R
Railway9mo ago
&mut self

Should use require_ssl on PostgreSQL?

Seems like I'm having various issues connecting to the DB. Seems like they're gone once I removed it, but it feels wrong. What's the official recommendation?
25 Replies
Percy
Percy9mo ago
Project ID: b58d71f6-d2f6-4c69-ba03-9b155d79a099
&mut self
&mut self9mo ago
b58d71f6-d2f6-4c69-ba03-9b155d79a099
angelo
angelo9mo ago
Context?
&mut self
&mut self9mo ago
Should I set require_ssl: true if I'm using Railway PostgreSQL? When I had it turned on I saw various connection issues, without it seems smooth.
ThallesComH
ThallesComH9mo ago
Railway Postgres doesn't use SSL, so yes you should disable it.
&mut self
&mut self7mo ago
Thanks , should probably be in the docs. Is this still true to V2 of the plugin?
ThallesComH
ThallesComH7mo ago
No, by default it comes with ssl but you can disable it if you want, even tho I don't recommend it and the cert is self signed, so you might have problems depending on your client
Brody
Brody7mo ago
rust has problems with the ssl cert connect to the database privately and don't worry about ssl
&mut self
&mut self7mo ago
When I tried the internal URL it was unable to resolve it. Not sure it works properly.
Brody
Brody7mo ago
- disable ssl - add a 3 second sleep to the start of your app - if you're using alpine you need a service variable set https://docs.railway.app/reference/private-networking#workaround-for-alpine-based-images
&mut self
&mut self7mo ago
Without SSL, with the envar set. 
error: error communicating with database: failed to lookup address information: Temporary failure in name resolution
error: error communicating with database: failed to lookup address information: Temporary failure in name resolution
With multiple retry with sleep.
Brody
Brody7mo ago
how are you doing the sleep
&mut self
&mut self7mo ago
A loop retrying and sleeping , gonna try longer sleep. Honestly, the deployment system should ping the DNS until it resolved and then start. This shouldn't be in the user space.
Brody
Brody7mo ago
the private network initialisation time is a known issue and it is actively being worked on it is also listed in the caveats section of the docs
&mut self
&mut self7mo ago
not talking about how long it takes, but exposing the issue to the user. as 5 min fix that most will be happy with is the deployment waiting for it and then launching. will reduce support on your side too.
Brody
Brody7mo ago
it's not as simple as that either way, after 3 seconds the dns resolver is ready to answer requests, if after those 3 seconds your app isn't resolving ipv6 addresses properly, that's not an issue with Railway
&mut self
&mut self7mo ago
13-27 , it's exactly the same versions and code as another app I have in railway, the only difference is the V2 of the plugin.
No description
Brody
Brody7mo ago
please add a 3 second sleep and please chill with the ping replies
&mut self
&mut self7mo ago
27 - 13 = 14
Brody
Brody7mo ago
railway restarting your app does not solve anything, your app needs to sleep for 3 seconds before starting
&mut self
&mut self7mo ago
actually it's more, 51:27 => 50:13 that's a restart? it in the same deployment log.
Brody
Brody7mo ago
like I had just mentioned, a restart does not solve anything, your app needs to sleep for 3 seconds. update your start command sleep 3 && <your current start command here>
&mut self
&mut self7mo ago
Moved the sleep outside the app, now it's back to the certificate error now, with internal URL and require_ssl: false. 
  Custom {
        kind: InvalidData,
        error: InvalidCertificateData(
            "invalid peer certificate: UnsupportedCertVersion",
        ),
    }
  Custom {
        kind: InvalidData,
        error: InvalidCertificateData(
            "invalid peer certificate: UnsupportedCertVersion",
        ),
    }
Brody
Brody7mo ago
ignore the certificate errors
&mut self
&mut self7mo ago
Trying to ignore on the app level didn't help, but adding ?sslmode=disable sorted it
Want results from more Discord servers?
Add your server
More Posts
Builds fail due to nixpack using nodejs_20 instead of nodejs_18My builds fail need some attention please. Previous successful build: nixpack 1.15 nodejs_18 Failwhy is the deployment with no change failing now?ERROR: failed to solve: process "/bin/bash -ol pipefail -c apt-get update && apt-get install -y --nowebsocket: bad handshake with gorilla websocketsi have a websocket server running on railway with a custom domain, and when going to the websocket rRefund requestHello, I haven't used your service for a while and overlooked the need to unlink my card. Can I pleaHow can I add a json file to my mongoDB with railway?I have a json file containing all of the record my project needs, it is called `sectorA` I want to acould not receive data from client: Connection reset by peerI'm having issues with the DB connection, keep getting: `could not receive data from client: Connectjava.lang.UnsupportedClassVersionErrorHow fix it? I use java 19Add domain to webapp - how?I initially (½ year ago), added my domain under settings - setup the records as described, and it waError adding TCP proxy - Not AuthorizedHello I deployed a service based on a docker image, in order to connect to the service I try to set A way to increase the build timeoutI would like to know if there is a way to increase the build timeout, as I have a very large nextjs