Cli: How do I run the migration with SSL enabled?

Created on 15 Jul 2015  路  14Comments  路  Source: sequelize/cli

I'm trying to run a migration on a remote postgres host that requires SSL, passing --url=... on the command line. How do I enable SSL?

Most helpful comment

Got it to work by doing:

{
   "use_env_variable":"DB_CONNECTION_STRING",
   "dialect":"postgres",
   "ssl":true,
   "dialectOptions":{
      "ssl":{
         "require":true
      }
   }
}

Still would be much appreciated if ?ssl=true as part of the URL was supported

All 14 comments

I have the same question, but I am using the config file. I added "ssl": true, but it still does not connect via SSL.

+1

+1

Hm I have a bit of hard times to answer this question, as I don't have an SSL enabled endpoint available.

You can spin one up for free on Heroku.

:cool: Will try to do that ASAP (which is probably one evening during this week)

The SSL Heroku connection string looks something like:

postgres://username:[email protected]:5432/database?ssl=true

The ?ssl=true comes from Heroku's Docs. It is required when connecting remotely.

So back to sequelize, I try to pass this value into --url=..., including ?ssl=true and I get an error like:

Unable to connect to database: SequelizeConnectionError: no pg_hba.conf entry for host "12.34.56.78", user "username", database "database?ssl=true", SSL off

You'll notice that the database value that is being parsed includes the query parameter ?ssl=true and SSL is not being enabled.

Digging in a little bit, I see that urlStringToConfigHash ignores the query string.

It seems like two things might help here:

  1. Remove query string from database
  2. If ssl=true is being passed, enable it

// Tried this just for testing, and it doesn't work. How do we enable SSL? if (urlParts.query) { result = _.assign(result, { ssl: true }); }

Any thoughts?

My PR has been merged, could you test if specifying dialectOptions will work for postgres?

:warning: The dialectOptions PR #220 allows users to specify the requisite ssl options, fulfilling this issue as far as the ssl feature request component, but the --url parameter parsing is still broken. A flag named '--url' is reasonably expected to support valid URL forms, with or without query parameters. The database component is specified by the URI path, not including any part of the query.

It is unfortunate that node's url.parse incorrectly ambiguates the path component with the query component, and thus does not conform to RFC3986 terminology [1]. As such, urlStringToConfigHash should apparently be using the urlParts.pathname field, not urlParts.path, a fairly understandable mistake.

[1] "The path is terminated by the first question mark ("?") or number sign ("#") character, or by the end of the URI."

@gofish could you please give an example of how you solve this issue using dialectOptions for postgres.

@joshuakarjala You need to use a config file and specify "dialectOptions" with an "ssl" entry.

Example:

{
  "url": "postgres://localhost/database",
  "dialectOptions": {
    "ssl": {
      "ca": "path/to/ca.crt"
    }
}

The default config file is "config/config.json" (or config/config.js). Specify an alternative using --config .

Got it to work by doing:

{
   "use_env_variable":"DB_CONNECTION_STRING",
   "dialect":"postgres",
   "ssl":true,
   "dialectOptions":{
      "ssl":{
         "require":true
      }
   }
}

Still would be much appreciated if ?ssl=true as part of the URL was supported

Added @joshuakarjala comment into docs https://github.com/sequelize/cli/tree/master/docs#configuration-for-connecting-over-ssl

This seems to be related, but has slightly different information https://github.com/sequelize/cli/tree/master/docs#dialect-specific-options
It might also be incomplete however, https://stackoverflow.com/questions/43948920/how-to-connect-via-ssl-to-sequelize-db

Was this page helpful?
0 / 5 - 0 ratings

Related issues

rmoura-92 picture rmoura-92  路  4Comments

f1nnix picture f1nnix  路  4Comments

KaltZK picture KaltZK  路  5Comments

eharoldreyes picture eharoldreyes  路  3Comments

arndeash picture arndeash  路  3Comments