This is a Heroku buildpack that allows one to connect to a postgresql instance that requires ssl with a base system that doesn't support ssl.
The primary use case for this buildpack was for deploying a system running
asyncpg 0.5.4 with python 3.5
which at the time of writing did not have support for connecting to postgresql
with ssl.
First you need to set this buildpack as your initial buildpack with:
$ heroku buildpacks:add -i 1 https://github.com/tristan/heroku-buildpack-pgsql-stunnel.gitThen confirm you are using this buildpack as well as your language buildpack like so:
$ heroku buildpacks
=== frozen-potato-95352 Buildpack URLs
1. https://github.com/tristan/heroku-buildpack-pgsql-stunnel.git
2. heroku/pythonFor more information on using multiple buildpacks check out this devcenter article.
The buildpack currently only supports one database and the client must connect
to a specific port set by stunnel. Set your database configuration host
variable to: /tmp/.s.PGSQL.6101
Next, for each process that should connect to Postgresql securely, you will need
to preface the command in your Procfile with bin/start-stunnel. In this
example, we want the web process to use a secure connection to Heroku
Postgresql:
$ cat Procfile
web: bin/start-stunnel python -m toshiapp --port=$PORT --config=$CONFIGFILEWe're then ready to deploy to Heroku with an encrypted connection between the dynos and Heroku Redis:
$ git push heroku masterPGSQL_STUNNEL_ENABLED : Set to 0 to disable the stunnel (default 1)
ENABLE_STUNNEL_AMAZON_RDS_FIX : Enable this option to prevent stunnel failure with Amazon RDS when a dyno resumes after sleeping
STUNNEL_LOGLEVEL : debug config option for stunnel (default notice).
STUNNEL_CONNECTION_RETRY : retry config option for stunnel (default no).