I keep getting this error:
Error: self signed certificate
When running this command in the terminal:
knex migrate:latest --env production
My knexfile.js
require('dotenv').config();
module.exports = {
development: {
client: "pg",
connection: {
host: "localhost",
database: "my-movies"
}
},
production: {
client: "pg",
connection: process.env.DATABASE_URL
}
};
My .env file:
DATABASE_URL=<my_database_url>?ssl=true
Heroku app info:
Addons: heroku-postgresql:hobby-dev
Auto Cert Mgmt: false
Dynos:
Git URL: https://git.heroku.com/path-name.git
Owner: xxxxxxxxx#xxxx.com
Region: us
Repo Size: 0 B
Slug Size: 0 B
Stack: heroku-18
Web URL: https://my-appname.herokuapp.com/
I've tried putting a key value pair in the production in the knexfile of ssl: true and I get the same error. I've done it this way in the past many, many times and have never had this issue. Wondering if Heroku has changed anything but while searching their docs I couldn't find anything.
The following config at knexfile.js worked for me.
...
production: {
client: 'postgresql',
connection: {
connectionString: process.env.DATABASE_URL,
ssl: { rejectUnauthorized: false }
}
}
...
where the DATABASE_URL is what you get by running heroku config --yourAppName
This is due to a breaking change in pg#^8 (2020/02/25) cf. this heroku help forum.
You can get the full pg#^8 announcement but here is the relevant passage:
Now we will use the default ssl options to tls.connect which includes rejectUnauthorized being enabled. This means your connection attempt may fail if you are using a self-signed cert.
And it seems heroku is using self-signed certificates somewhere.
possible solutions:
downgrade to pg#^7
instruct pg#^8 to ignore problematic certificates ssl: { rejectUnauthorized: false } (see announcement linked above)
find a way to download and trust the certificate instructions
The ssl: { rejectUnauthorized: false } pg config isn't working for me at the moment either.. but I found a temporary (maybe permanent) solution via the heroku docs
Set the following config var:
heroku config:set PGSSLMODE=no-verify
If you are using a config like:
...
production: {
client: 'postgresql',
connection: {
connectionString: process.env.DATABASE_URL,
ssl: { rejectUnauthorized: false }
}
}
...
...and it still isn't working for you, make sure you don't have a ?ssl=true or sslmode set in DB your connection string.
If ssl is set in your connection string it will override the ssl part of your config, meaning behavior is equivalent to:
...
production: {
client: 'postgresql',
connection: {
connectionString: process.env.DATABASE_URL,
ssl: true
}
}
...
Removing the ssl entry from your connection string will fix the problem.
What worked for me was not using just a connection string but also adding the CA from my database as an option to the connection object in knex.
production: {
client: 'postgresql',
connection: {
connectionString: process.env.DATABASE_URL,
ssl: {
rejectUnauthorized: false,
ca: process.env.POSTGRES_CA,
}
}
}
Related
So i made a simply express server connected with a database. On localhost it connects with database perfectly but on deployment it shows an error like that
{"code":"ESOCKET","originalError":{"code":"ESOCKET"},"name":"ConnectionError"}
On sql Server everything is set perfectly.
my configuration looks like that:
const config={
user: 'xxxxx',
password: 'xxxxxxx',
server: 'public_ip_from_sql',
database: 'data_base',
debug:true,
port: 1433,
client:"mssql",
options: {
encrypt: false,
enableArithAbord:true,
trustServerCertificate: true,
validateBulkLoadParameters:true,
},
connectionTimeout:150000,
pool:{
max:10,
min:0,
idleTimeoutMillis:3000
}
}
I am hosting it on Plesk nginx server. i havent find any solution to solve this problem.
My server has an SSL certificate, and the domain works fine with https. I ran "npm install peer", and then ran this javascript:
const { PeerServer } = require('peer');
const peerServer = PeerServer({
port: 9000,
path: '/myapp'
});
It worked, but only under http, and if secure:false. This URL returned the correct JSON:
http://www.example.com:9000/myapp
I then removed the 'port9000' PeerJS Server, and ran this javascript, so it would hopefully work with secure:true:
const { PeerServer } = require('peer');
const peerServer = PeerServer({
port: 443,
ssl: {
key: fs.readFileSync('my.key'),
cert: fs.readFileSync('my.crt')
},
path: '/myapp2'
});
This did not work. The following URL returned a blank directory, and no JSON:
https://www.example.com:443/myapp2
My server is running CentOS v. 7.8 64 bit, and it uses httpd.
Let me know if it will be easier to configure a port that is not "well-known" (i.e. not 443) to use for https communication with the PeerJS Server, so I can set "secure: true" in the client script.
The jira-client works fine when not specifying a port, but I need to get to a Jira instance that uses a port. Anyone know how to do this? Maybe an env variable?
const JiraApi = require('jira-client');
const jira = new JiraApi({
protocol: 'https',
host: 'greenhopper.app.company.com:8080',
...
});
Unfortunately, the library reports the error:
cause: Error: getaddrinfo ENOTFOUND greenhopper.app.company.com:8080
You can set the port when creating the Jira client
jira = new JiraApi({
protocol: 'https',
host: config.host,
port: config.port, // Here
apiVersion: 'latest',
strictSSL: true,
oauth: oauthConfig
});
Here are all the options from the code-jira-client docs
I have the following code in a file called knexfile.js
module.exports = {
development: {
client: 'mysql',
connection: {
database: 'myDatabase',
timezone: 'Z',
user: 'root',
password: 'myPassword',
host: '127.0.0.1'
},
pool: {
min: 2,
max: 10
},
migrations: {
tableName: 'myMigrationTable'
}
}
};
myPassword from the code above is in plaintext. On my production server, I definitely don't want my password in plaintext in my code that my application uses to authenticate with my database. I also wouldn't want it laying around in a file in plaintext on my server.
Is there a way in knex or node to easily handle securely logging into my database? Should I just simply encrypt my password, leave it in a file on my server, and decrypt it using my webapp when it's going to log in?
Best practice would be using environment variable.
knex = require('knex')({
client: 'mysql',
connection: process.env.DATABASE_URL
})
I have a node.js app using the sails.js framework and I'm trying to deploy this app on the bluemix cloud service.
I am trying a MongoDB instance in compose.io and I have a rather standard connection configuration in my local.js file:
connectMongo: {
adapter: 'sails-mongo',
host: 'sl-eu-lon-2-portal.1.dblayer.com',
port: 10438,
database: 'some-db'
}
It is not working. It's not deploying.
The error it gives is:
ERR error: A hook (`orm`) failed to load!
ERR error: Error: Failed to connect to MongoDB.
This means, of course, that the database is
But strangely it also gives this
ERR { [MongoError: connect ECONNREFUSED 127.0.0.1:27017]
Which doesn't make any sense, as I am not using port 27017, as noted above I am using 10438.
The app is running locally, so I get that I am missing something on connecting to the database via the bluemix configurations, but I can't understand how come the 27017 pops up there.
So your setup seems correct. Compare it with my setup:
env/production.js
connections: {
prodMongoDb: {
adapter: 'sails-mongo',
host: process.env.MONGO_PORT_27017_TCP_ADDR,
port: 27017,
database: 'my_database'
}
},
models: {
connection: 'prodMongoDb',
migrate: 'safe'
}
env/development.js
connections: {
devMongoDb: {
adapter: 'sails-mongo',
host: 'localhost',
port: 27017,
database: 'my_database'
}
},
models: {
connection: 'devMongoDb',
migrate: 'safe'
}
The fact that you are specifying a port 10438 but get an error regarding 27017 means that sails is not picking up your connection definition. How do you start your app?
Starting it like this:
npm start NODE_ENV="production"
will make sails pick up the production config.