Can't connect to RDS database due to SSL

plankanban / planka

The realtime kanban board for workgroups built with React and Redux.

https://planka.app

GNU Affero General Public License v3.0

7.32k stars 676 forks source link

Can't connect to RDS database due to SSL #730

Open sleao opened 2 months ago

sleao commented 2 months ago

Hi, I'm trying to use Planka with a RDS Postgres and I can't seem to figure out how to setup SSL. I tried everything from #696 and it still won't connect. Sometimes I get the error: error: no pg_hba.conf entry for host "xxx.xxx.xxx.xxx", user "kanban", database "planka", no encryption error message and other times, this:

node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^
Error: self-signed certificate in certificate chain
    at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
    at TLSSocket.emit (node:events:517:28)
    at TLSSocket._finishInit (node:_tls_wrap:1070:8)
    at ssl.onhandshakedone (node:_tls_wrap:856:12) {
  code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
Node.js v18.20.2

Any ideas on what to do here? this is what my variables look like:

BASE_URL=http://localhost:3000
DATABASE_URL=postgresql://planka:password@host/planka?ssl=true
SECRET_KEY=secretkey
PGSSLMODE=require

daniel-hiller commented 2 months ago

Hi, You are using a self signed certificate You have to use this variable too '''

KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

'''

sleao commented 2 months ago

Hi, You are using a self signed certificate You have to use this variable too '''

KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

'''

That didn't work, I'm still getting the "SELF_SIGNED_CERT_IN_CHAIN" error.

daniel-hiller commented 2 months ago

can you test the connection the db host using the cli?

psql -d "dbname=postgres sslmode=require" -h psql.example.com -U postgres

you need to install the psql client first apt install postgresql-client

sleao commented 2 months ago

can you test the connection the db host using the cli?

psql -d "dbname=postgres sslmode=require" -h psql.example.com -U postgres

you need to install the psql client first apt install postgresql-client

Yes I can, I can also connect via Beekeeper and pgadmin, if that helps.

daniel-hiller commented 2 months ago

okay give me a bit time, i will install postgresql with ssl to test

sleao commented 2 months ago

If you need some help, let me know, we can work this out together.

whims-services commented 1 month ago

Hi @sleao,

I could connect on my RDS with dburl: as value in helm chart with this connexion string : "postgres://<user>:<password>@<rds_endpoint>:5432/planka?sslmode=disable&connect_timeout=10"

My settings form RDS is just adding a custom parameter group with rds.force_ssl=0 and restart the RDS for apply the changes. Check this link for more informations.

After that, just got (process:20): VIPS-WARNING **: 13:11:31.773: threads clipped to 1024 but if my container restart the datas are still there.

I hope it will help !