umami
umami copied to clipboard
umami-software
check-db script fails on Heroku Postgres: no pg_hba.conf entry ... no encryption
Describe the Bug
Hi 👋
When deploying umami 3.0.0 to Heroku, the build fails at the check-db step even though the database connection works. It looks like the raw Prisma query is trying to connect without SSL and Heroku Postgres rejects it.
What happens
During build, these steps pass:
- check-env ✅
- build-db ✅
- prisma generate ✅
- build-prisma-client ✅
- check-db ❌ (this is where it fails)
Database
PostgreSQL
Relevant log output
> [email protected] check-db /tmp/build_aba1a698
> node scripts/check-db.js
✓ DATABASE_URL is defined.
✓ Database connection successful.
✗
Invalid `prisma.$queryRaw()` invocation:
Raw query failed. Code: `28000`. Message: `no pg_hba.conf entry for host "xxx", user "xxx", database "xxx", no encryption`
ELIFECYCLE Command failed with exit code 1.
ERROR: "check-db" exited with 1.
-----> Build failed
! Push rejected, failed to compile Node.js app.
Which Umami version are you using? (if relevant)
3.0.0
Which browser are you using? (if relevant)
No response
How are you deploying your application? (if relevant)
Heroku
I'm getting a similar error on Vercel, that I believe to be the same issue. Database is on Supabase.
✓ DATABASE_URL is defined.
✓ Database connection successful.
✗
Invalid `prisma.$queryRaw()` invocation:
Raw query failed. Code: `XX000`. Message: `SSL connection is required`
ELIFECYCLE Command failed with exit code 1.
ERROR: "check-db" exited with 1.
ELIFECYCLE Command failed with exit code 1.
Error: Command "pnpm run build" exited with 1
Does your DATABASE_URL have ?sslmode=require? I can take a further look if the check-db still fails with that added.
@franciscao633 Just tried adding and got a different error now:
✓ DATABASE_URL is defined.
✓ Database connection successful.
✗
Invalid `prisma.$queryRaw()` invocation:
Raw query failed. Code: `N/A`. Message: `Error opening a TLS connection: self-signed certificate in certificate chain`
ELIFECYCLE Command failed with exit code 1.
ERROR: "check-db" exited with 1.
ELIFECYCLE Command failed with exit code 1.
Error: Command "pnpm run build" exited with 1
Looks like an underlying prisma issue. You can try sslmode=no-verify instead, even though its not the greatest solution.
For reference Plesk user here. Umami 2.19 with mysql was working great. Umami 3.0 with Postgresql, im not having any luck as of yet.
In short; New docker with the latest postgresql option. Only thing we add besides the default the DATABASE_URL And I have tried adding it with sslmode=no-verify sslmode=require and the like but all results lead to;
`
[email protected] start-docker /app npm-run-all check-db update-tracker start-server
[email protected] check-db /app node scripts/check-db.js
✓ DATABASE_URL is defined.
✓ Database connection successful.
✗
Invalid prisma.$queryRaw() invocation:
ELIFECYCLE Command failed with exit code 1. ERROR: "check-db" exited with 1. ELIFECYCLE Command failed with exit code 1. `
Using SKIP_DB_CHECK lets my run the APP but the it starts throwing the following as soon as I try to login
"Failed to execute 'json' on 'Response': Unexpected end of JSON input"
And the logs note;
{ code: 'ECONNREFUSED', meta: { modelName: 'Website' }, clientVersion: '6.18.0', name: 'PrismaClientKnownRequestError', message: '\nInvalid prisma.website.findUnique()invocation:\n\n\n', stack: 'PrismaClientKnownRequestError: \n' + 'Invalidprisma.website.findUnique() invocation:\n' + '\n' + '\n' + '\n' + ' at di.handleRequestError (/app/node_modules/.pnpm/@[email protected][email protected][email protected][email protected]/node_modules/@prisma/client/runtime/client.js:81:7268)\n' + ' at di.handleAndLogRequestError (/app/node_modules/.pnpm/@[email protected][email protected][email protected][email protected]/node_modules/@prisma/client/runtime/client.js:81:6593)\n' + ' at di.request (/app/node_modules/.pnpm/@[email protected][email protected][email protected][email protected]/node_modules/@prisma/client/runtime/client.js:81:6300)\n' + ' at process.processTicksAndRejections (node:internal/process/task_queues:105:5)\n' + ' at async a (/app/node_modules/.pnpm/@[email protected][email protected][email protected][email protected]/node_modules/@prisma/client/runtime/client.js:90:9551)\n' + ' at async d (/app/.next/server/chunks/[root-of-the-server]__4c722713._.js:1825:1336)\n' + ' at async k (/app/.next/server/chunks/[root-of-the-server]__0b84f1fd._.js:11:35809)\n' + ' at async rN.do (/app/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-route-turbo.runtime.prod.js:5:21042)\n' + ' at async rN.handle (/app/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-route-turbo.runtime.prod.js:5:25860)\n' + ' at async d (/app/.next/server/chunks/[root-of-the-server]__8f7948e4._.js:1:3075)' } }
And to make sure the connection works in before all this I did the migration for my mysql db to a postgresql one with pgloader;
`# pgloader --cast "type datetime to timestamp drop default drop not null using zero-dates-to-null" --no-ssl-cert-verification mysql://XXXXX:${PMYSQL}@localhost/XXXXX postgresql://XXXX:XXXX@localhost/XXXXX
2025-11-09T13:27:40.017000Z LOG pgloader version "3.6.7~devel" 2025-11-09T13:27:40.058001Z LOG Migrating from #<MYSQL-CONNECTION mysql://XXXXXX@localhost:3306/XXXXX {1005B699F3}> 2025-11-09T13:27:40.058001Z LOG Migrating into #<PGSQL-CONNECTION pgsql://XXXXX@localhost:5432/XXXXX {1005D330F3}> 2025-11-09T13:27:46.728056Z WARNING PostgreSQL warning: identifier "idx_25268_website_event_website_id_created_at_referrer_domain_idx" will be truncated to "idx_25268_website_event_website_id_created_at_referrer_domain_i"
2025-11-09T13:27:49.955081Z LOG report summary reset table name errors rows bytes total time
fetch meta data 0 85 0.070s
Create Schemas 0 0 0.001s
Create SQL Types 0 0 0.008s
Create tables 0 24 0.031s
Set Table OIDs 0 12 0.005s
umamidb.website_event 0 256571 103.1 MB 6.462s
umamidb.session 0 138621 20.2 MB 2.030s
umamidb._prisma_migrations 0 13 2.2 kB 3.538s umamidb."user" 0 4 0.6 kB 3.582s umamidb.revenue 0 0 3.605s umamidb.session_data 0 0 3.617s umamidb.team_user 0 0 3.628s umamidb.event_data 0 35415 7.8 MB 0.692s umamidb.website 0 6 1.2 kB 0.020s umamidb.report 0 0 0.029s umamidb.segment 0 0 0.068s umamidb.team 0 0 0.165s
COPY Threads Completion 0 4 6.460s Create Indexes 0 73 26.857s Index Build Completion 0 73 2.001s Reset Sequences 0 0 0.022s Primary Keys 0 12 1.204s Create Foreign Keys 0 0 0.000s Create Triggers 0 0 0.001s Set Search Path 0 1 0.001s Install Comments 0 0 0.000s
Total import time ✓ 430630 131.2 MB 36.546s
#`
So I am a bit unsure as what I can do to get it to work but the Postgresql db should be reachable etc according to the above and "✓ Database connection successful."
Any help would of course be greatly appreciated :)
@PatrickD1985 Can you create a separate issue and i can help you in that thread. Seems like a prisma/build issue, but I would need to research further
Will do @franciscao633 At work atm, but I'll try with an older version of postgresql first (was running the latest 18.0) And if that also does not work I'll make a new issue with all the info gathered.
Will do @franciscao633 At work atm, but I'll try with an older version of postgresql first (was running the latest 18.0) And if that also does not work I'll make a new issue with all the info gathered.
I am running in the same issue and I am still on v17. On the previous version (< v3) this also worked fine.
Changiny my connectionstring like this resolved it for me:
postgresql://umami:REDACTED@IP:5432/umami?sslmode=no-verify
Hope it helps.
When I set sslmode=no-verify I no longer see the no pg_hba.conf error but now I see this. Upgrading from v2.17.0.
> [email protected] check-db /app
> node scripts/check-db.js
✓ DATABASE_URL is defined.
✓ Database connection successful.
UMAMI_DB | 2025-11-12 15:27:37.848 UTC [62] FATAL: role "postgres" does not exist
✓ Database version check successful.
Error: request to https://binaries.prisma.sh/all_commits/34b5a692b7bd79939a9a2c3ef97d816e749cda2f/linux-musl-arm64-openssl-3.0.x/schema-engine.gz.sha256 failed, reason: unable to get local issuer certificate
✗ Command failed: prisma migrate deployWatch
Error: request to https://binaries.prisma.sh/all_commits/34b5a692b7bd79939a9a2c3ef97d816e749cda2f/linux-musl-arm64-openssl-3.0.x/schema-engine.gz.sha256 failed, reason: unable to get local issuer certificate
This impacts every Azure installation as well, since Postgresql on Azure ALWAYS has ssl mode 'require'. Had to downgrade to umami:postgresql-v2.19.0
Azure users cant upgrade to 3.x until this is resolved
