-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't use SSL with Postgres #956
Comments
Guuuuuuys, it's not working on Cloud9 this way.... please can you check it? |
I'm not totally clear on the specifics of this bug, but we just ran into a problem conntecting to a heroku DB from outside heroku (therefore requiring ssl). We had to change our connection parameters to tell sequelize to use native postgres bindings and turn ssl on:
We only learned about the native binding thing from one of the answers to this question: http://stackoverflow.com/questions/10279965/authentication-error-when-connecting-to-heroku-postgresql-database Hope that helps! |
It's a problem with how the connection string is generated internally. |
I see. And maybe I'm still not understanding, but we are able to connect to a postgres database over ssl using sequelize with no code modifications, as long as "native":true and "ssl":true is specified in our config. |
Yes works with native - Not with the javascript version though, where i believe i got it to work once |
Hello all. We've run into this problem too, and have solved it rather easily. It does not require use of the native module as long as you're using a new (we're using 2.11.1) version of pg. Basically, what happens is that the databaseConnectionUri method in /lib/dialects/postgres/query-generator.js doesn't look for the SSL config value when it builds out the URI that gets passed along to the So, the solution is to add an SSL check in the databaseConnectionUri template variable and then add SSL line inside the underscore template renderer directly below. I'll submit a PR for this probably later this evening. ...going to try and figure out tests before issuing the PR. 😄 Note: If you're in a hurry and just need something to work immediately you can easily set ssl to true in the pg module, in a file called defaults.js. This quick-fix certainly isn't production-ready, but it'll work if you have a demo to give today and must use SSL. Edited for grammer. |
@nickarnold yeah thats the fix/hack i did myself, but i haven't figured out a unit test for it yet - why i never made the PR. |
@nickarnold did you ever get around to doing a PR? :) |
@mickhansen I submitted @nickarnold 's change but without any unit test additions. I wasn't sure how to add that to the test db to write something that made any sense. I'm willing to write the tests and do the work but need a little direction |
@joeylgutierrez Yeah not sure testing is feasible here, i'll look at your PR. |
Could you please reopen this issue. Trying to connect with heroku.
I get this
Is there a switch to put ssl on? |
@amingilani did you read the issue at all? or look at docs, anyways you should use |
@mickhansen you're a beautiful person. By the way, nowhere in this issue does it say to use I'm just going to leave this snippet for someone like me that runs into problems with Heroku: var sequelize = new Sequelize(process.env.DATABASE_URL, {
dialect: 'postgres',
dialectOptions: {
ssl: true
}
}); |
@amingilani You're right about that. |
Thanks @amingilani. That was a big help with my Heroku setup. |
@mickhansen Thanks for a very helpful ticket/thread here. After installing the latest sequelize (3.23.2) and pg modules and setting up SSL and pg-native (and the libpq dependancies) I was still getting connection errors:
The password had a "#" and a "&" in it which are valid characters for a postgres password and looks like they break the url.parse() in line 125 in the Sequelize constructor:
After I removed those characters everything worked perfect. Hope this helps anyone running into the same issue and don't know if this gets filed into the "stupid password" bucket or if you want me to create a new bug ticket. Thanks for everything you do for Sequelize! |
|
For me the problem was caused by Sequelize parsing I fixed the parsing in my
IIRC this doesn't work with the more recent versions of Node's URL library. This was for 6.26. |
read the gissue sequelize/sequelize#956 (comment)
read the gissue sequelize/sequelize#956 (comment)
Thank you very very much!! |
For Me, just setting I had to perform these 2 steps
LIKE THIS EXAMPLE BELOW const sequelize = new Sequelize(`${process.env.DATABASE_URI}?sslmode=require`, {
url: process.env.DATABASE_URI,
dialect: 'postgres',
logging: false,
dialectOptions: {
ssl: {
rejectUnauthorized: false, // very important
}
}
} For More Information, here is an Article on Heroku DevCenter about it |
@tunjioye Did you see documentation somewhere saying that |
You are right @radcapitalist |
I'm having this issue with cli tool with |
I keep getting the following error even though my queries still work. Is this expected when using
This is my current configuration:
I'm currently running the following setup:
I'm also running Node.js 10.24.0 and Postgres 13.2 (using the Heroku Postgres add-on). |
@joao-p-pinto-findmore update your sequelize options to this.
Notice the You can read this comment for more #956 (comment) |
We've had several issues similar to you in the past few days on Heroku servers too.
Their support pointed us at 2 recent changes : We struggled to find why the suggested But Postgres v13.2 databases still struggled with Not sure what is the underlying issue, I'm guessing some kind of order of precedence between configs vars, URL params and parameters passed in Hope this helps :-) |
IN ADDITION |
If you have this issue for PGSSLMODE=no-verify npx sequelize-cli --url $DATABASE_URL db:migrate |
Hello, adding these lines
Inside my 'new Sequilize' configuration object helped me get my Heroku app to start working again thanks!
|
read the gissue sequelize/sequelize#956 (comment)
Hi, with this code how can I dynamically toggle the SSL requirement? It just says rejectUnauthorized. Is there any way in sequelize to do it? |
I get for the following both configs the error "self signed certificate".
Config 2: it worked with Config 3:
|
module.exports = { |
Have you been able to solve it? |
Yes, I have, It works on heroku |
read the gissue sequelize/sequelize#956 (comment)
I wrote a local hack first, but a change in the master breaks that.
So i'll try to write a full fix with tests, but we'll need some kind of flag, since the postgres server you test on has to be set up for SSL.
The text was updated successfully, but these errors were encountered: