Should use require_ssl on PostgreSQL?
Seems like I'm having various issues connecting to the DB. Seems like they're gone once I removed it, but it feels wrong. What's the official recommendation?
25 Replies
Project ID:
b58d71f6-d2f6-4c69-ba03-9b155d79a099
b58d71f6-d2f6-4c69-ba03-9b155d79a099
Context?
Should I set
require_ssl: true
if I'm using Railway
PostgreSQL
? When I had it turned on I saw various connection issues, without it seems smooth.Railway Postgres doesn't use SSL, so yes you should disable it.
Thanks , should probably be in the docs.
Is this still true to V2 of the plugin?
No, by default it comes with ssl
but you can disable it if you want, even tho I don't recommend it
and the cert is self signed, so you might have problems depending on your client
rust has problems with the ssl cert
connect to the database privately and don't worry about ssl
When I tried the internal URL it was unable to resolve it. Not sure it works properly.
- disable ssl
- add a 3 second sleep to the start of your app
- if you're using alpine you need a service variable set https://docs.railway.app/reference/private-networking#workaround-for-alpine-based-images
Without SSL, with the envar set.
With multiple retry with sleep.
how are you doing the sleep
A loop retrying and sleeping , gonna try longer sleep. Honestly, the deployment system should ping the DNS until it resolved and then start. This shouldn't be in the user space.
the private network initialisation time is a known issue and it is actively being worked on
it is also listed in the caveats section of the docs
not talking about how long it takes, but exposing the issue to the user. as 5 min fix that most will be happy with is the deployment waiting for it and then launching. will reduce support on your side too.
it's not as simple as that
either way, after 3 seconds the dns resolver is ready to answer requests, if after those 3 seconds your app isn't resolving ipv6 addresses properly, that's not an issue with Railway
13-27
, it's exactly the same versions and code as another app I have in railway, the only difference is the V2 of the plugin.please add a 3 second sleep
and please chill with the ping replies
27 - 13 = 14
railway restarting your app does not solve anything, your app needs to sleep for 3 seconds before starting
actually it's more, 51:27 => 50:13
that's a restart? it in the same deployment log.
like I had just mentioned, a restart does not solve anything, your app needs to sleep for 3 seconds.
update your start command
sleep 3 && <your current start command here>
Moved the sleep outside the app, now it's back to the certificate error now, with internal URL and require_ssl: false.
ignore the certificate errors
Trying to ignore on the app level didn't help, but adding
?sslmode=disable
sorted it