I have a postgres RDS instance which my Node.js web application running on an EC2 instance is not able to connect to. The error in my EC2 node logs is: error: password authentication failed for user "ubuntu"
I can confirm that I have the right username, password, database name, etc because it is working correctly on the development build on my machine. I copied all the .env parameters exactly into my ec2 machine for the production build. When attempting to connect to RDS on my production application web page, it fails. I have restarted my Node.js server multiple times and have rebooted the whole ec2 machine. I have confirmed that the env variables are there with printenv.
What would you recommend trying to fix this issue?
EDIT for more details: My nodejs setup should be correct because my nodejs server will call some external APIs that do not require my postgres database and those calls work properly.
EDIT2: This is strange because my username for RDS is postgres, while my username for EC2 is ubuntu. I wonder if somehow there's some clash between env variables. I checked printenv but didn't find any though
EDIT3: See comments for my workaround.
I would suggest to test the database credentials by directly connecting to RDS database using psql client on EC2 instance.
I have a Laravel application running on Google Compute Engine instance. I have configured it to connect to a Cloud SQL database Instance, when I SSH to the VM and run php artisan migrate everything runs smoothly. But when I open the application in a browser I get this Error SQLSTATE[HY000] [2002] Permission denied I cant figure out what is going wrong here, I have tried cloud sql proxy but still the application cant establish a DB connection when accessed from a browser. Can anyone figure out the cause of this weird behavior.
I solved this by enabling httpd_can_network_connect_db flag in selinux by running this command.
sudo setsebool -P httpd_can_network_connect_db=1
I also faced another issue with SELinux with redis and solved it by running this command.
sudo semanage port -m -t http_port_t -p tcp 6379
My application uses the blazer gem for visualizing DB queries.
During the setup I've encountered the following error:
FATAL: no pg_hba.conf entry for host "111.22.33.44", user "blazer", database "my_db", SSL off
My application is hosted on EngineYard and uses PostgreSQL.
How can I find and modify the pg_hba.conf on EngineYard?
upd
I do have SSH access to EngineYard cloud.
Instance: General Purpose (M3) Large.
OS: EngineYard's Gentoo.
You can try the following steps. I've assumed that your DB name is my_db.
Connect to the instance via SSH (the link can be found on the EngineYard environment page)
Connect to the
database as superuser psql -U postgres -h localhost -d
my_db. If you don't have the password, check your database secrets here /data/my_db/current/config/database.yml
After connecting to DB identify location of hba file by typing SHOW
hba_file;
Quit psql by typing \q
Use previously identified path to open the hba_file file and add the missing user. E.g via vim sudo vim /db/postgresql/9.5/data/pg_hba.conf. Note the sudo command
The use should be added under # IPv4 postgres
user for 10.x with md5:
Connect to the database again
Reload the configuration via select pg_reload_conf(); command
After all steps are performed, Blazer queries should be accessible.
Part of an install includes a postgres database install. The database is running and the App that uses it is connecting fine.
I want to use the postgres install for some of my own reporting needs. I've got a fair way to getting to the database but I am stumped at the last bit.
I can do a psql -h /path/to/socket but get
psql: FATAL: authentication failed for user "postgres": invalid authentication method.
I have gone in to the pg_hba.conf and the only lines not commented are:
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
As far as I can see this should mean any local attempt at connection would be trusted and therefore OK.
I've tried with specifying different users (root, me, etc) and always get the same reply. Any ideas how I can access the server?
I'm trying to perform a relatively trivial task: I want to connect to a Heroku database. I have created the database and have been issued credentials from the Heroku site. However, when I try to connect to this database using anything besides the terminal 'heroku' command line client, I get fatal errors or cannot connect errors.
The two tools that I tried to connect with outside of the Heroku terminal application are: Navicat and IntelliJ.
The error that I receive in Navicat when trying to connect to the database is:
could not connect to server: Host is down
Is the server running on host "ec2-107-21-112-215.compute-1.amazonaws.com" and accepting
TCP/IP connections on port 5432?
My connection settings are as follows:
Connection Name Heroku Dev Test
Host Name/IP Address ec2-107-21-112-215.compute-1.amazonaws.com
Port 5432
Navicat doesn't even seem to be making an attempt to connect to that hostname.
When I try to connect with IntelliJ, using the full credentials, I get the following error:
java.sql.SQLException: FATAL: no pg_hba.conf entry for host "75.168.4.146", user "rphbqggxeokuxl", database "dc008iqk0rq4j5", SSL off
Again, I'm using the credentials that the Heroku application provides me with when accessing my database on their website.
Has anyone ran into this Heroku connection issue before?
I also had the issue with the FATAL: no pg_hba.conf entry for host error message.
I solved the connection issue to my Heroku Postgres database by adding the following to my JDBC string: &ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory.
Example
jdbc:postgresql://host:port/database?user=username&password=secret&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
You will need the SSL option only if SSL is enabled for your Postgres database (which is the default).
Hint
If you want to check your database connection properties, then just run the following command with the Heroku Toolbelt: heroku pg:info --app your-heroko-appname (make sure that you have Postgres insalled to run this command in your terminal)
The pg:info command will also tell you that sslmode is set to require.
To test the database connection I recommend SQL Power Architect as it is the tool which I was using to check my solution.
Heroku provides this information for connecting from external sources:
https://devcenter.heroku.com/articles/heroku-postgresql#external-connections-ingress
The second error message indicates PostgreSQL is not configured to accept the connection you're trying to make. Given the information Heroku provides, a good guess is that you're not connecting with SSL. Try to enable that on your connection.
Here are instructions for using SSL with Navicat: http://mirror.navicat.com/manual/online_manual/en/navicat/rv_manual/ClientCert.html.
This may be helpful in configuring Intellij to use SSL: https://devcenter.heroku.com/articles/connecting-to-relational-databases-on-heroku-with-java#connecting-to-a-database-remotely.
IntelliJ -> Datasources and Drivers
After you've configured the host, database and user details under the General tab switch to the Advanced tab and ensure that you've added the following:
ssl = true
sslfactory = org.postgresql.ssl.NonValidatingFactory
sslmode = require
You may consider setting a ENVIRONMENT CONFIG VARIABLE 'PGSSLMODE' to 'require' via Heroku's web interface or CLI.
Case: Postgres dB set up as a Heroku add-on and attached to app on a Heroku Dyno.
Heroku's instructions unfortunately leave out any mention of how to activate SSL, even though it is required for any dB tier starting with Standard-0 by default.
Follow all of the pg-copy or pg-upgrade steps (preferred approach depends on your version of Postgres) in Heroku instructions; however, before decommissioning the old database (if relevant) -- add the PGSSLMODE environment variable.
The instructions sufficiently cover how to promote the new database (and, consequently set the DATABASE_URL), so no changes/modifications to them should be required.
Wanted to help others who might run into this.
If you're supplying the Username and Password in seperate fields rather than on the command line, you need to use a ? between the database name and ssl=true and discard the first &
jdbc:postgresql://host:port/database?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
That's the command line that finally allowed me to connect to a PostgreSQL database using SQL Power Architect
For those who might be using Spring Boot and having the configuration provided through the DATABASE_URL environment property (not system property), the suffix can be added to the property:
?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
and passed through with a slight modification to the config bean:
#Bean
public BasicDataSource dataSource() throws URISyntaxException {
URI dbUri = new URI(System.getenv("DATABASE_URL"));
String username = dbUri.getUserInfo().split(":")[0];
String password = dbUri.getUserInfo().split(":")[1];
StringBuilder dbUrl = new StringBuilder(128);
dbUrl.append("jdbc:postgresql://")
.append(dbUri.getHost()).append(":")
.append(dbUri.getPort())
.append(dbUri.getPath());
String query = dbUri.getQuery();
if (null != query && !query.isEmpty()) {
dbUrl.append("?").append(query);
}
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(dbUrl.toString());
basicDataSource.setUsername(username);
basicDataSource.setPassword(password);
return basicDataSource;
}
I'm using node.js and was trying to run my knex migrations for my Heroku app. I tried appending ?sslmode=require to the connection URL but it didn't work. I added ?ssl=true instead and now it works perfectly.
Here's an example Heroku PostgreSQL connection URL that works:
postgres://user:password#ec2-12-34-56-78.compute-99.amazonaws.com:port/databasename?ssl=true
Add or edit the following line in your postgresql.conf file :
listen_addresses = '*'
Add the following line as the first line of pg_hba.conf. It allows access to all databases for all users with an encrypted password:
TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 0.0.0.0/0 md5
Restart postgresql service:
net stop postgresql-9.0 & net start postgresql-9.0
(version should be based on your installation) -- On windows (run cmd as an administrator).
sudo service start postgresql -- On linux (or according to your linux distribution.)
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
ssl: {
rejectUnauthorized: false
}
});