search

asciinema / asciinema-server

Platform for hosting and sharing terminal session recordings
https://docs.asciinema.org/manual/server/
Apache License 2.0
2.31k stars 265 forks source link

Postgres SSL issue #378

Closed pratikbin closed 1 year ago

pratikbin commented 3 years ago

Thanks for the amazing app,

Getting an error when using it with digitalocean's postgres 12 setting DATABASE_URL: postgresql://asciinema:mypass@xxxx:xxx/asciinemadb?sslmode=require FYI I quadruple check all the configs and still getting this error when running setup command with docker image asciinema/asciinema

11:51:36.974 [error] Postgrex.Protocol (#PID<0.207.0>) failed to connect: ** (Postgrex.Error) ERROR 08P01 (protocol_violation) SSL required
11:51:36.974 [error] Postgrex.Protocol (#PID<0.206.0>) failed to connect: ** (Postgrex.Error) ERROR 08P01 (protocol_violation) SSL required
11:51:38.222 [error] Postgrex.Protocol (#PID<0.206.0>) failed to connect: ** (Postgrex.Error) ERROR 08P01 (protocol_violation) SSL required
11:51:38.428 [error] Postgrex.Protocol (#PID<0.207.0>) failed to connect: ** (Postgrex.Error) ERROR 08P01 (protocol_violation) SSL required
11:51:39.503 [error] Could not create schema migrations table. This error usually happens due to the following:

  * The database does not exist
  * The "schema_migrations" table, which Ecto uses for managing
    migrations, was defined by another library
  * There is a deadlock while migrating (such as using concurrent
    indexes with a migration_lock)

To fix the first issue, run "mix ecto.create".

To address the second, you can run "mix ecto.drop" followed by
"mix ecto.create". Alternatively you may configure Ecto to use
another table for managing migrations:

    config :asciinema, Asciinema.Repo,
      migration_source: "some_other_table_for_schema_migrations"

The full error report is shown below.

** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2813ms. This means requests are coming in and your connection pool cannot serve them fast enough. You can address this by:

  1. By tracking down slow queries and making sure they are running fast enough
  2. Increasing the pool_size (albeit it increases resource consumption)
  3. Allow requests to wait longer by increasing :queue_target and :queue_interval

See DBConnection.start_link/2 for more information

    (ecto_sql 3.4.5) lib/ecto/adapters/sql.ex:593: Ecto.Adapters.SQL.raise_sql_call_error/1
    (elixir 1.10.4) lib/enum.ex:1396: Enum."-map/2-lists^map/1-0-"/2
    (ecto_sql 3.4.5) lib/ecto/adapters/sql.ex:686: Ecto.Adapters.SQL.execute_ddl/4
    (ecto_sql 3.4.5) lib/ecto/migrator.ex:641: Ecto.Migrator.verbose_schema_migration/3
    (ecto_sql 3.4.5) lib/ecto/migrator.ex:484: Ecto.Migrator.lock_for_migrations/4
    (ecto_sql 3.4.5) lib/ecto/migrator.ex:406: Ecto.Migrator.run/4
    (asciinema 0.0.1) lib/asciinema/release_tasks.ex:8: anonymous fn/1 in Asciinema.ReleaseTasks.setup/0
    (ecto_sql 3.4.5) lib/ecto/migrator.ex:142: Ecto.Migrator.with_repo/3
ku1ik commented 3 years ago

I guess this line could be preventing you from using SSL here: https://github.com/asciinema/asciinema-server/blob/2d86f311381540790cdd8a748df486c039921da7/config/prod.exs#L48

If you have ability to bind-mount a custom config file into the container then maybe this will help:

Create custom.exs file with the following contents:

import Config
config :asciinema, Asciinema.Repo,  ssl: true

Then mount this file into the container like this:

-v ./custom.exs:/opt/app/etc/custom.exs

I hope this helps!

pratikbin commented 3 years ago

Ill try this today later

pratikbin commented 3 years ago

@sickill i tried to add below in custom.exsand mount it to /opt/app/etc/custom.exs as you said but getting error

import Config
config :asciinema, Asciinema.Repo, ssl: true, pool_size: 2

error

** (EXIT from #PID<0.165.0>) an exception was raised:
    ** (RuntimeError) SSL connection can not be established because `:ssl` application is not started,
you can add it to `extra_application` in your `mix.exs`:

  def application do
    [extra_applications: [:ssl]]
  end

        (postgrex 0.15.5) lib/postgrex.ex:554: Postgrex.ensure_deps_started!/1
        (postgrex 0.15.5) lib/postgrex.ex:496: Postgrex.child_spec/1
        (ecto_sql 3.4.5) lib/ecto/adapters/sql.ex:459: Ecto.Adapters.SQL.init/3
        (ecto 3.4.6) lib/ecto/repo/supervisor.ex:178: Ecto.Repo.Supervisor.init/1
        (stdlib 3.12.1) supervisor.erl:295: :supervisor.init/1
        (stdlib 3.12.1) gen_server.erl:374: :gen_server.init_it/2
        (stdlib 3.12.1) gen_server.erl:342: :gen_server.init_it/6
        (stdlib 3.12.1) proc_lib.erl:249: :proc_lib.init_p_do_apply/3
ku1ik commented 3 years ago

I assume you're using latest image tag, right? I have now pushed a tweak to develop branch which may help. You can grab this version by using asciinema/asciinema-server:develop as the image name.

It also looks like instead of using ?sslmode=require you should use ?ssl=true in the DATABASE_URL (Postgres connection lib docs show that https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options). If you update the URL then you don't need the /opt/app/etc/custom.exs file at all.

Let me know if it works with the develop image tag, I hope the tweak does it 🤞

pratikbin commented 3 years ago

ill try this today, thanks

pratikbin commented 3 years ago

so i tried using develop image with ?ssl=truewithout using cusom.exs

 09:34:18.409 [error] Postgrex.Protocol (#PID<0.234.0>) failed to connect: ** (Postgrex.Error) FATAL 28000 (invalid_authorization_specification) no pg_hba.conf entry for host "10.2.0.5", user "asciinema", database "asciinema", SSL off
 09:34:18.409 [error] Postgrex.Protocol (#PID<0.233.0>) failed to connect: ** (Postgrex.Error) FATAL 28000 (invalid_authorization_specification) no pg_hba.conf entry for host "10.2.0.5", user "asciinema", database "asciinema", SSL off
 09:34:19.607 [error] Postgrex.Protocol (#PID<0.234.0>) failed to connect: ** (Postgrex.Error) FATAL 28000 (invalid_authorization_specification) no pg_hba.conf entry for host "10.2.0.5", user "asciinema", database "asciinema", SSL off
 09:34:19.854 [error] Postgrex.Protocol (#PID<0.233.0>) failed to connect: ** (Postgrex.Error) FATAL 28000 (invalid_authorization_specification) no pg_hba.conf entry for host "10.2.0.5", user "asciinema", database "asciinema", SSL off
 09:34:21.143 [error] Postgrex.Protocol (#PID<0.234.0>) failed to connect: ** (Postgrex.Error) FATAL 28000 (invalid_authorization_specification) no pg_hba.conf entry for host "10.2.0.5", user "asciinema", database "asciinema", SSL off
 09:34:21.187 [error] Could not create schema migrations table. This error usually happens due to the following:

   * The database does not exist
   * The "schema_migrations" table, which Ecto uses for managing
     migrations, was defined by another library
   * There is a deadlock while migrating (such as using concurrent
     indexes with a migration_lock)

 To fix the first issue, run "mix ecto.create".

 To address the second, you can run "mix ecto.drop" followed by
 "mix ecto.create". Alternatively you may configure Ecto to use
 another table for managing migrations:

     config :asciinema, Asciinema.Repo,
       migration_source: "some_other_table_for_schema_migrations"

 The full error report is shown below.

 ** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2893ms. This means requests are coming in and your connection pool cannot serve them fast enough. You can address this by:

   1. By tracking down slow queries and making sure they are running fast enough
   2. Increasing the pool_size (albeit it increases resource consumption)
   3. Allow requests to wait longer by increasing :queue_target and :queue_interval

 See DBConnection.start_link/2 for more information

     (ecto_sql 3.4.5) lib/ecto/adapters/sql.ex:593: Ecto.Adapters.SQL.raise_sql_call_error/1
     (elixir 1.11.4) lib/enum.ex:1411: Enum."-map/2-lists^map/1-0-"/2
     (ecto_sql 3.4.5) lib/ecto/adapters/sql.ex:686: Ecto.Adapters.SQL.execute_ddl/4
     (ecto_sql 3.4.5) lib/ecto/migrator.ex:641: Ecto.Migrator.verbose_schema_migration/3
     (ecto_sql 3.4.5) lib/ecto/migrator.ex:484: Ecto.Migrator.lock_for_migrations/4
     (ecto_sql 3.4.5) lib/ecto/migrator.ex:406: Ecto.Migrator.run/4
     (asciinema 0.0.1) lib/asciinema/release_tasks.ex:8: anonymous fn/1 in Asciinema.ReleaseTasks.setup/0
     (ecto_sql 3.4.5) lib/ecto/migrator.ex:142: Ecto.Migrator.with_repo/3
pratikbin commented 3 years ago

and with below config and with/without ?ssl=true in db URL getting no logs like none

@sickill i tried to add below in custom.exsand mount it to /opt/app/etc/custom.exs as you said but getting error

import Config
config :asciinema, Asciinema.Repo, ssl: true, pool_size: 2