Describe the bug
In any hasura-backend-plus version released after v2.4.0, the container throws a warning if the PostgreSQL connection string uses sslmode=required and the used certificate on the database server is self-signed. This seems to prevent HBP from starting and results in a restart loop.
To Reproduce
Steps to reproduce the behavior:
Setup a recent version of HBP and Hasura with any valid config (example below)
Use a SSL connection string i.e. postgresql://user:pass@my-db-hosting.com:25060/default?sslmode=require on a SSL enabled database
Check the container logs
Expected behavior
HBP should start regardless of the warning.
Output
yarn run v1.22.5
$ node -r ./dist/start.js
Applying migrations
(node:27) UnhandledPromiseRejectionWarning: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:375:28)
at TLSSocket.emit (domain.js:470:12)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:27) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:27) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Done in 2.36s.
Additional context
The managed database hosting I used in this case was at Digitalocean. They provide a certificate to download but it's not possible to use a non-SSL connection.
The docker-compose.yaml below setups Hasura, HBP and PostgreSQL with SSL (tested on a DO Hasura Droplet with Ubuntu 18.04)
Describe the bug In any hasura-backend-plus version released after
v2.4.0
, the container throws a warning if the PostgreSQL connection string usessslmode=required
and the used certificate on the database server is self-signed. This seems to prevent HBP from starting and results in a restart loop.To Reproduce Steps to reproduce the behavior:
postgresql://user:pass@my-db-hosting.com:25060/default?sslmode=require
on a SSL enabled databaseExpected behavior HBP should start regardless of the warning.
Output
Additional context The managed database hosting I used in this case was at Digitalocean. They provide a certificate to download but it's not possible to use a non-SSL connection.
The
docker-compose.yaml
below setups Hasura, HBP and PostgreSQL with SSL (tested on a DO Hasura Droplet with Ubuntu 18.04)