Open seaparks opened 7 years ago
Update to this. What I wrote above actually doesn't work -- sslmode=require needs to be added to the URI entered at the time of installation. Failure to do that means changing it in the UI won't do anything.
Looks like our solution isn't a good fit after all:
good eye. can you close this and instead write up a ticket in the agents repo (prefixed with 'csupport') that we have to detect heroku and add sslmode=require to the URL?
I'm not convinced this should be handled in the agents side. From etc/vc-vars.sh we have two points that requires further investigation:
if [[ -z "$DATABASE_URL" ]]; then
echo "Looks like the DATABASE_URL is not set. Run: heroku config:add DATABASE_URL=<your database url>."
exit 1
fi
The value for the variable DATABASE_URL from this agents-dedicated Dyno should be fetched from the application/database Dyno and updated (or checked for updates) constantly - otherwise our monitoring might broken suddenly if the customer's application is migrated to a different host by Heroku itself. I have the impression this is not being done.
Also, we have:
export VC_DRV_MANUAL_HOST_URI="$DATABASE_URL"
This is probably a good place to test whether $DATABASE_URL includes 'sslmode=require' in its string and possibly append it as a suffix if not: export VC_DRV_MANUAL_HOST_URI="$DATABASE_URL?sslmode=require"
My proposed workaround for a customer ($ heroku config:set DATABASE_URL=postgres://user>:<password>@<host:
Oh, whoops - you're right, we can just add it during the assignment to the VC metric.
We can't naively add ?sslmode=require but I'll leave that as an exercise for a developer smarter than me.
Heroku PostgreSQL requires
sslmode=require
. We support this simply by flipping on SSL mode in the host credentials dialog and picking 'require', but the instructions here don't mention that.