planka icon indicating copy to clipboard operation
planka copied to clipboard

Published 20 hours ago verified publisher icon plankanban

Can't connect to RDS database due to SSL

Open sleao opened this issue 9 months ago • 9 comments

Hi, I'm trying to use Planka with a RDS Postgres and I can't seem to figure out how to setup SSL. I tried everything from #696 and it still won't connect. Sometimes I get the error: error: no pg_hba.conf entry for host "xxx.xxx.xxx.xxx", user "kanban", database "planka", no encryption error message and other times, this:

node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^
Error: self-signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
    at TLSSocket.emit (node:events:517:28)
    at TLSSocket._finishInit (node:_tls_wrap:1070:8)
    at ssl.onhandshakedone (node:_tls_wrap:856:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
Node.js v18.20.2

Any ideas on what to do here? this is what my variables look like:

  • BASE_URL=http://localhost:3000
  • DATABASE_URL=postgresql://planka:password@host/planka?ssl=true
  • SECRET_KEY=secretkey
  • PGSSLMODE=require

sleao avatar Apr 28 '24 16:04 sleao

Hi, You are using a self signed certificate You have to use this variable too '''

  • KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

'''

daniel-hiller avatar Apr 29 '24 11:04 daniel-hiller

Hi, You are using a self signed certificate You have to use this variable too '''

  • KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

'''

That didn't work, I'm still getting the "SELF_SIGNED_CERT_IN_CHAIN" error.

sleao avatar Apr 29 '24 11:04 sleao

can you test the connection the db host using the cli?

psql -d "dbname=postgres sslmode=require" -h psql.example.com -U postgres

you need to install the psql client first apt install postgresql-client

daniel-hiller avatar Apr 29 '24 12:04 daniel-hiller

can you test the connection the db host using the cli?

psql -d "dbname=postgres sslmode=require" -h psql.example.com -U postgres

you need to install the psql client first apt install postgresql-client

Yes I can, I can also connect via Beekeeper and pgadmin, if that helps.

sleao avatar Apr 29 '24 12:04 sleao

okay give me a bit time, i will install postgresql with ssl to test

daniel-hiller avatar Apr 29 '24 12:04 daniel-hiller

If you need some help, let me know, we can work this out together.

sleao avatar Apr 29 '24 12:04 sleao

Hi @sleao,

I could connect on my RDS with dburl: as value in helm chart with this connexion string : "postgres://<user>:<password>@<rds_endpoint>:5432/planka?sslmode=disable&connect_timeout=10"

My settings form RDS is just adding a custom parameter group with rds.force_ssl=0 and restart the RDS for apply the changes. Check this link for more informations.

After that, just got (process:20): VIPS-WARNING **: 13:11:31.773: threads clipped to 1024 but if my container restart the datas are still there.

I hope it will help !

whims-services avatar Jun 01 '24 13:06 whims-services

Hello! I have the similar issue. I'm trying to install on ECS Fargate. https://github.com/plankanban/planka/discussions/841 Tried different options иге can not connect to RDS and my log is empty. All security groups are open for all traffic.

AlexShku avatar Aug 06 '24 19:08 AlexShku

Besides the idea @whims-services gave, which is a big no no for me, I couldn't figure this one out and ended giving up on settings this up. I spent hours reading every doc from the libs planka uses to connect to postgres and couldn't figure out what was going wrong.

The error looks the same as if you weren't actually using SSL, but even with hardcoded options, it would still fail to connect. You can try and setup your own Postgres with docker, I guess.

sleao avatar Aug 12 '24 13:08 sleao