I'm trying to perform a relatively trivial task: I want to connect to a Heroku database. I have created the database and have been issued credentials from the Heroku site. However, when I try to connect to this database using anything besides the terminal 'heroku' command line client, I get fatal errors or cannot connect errors.
The two tools that I tried to connect with outside of the Heroku terminal application are: Navicat and IntelliJ.
The error that I receive in Navicat when trying to connect to the database is:
could not connect to server: Host is down
Is the server running on host "ec2-107-21-112-215.compute-1.amazonaws.com" and accepting
TCP/IP connections on port 5432?
My connection settings are as follows:
Connection Name Heroku Dev Test
Host Name/IP Address ec2-107-21-112-215.compute-1.amazonaws.com
Port 5432
Navicat doesn't even seem to be making an attempt to connect to that hostname.
When I try to connect with IntelliJ, using the full credentials, I get the following error:
java.sql.SQLException: FATAL: no pg_hba.conf entry for host "75.168.4.146", user "rphbqggxeokuxl", database "dc008iqk0rq4j5", SSL off
Again, I'm using the credentials that the Heroku application provides me with when accessing my database on their website.
Has anyone ran into this Heroku connection issue before?
I also had the issue with the FATAL: no pg_hba.conf entry for host error message.
I solved the connection issue to my Heroku Postgres database by adding the following to my JDBC string: &ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory.
Example
jdbc:postgresql://host:port/database?user=username&password=secret&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
You will need the SSL option only if SSL is enabled for your Postgres database (which is the default).
Hint
If you want to check your database connection properties, then just run the following command with the Heroku Toolbelt: heroku pg:info --app your-heroko-appname (make sure that you have Postgres insalled to run this command in your terminal)
The pg:info command will also tell you that sslmode is set to require.
To test the database connection I recommend SQL Power Architect as it is the tool which I was using to check my solution.
Heroku provides this information for connecting from external sources:
https://devcenter.heroku.com/articles/heroku-postgresql#external-connections-ingress
The second error message indicates PostgreSQL is not configured to accept the connection you're trying to make. Given the information Heroku provides, a good guess is that you're not connecting with SSL. Try to enable that on your connection.
Here are instructions for using SSL with Navicat: http://mirror.navicat.com/manual/online_manual/en/navicat/rv_manual/ClientCert.html.
This may be helpful in configuring Intellij to use SSL: https://devcenter.heroku.com/articles/connecting-to-relational-databases-on-heroku-with-java#connecting-to-a-database-remotely.
IntelliJ -> Datasources and Drivers
After you've configured the host, database and user details under the General tab switch to the Advanced tab and ensure that you've added the following:
ssl = true
sslfactory = org.postgresql.ssl.NonValidatingFactory
sslmode = require
You may consider setting a ENVIRONMENT CONFIG VARIABLE 'PGSSLMODE' to 'require' via Heroku's web interface or CLI.
Case: Postgres dB set up as a Heroku add-on and attached to app on a Heroku Dyno.
Heroku's instructions unfortunately leave out any mention of how to activate SSL, even though it is required for any dB tier starting with Standard-0 by default.
Follow all of the pg-copy or pg-upgrade steps (preferred approach depends on your version of Postgres) in Heroku instructions; however, before decommissioning the old database (if relevant) -- add the PGSSLMODE environment variable.
The instructions sufficiently cover how to promote the new database (and, consequently set the DATABASE_URL), so no changes/modifications to them should be required.
Wanted to help others who might run into this.
If you're supplying the Username and Password in seperate fields rather than on the command line, you need to use a ? between the database name and ssl=true and discard the first &
jdbc:postgresql://host:port/database?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
That's the command line that finally allowed me to connect to a PostgreSQL database using SQL Power Architect
For those who might be using Spring Boot and having the configuration provided through the DATABASE_URL environment property (not system property), the suffix can be added to the property:
?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
and passed through with a slight modification to the config bean:
#Bean
public BasicDataSource dataSource() throws URISyntaxException {
URI dbUri = new URI(System.getenv("DATABASE_URL"));
String username = dbUri.getUserInfo().split(":")[0];
String password = dbUri.getUserInfo().split(":")[1];
StringBuilder dbUrl = new StringBuilder(128);
dbUrl.append("jdbc:postgresql://")
.append(dbUri.getHost()).append(":")
.append(dbUri.getPort())
.append(dbUri.getPath());
String query = dbUri.getQuery();
if (null != query && !query.isEmpty()) {
dbUrl.append("?").append(query);
}
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(dbUrl.toString());
basicDataSource.setUsername(username);
basicDataSource.setPassword(password);
return basicDataSource;
}
I'm using node.js and was trying to run my knex migrations for my Heroku app. I tried appending ?sslmode=require to the connection URL but it didn't work. I added ?ssl=true instead and now it works perfectly.
Here's an example Heroku PostgreSQL connection URL that works:
postgres://user:password#ec2-12-34-56-78.compute-99.amazonaws.com:port/databasename?ssl=true
Add or edit the following line in your postgresql.conf file :
listen_addresses = '*'
Add the following line as the first line of pg_hba.conf. It allows access to all databases for all users with an encrypted password:
TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 0.0.0.0/0 md5
Restart postgresql service:
net stop postgresql-9.0 & net start postgresql-9.0
(version should be based on your installation) -- On windows (run cmd as an administrator).
sudo service start postgresql -- On linux (or according to your linux distribution.)
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
ssl: {
rejectUnauthorized: false
}
});
Related
I have a flask app running on Heroku with postgres database.
When trying to run the app localy on WSL2, the app runs, but when there is interaction with the db it curshes with the following error:
connection to server at "x-x-x-x-169.compute-1.amazonaws.com" (x.xxx.xxx.169), port 5432 failed: FATAL: database "xxxxxx828vkthi
" does not exist
(I have replaced the numbers with x)
I have opened port 5432 on windows, but still the same error appear.
Any suggestions on how to do it?
My setup on the flask app is
app = Flask(__name__)
DATABASE_URI = os.environ['DATABASE_URL']
DATABASE_URI= DATABASE_URI[:8]+'ql' + DATABASE_URI[8:]
engine = create_engine(DATABASE_URI)
db=scoped_session(sessionmaker(bind=engine))
Nothing should prevent this from working on the Heroku side. Just make sure to always use the connection information provided by DATABASE_URL (it can change at any time) and to use sslmode=require. You can get the current value of the DATABASE_URL by running
heroku config:get DATABASE_URL
Since this is an outbound connection you shouldn't have to open any ports on WSL or Windows. Out of the box, this outbound connection should work.
I use JDBC and Spring Boot 2.2.2 to connect to a MariaDB instance. The login fails with this message:
Caused by: java.sql.SQLInvalidAuthorizationSpecException: Could not
connect to
address=(host=server.company.domain)(port=3306)(type=master) : Access
denied for user 'user'#'server.company.domain' (using password:
YES)
When I run mysqldump -u"user" -p"password" -h server.company.domain dbname this works just fine !
Both the dump and the Spring Boot application are run from the same machine (the database server itself)
user and password used are identical
there are no special characters in the password or the user (only lower/uppcase characters and digits)
the jdbc connection string looks like this: jdbc:mariadb://server.company.domain:3306/dbname
I already tried to use localhost instead of the server name
when I change jdbc url, user and password the same application is able log in to my development mariaDB
It seems like you are having trouble with MariaDB, not spring-boot itself.
I suggest you to follow this links: https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/, and come back if it didn't solve your problem, with what you tried, and what didn't work.
I ran a short SHOW GRANTS; via the mysql command which is able to connect to the database. The output gave me this:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'%' IDENTIFIED BY PASSWORD 'nonono' REQUIRE SSL WITH GRANT OPTION
The relevant part is REQUIRE SSL: connections to that server need to be done encrypted.
When I checked the files in /etc/my.cnf.d/ I found a file containing (amongst others) these lines:
[server]
ssl=1
ssl-cert=/path/to/certificate/cert.pem
By googling a bit I found this link which describes how to set the JDBC driver to use ssl. It also explains to you why you perhaps should think twice before setting trustServerCertificate to true.
My spring.datasource.url now looks like this:
jdbc:mariadb://server.company.domain:3306/dbname?useSSL=true&trustServerCertificate=true&serverSslCert=/path/to/certificate/cert.pem
To put it short: Access denied for user doesn't tell the complete story. It makes you think that your password might be wrong but you are denied for other reasons.
My application uses the blazer gem for visualizing DB queries.
During the setup I've encountered the following error:
FATAL: no pg_hba.conf entry for host "111.22.33.44", user "blazer", database "my_db", SSL off
My application is hosted on EngineYard and uses PostgreSQL.
How can I find and modify the pg_hba.conf on EngineYard?
upd
I do have SSH access to EngineYard cloud.
Instance: General Purpose (M3) Large.
OS: EngineYard's Gentoo.
You can try the following steps. I've assumed that your DB name is my_db.
Connect to the instance via SSH (the link can be found on the EngineYard environment page)
Connect to the
database as superuser psql -U postgres -h localhost -d
my_db. If you don't have the password, check your database secrets here /data/my_db/current/config/database.yml
After connecting to DB identify location of hba file by typing SHOW
hba_file;
Quit psql by typing \q
Use previously identified path to open the hba_file file and add the missing user. E.g via vim sudo vim /db/postgresql/9.5/data/pg_hba.conf. Note the sudo command
The use should be added under # IPv4 postgres
user for 10.x with md5:
Connect to the database again
Reload the configuration via select pg_reload_conf(); command
After all steps are performed, Blazer queries should be accessible.
I have a Play 2.3 app in Java. For this app, I am able to connect to local Postgres server.
But I am unable to connect to Heroku Postgres server.
I have following settings in my application.conf:
db.default.driver=org.postgresql.Driver
db.default.url="jdbc:postgresql://ec2test.amazonaws.com:5432/rwerwerwer"
db.default.user=eerwerwerer
db.default.password="5345fdwfdsvfvsdfsdfds"
I am getting following error:
Caused by: org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for ho
st "172.56.17.147", user "eerwerwerer", database "rwerwerwer", SSL off
From PgAdim III, I am able to successful connect to Heroku database.
While adding heroku config, I got:
**! No app specified.**
Follow these steps.
Things to remember:
Use Heroku commands from inside your main directory.
Use database connection as:
db.default.driver=org.postgresql.Driver
db.default.url=${?DATABASE_URL}
No need for username and password.
No need for Procfile.
Part of an install includes a postgres database install. The database is running and the App that uses it is connecting fine.
I want to use the postgres install for some of my own reporting needs. I've got a fair way to getting to the database but I am stumped at the last bit.
I can do a psql -h /path/to/socket but get
psql: FATAL: authentication failed for user "postgres": invalid authentication method.
I have gone in to the pg_hba.conf and the only lines not commented are:
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
As far as I can see this should mean any local attempt at connection would be trusted and therefore OK.
I've tried with specifying different users (root, me, etc) and always get the same reply. Any ideas how I can access the server?