my code above I was getting this error:

SequelizeConnectionError: The server does not support SSL connections

Our cloud-based Postgres enforces SSL connections and that this was the only way I could get it to work. Thanks!

@patrickhulce
Copy link
Collaborator

@patrickhulce patrickhulce commented Jun 4, 2020

Very odd that it would stop working then, perhaps it's a change in sequelize behavior in those versions?

Either way happy to add what you found to the docs. Thanks for sharing!

noelmace added a commit to fullwebdev/lhci-server-heroku that referenced this issue Sep 15, 2021
this should fix the connection to the DB
`Database Initialization Error: no pg_hba.conf entry`

see GoogleChrome/lighthouse-ci#160 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement P1
Projects
None yet
Development

No branches or pull requests

4 participants