postbird icon indicating copy to clipboard operation
postbird copied to clipboard

Published 20 hours ago verified publisher icon Paxa

Connect to SSL database

Open chrisdl opened this issue 5 years ago • 18 comments

Hi!

I'm having an issue trying to connect o an SSL enabled postgres database, which does not live locally.

FATAL: no pg_hba.conf entry for host "<IP>", user "<UERNAME>", database "<DBNAME>", SSL off

I've tried adding the ?ssl=true to the connection string, which is what I needed to do for my API to talk to the database, but (1) I don't know where to do that on the "standard" connection tab and (2) if I do it using the "Connect URL" tab it complains about the sslmode having an invalid value of true.

Great product!

chrisdl avatar Jan 25 '19 20:01 chrisdl

Interesting.. I don't have an ssl enabled server to test against at the moment, but if I try appending the ssl=true param to the end of the connect string, I get the sort of message I expect.

screenshot_20190126_005323

willvincent avatar Jan 26 '19 06:01 willvincent

I think this may be a heroku specific issue. but I tried it with bdash (https://www.bdash.io/) just to make sure I wasn't eating crazy pills, and I could connect to it just fine.

The reason I tried bdash was because I ran into this: https://github.com/bdash-app/bdash/issues/7 which led me to this: https://devcenter.heroku.com/articles/connecting-to-heroku-postgres-databases-from-outside-of-heroku#ssl

I would like to keep using postbird.

appending ?sslmode=require seems to not even register with postbird. (same pg_hba.conf error message)

chrisdl avatar Jan 28 '19 16:01 chrisdl

I am having the same issue. How do you specify SSL in the standard connection tab?

osmuse avatar Jan 29 '19 14:01 osmuse

What OS do you use?

On MacOS postbird will use https://github.com/brianc/node-pg-native and on Linux with Windows https://github.com/brianc/node-postgres (I can only many static build of libpq for mac)

By experimenting I found that node-pg-native needs ?ssl= be something like disable, allow, prefer (default), require, verify-ca, verify-full But node-postgres will accept ?ssl=1 or ?ssl=true, otherwise false (default is false)

Heroku URL (via heroku login) will be with ?ssl=verify-full, for now you may open inspector by View -> Toggle Developer Tools, try connect to heroku db, and you see log message like

connecting to postgres://xxx:[email protected]:5432/xxxx?ssl=verify-full

Change ssl=verify-full to ssl=1 and try to connect via URL form

For now there is no way to specify ssl via normal form, only with "Connect URL"

This is defiantly a bug, will try to fix it

Paxa avatar Jan 30 '19 17:01 Paxa

i'm on macOS. I was trying to use Connect URL with ?ssl=require or ?sslmode=require but neither of those seemed to work. verify-full showed the pg_hba.conf error and the ssl=1 showed "invalid value true"

chrisdl avatar Jan 31 '19 03:01 chrisdl

How do I fix this? Screen Shot 2019-04-25 at 11 39 40 AM

db1359 avatar Apr 25 '19 18:04 db1359

Can you please try with new version? I made small improvements for enabling ssl

Paxa avatar May 06 '19 06:05 Paxa

I tired it. I tried many things same result. But for some reason I only see one db now instead of five.

[image: Screen Shot 2019-05-06 at 12.21.06 AM.png]

On Sun, May 5, 2019 at 11:12 PM Pavel Evstigneev [email protected] wrote:

Can you please try with new version? I made small improvements for enabling ssl

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Paxa/postbird/issues/43#issuecomment-489510086, or mute the thread https://github.com/notifications/unsubscribe-auth/AHGJ3N5PB3EXDDZPXSMTUZLPT7D4BANCNFSM4GSOK42A .

db1359 avatar May 06 '19 07:05 db1359 

version 0.8.2
ssl=true          # invalid sslmode
ssl=1               # no pg_hba.conf
ssl=require     # pg_hba
ssl=verify-full # pg_hba

Is there some other configuration I should try?

chrisdl avatar May 06 '19 14:05 chrisdl

Can you try with this package? https://postbird.paxa.kuber.host/2019_06_16.13_11-disable-libpq-4bc4376 I disabled libpq, may be it work

Paxa avatar Jun 16 '19 12:06 Paxa

@Paxa with the version provided in https://github.com/Paxa/postbird/issues/43#issuecomment-502447876 the ssl=true at the end of the connection string worked!

chrisdl avatar Jun 18 '19 06:06 chrisdl

I have the same error =( connection Digital Ocean error: SSL off.

thiagofasano avatar Jul 16 '19 23:07 thiagofasano

@thiagofasano you could rock it cutting edge style and run the package from https://github.com/Paxa/postbird/issues/43#issuecomment-502447876

@Paxa I feel like this issue is actually resolved now, or do you want to wait for it to get released?

chrisdl avatar Jul 17 '19 18:07 chrisdl

@chrisdl not work.. ssl=true

thiagofasano avatar Jul 22 '19 22:07 thiagofasano

Per this suggestion here, I found that appending ?ssl=verify-full to the connection url works for me.

adsteel avatar Feb 04 '20 18:02 adsteel

The latest development artifacts seem to have this problem fixed (https://postbird.paxa.kuber.host/2020_01_19.16_38-master-1020bfa - link from near the bottom of the readme).

stevennyman avatar Jul 19 '20 03:07 stevennyman

The problem in connect via URL is don't save the connection.

Heroku message

SSL

Applications outside of the Heroku network must support and enable SSL to connect to a Heroku Postgres database. Most clients connect over SSL by default, but sometimes it’s necessary to add the sslmode=require query parameter to your database URL before connecting.

Be sure to append the sslmode=require parameter to your database’s URL from code, rather than by editing the value of your DATABASE_URL config var directly. Various automated events (such as a failover) can change the value of the config var, which overwrites any edits you make.

Is any way to connect in standard mode adding ssl?

btd1337 avatar Dec 19 '20 05:12 btd1337

for postbird, appending ?ssl=true to the connection url solved my own problem.

chibuezedev avatar Jul 21 '23 13:07 chibuezedev