I’m just a community member but I agree that it’s a bit of an odd pattern, the traditional guidance

I’m just a community member but I agree that it’s a bit of an odd pattern, the traditional guidance is that everything in Wrangler.toml is safe to commit to VCS & secrets are either stored on the edge or in .dev.vars

Kkian I’m just a community member but I agree that it’s a bit of an odd pattern, the t...

Sam•12/14/23, 6:31 PM

I think we're both talking about publishing to Github

Mitya•12/14/23, 6:31 PM

Sorry I meant the PG IP error issue when I run locally not via

--remote

--remote

Mitya•12/14/23, 6:32 PM

(Not that I want to gazump @Sam here - he was probably first in line in getting help.)

MMitya (Not that I want to gazump @Sam here - he was probably first in line in getting ...

Sam•12/14/23, 6:32 PM

It's ok haha

kianOP•12/14/23, 6:35 PM

The local Hyperdrive is really just talking to your localConnectionString with the TCP sockets API, it isn’t any different to if you passed it in your code directly rather than the Hyperdrive binding.

Does your pg_hba.conf dictate a specific auth method or options (like ssl)? It sounds like Hyperdrive supports a set of features that the direct connection might not.

Mitya•12/14/23, 6:36 PM

Yeah I assumed local mode bypassed Hyperdrive completely and just connected traditionally, without Hyperdrive. As for pg_hba.conf, I'm afraid this is where my expertise ends. I don't literally have that file - I just have a Heroku-hosted DB that I can connect to publicly (i.e. there's no IP whitelist or anything like that). Non-Wrangler apps running on my machine can talk to it, but the Wrangler app throws the PG error.

kianOP•12/14/23, 6:37 PM

Do you have the full FATAL error from the Worker? Feel free to redact the IP/username

kianOP•12/14/23, 6:38 PM

If it says ssl off, Heroku requires SSL for all connections

Mitya•12/14/23, 6:39 PM

I connect via:

This is taken verbatim from an app that connects to the DB fine.

Full error output is:

kianOP•12/14/23, 6:40 PM

This is node-postgres I assume

Mitya•12/14/23, 6:40 PM

Sorry yes

kianOP•12/14/23, 6:43 PM

Try adding ?sslmode=require to your local conn. string

Mitya•12/14/23, 6:44 PM

Right after the DB name? Same deal, unfortunately.

Mitya•12/14/23, 6:46 PM

(Disappearing for dinner but will check back later. Really appreciate the help, whether it gets solved or not!)

kianOP•12/14/23, 6:49 PM

Does the error still say no encryption?

kianOP•12/14/23, 6:53 PM

I guess “no encryption” could also refer to the password. I.E scram-sha-256

MMitya Sorry yes

Matt Silverlock•12/14/23, 8:11 PM

What version of

Mitya•12/15/23, 11:40 AM

Yes the error still says no encryption. (i.e. the package) is v. ^8.10.0

MMitya Yes the error still says no encryption. `node-postgres` (i.e. the `pg` package) ...

Matt Silverlock•12/15/23, 11:42 AM

Matt Silverlock•12/15/23, 11:42 AM

Per https://developers.cloudflare.com/hyperdrive/learning/connect-to-postgres/#supported-drivers

Connect to PostgreSQL · Hyperdrive

Hyperdrive supports PostgreSQL and PostgreSQL-compatible databases, popular drivers and Object Relational Mapper (ORM) libraries that use those …

Mitya•12/15/23, 11:57 AM

Good spot, and have updated PG, but still the same error

Mitya•12/15/23, 11:58 AM

MMitya Click to see attachment

Matt Silverlock•12/15/23, 12:39 PM

The error you're getting is on the Heroku side - e.g. https://stackoverflow.com/questions/60048669/heroku-postgres-psql-fatal-no-pg-hba-conf-entry-for-host

Stack Overflow

Heroku Postgres: "psql: FATAL: no pg_hba.conf entry for host"

There are a number of Heroku CLI Postgres commands that all return the same error. For example:

$ heroku pg:bloat
psql: FATAL: no pg_hba.conf entry for host "...", user "...", database "...", SSL...

Matt Silverlock•12/15/23, 12:39 PM

is the Postgres config file; Hyperdrive is attempting to connect and getting that back.

Matt Silverlock•12/15/23, 12:40 PM

bun•12/15/23, 12:51 PM

trying to restrict access to my database to CF ips only but getting an error when trying to setup hyperdrive

bun•12/15/23, 12:52 PM

Bbun ```json "errors": [ { "code": 2011, "message": "Network connecti...

kianOP•12/15/23, 12:53 PM

Hyperdrive doesn’t use the public CF IPs.

bun•12/15/23, 12:54 PM

bun•12/15/23, 12:54 PM

so no good way to block non CF access via firewall rn?

kianOP•12/15/23, 12:55 PM

Correct, nothing yet

Kkian Correct, nothing yet

Hello, I’m Allie!•12/15/23, 1:16 PM

Wouldn't an ASN-level block work?

HHello, I’m Allie!Wouldn't an ASN-level block work?

Matt Silverlock•12/15/23, 1:31 PM

No, and we generally don't recommend that. An IP (or AS) filter doesn't stop anyone else from creating a Hyperdrive configuration and connecting to your origin database.

Matt Silverlock•12/15/23, 1:32 PM

(An AS level filter will also not work here, so please don't try it)

Sam•12/21/23, 10:42 AM

Within wrangler.toml, localConnectionString is now required. But is there any way to mask the value of this string when uploading to Github? I hate that it's required now, since we can't protect Postgres accounts by IP restrictions.

SSam Within wrangler.toml, localConnectionString is now required. But is there any wa...

Matt Silverlock•12/21/23, 11:46 AM

It should not be required. It’s only used for local testing. You can leave it empty. My Hyperdrive test project does not set it.

MMatt Silverlock It should not be _required_. It’s only used for local testing. You can leave it ...

Sam•12/21/23, 11:48 AM

I can’t start my project if I don’t give the wrangler file a local connection string. And if I keep the string empty, it also doesn’t start

SSam I can’t start my project if I don’t give the wrangler file a local connection st...

Matt Silverlock•12/21/23, 11:49 AM

That’s local — with .

MMatt Silverlock That’s local — with `wrangler dev`.

Sam•12/21/23, 11:51 AM

Yes, but it should not be required. I want to put my connection string in .dev.vars. This wont show up in Github.

sam•12/23/23, 2:07 AM

hello hyperdrive friends

sam•12/23/23, 2:07 AM

i was hoping to hang out until mysql is supported, we're excited

AngusMa•12/23/23, 1:45 PM

The hyperdrive page shows nothing in Traditional Chinese, but it works in English.

Colin•12/29/23, 7:32 PM

we're seeing what we believe to be inconsistent caching in Hyperdrive

when repeatedly sending a relatively simple SQL query (looks just like ) with a large result ( is a couple hundred KB in size), Hyperdrive sometimes responds correctly (with one row) and sometimes responds incorrectly (with no rows)

It also seems to go in runs - we'll get correct responses for a minute, then incorrect responses for a minute, and so on. I've only ever been able to reproduce this when going through Hyperdrive (with a minute TTL cache), never when connecting directly to the DB

Unfortunately we rely pretty heavily on Hyperdrive caching to not overload the origin DB so disabling cache isn't an option here

MMatt Silverlock Not in the near term, but we're talking with MongoDB. Their driver architecture ...

Gagan Suie•12/30/23, 3:51 AM

At the moment there's a mTLS to TLS issue right? Kind of tired of using mongoDB data api. Any plans to fix the driver issue for workers?

GGagan Suie At the moment there's a mTLS to TLS issue right? Kind of tired of using mongoDB ...

Matt Silverlock•12/30/23, 4:16 AM

We’re working with Mongo. Their driver is not simple to run in a (proper) serverless environment

CColin 👋 we're seeing what we believe to be inconsistent caching in Hyperdrive when r...

Matt Silverlock•12/30/23, 4:16 AM

What’s your account ID & hyperdrive config ID?

MMatt Silverlock What’s your account ID & hyperdrive config ID?

Colin•12/30/23, 4:18 AM

Account ID:
Hyperdrive ID:

andyhats•12/31/23, 6:58 PM

I have a question about how hyperdrive works that I couldn't find an answer to in the blog or docs:

Let's say a customer is in Singapore, the CF worker is Singapore, and the database is in US-East1.

Is there any difference in the network path (and subsequent latency) for our Singapore CF worker using hyperdrive vs using something like the Neon serverless driver? Is it using CF peering connections or something else that would make the latency lower when using CF?

Aandyhats I have a question about how hyperdrive works that I couldn't find an answer to i...

Colin•1/1/24, 7:42 PM

As far as I understand (I don't work for CF or anything), Hyperdrive will do the PG handshake at the edge right near your worker (with very low latency), and Neon serverless will do the PG handshake at the origin. The PG handshake is like 7 (this is a guess) round trips, so the connection establish time is significantly lower

CColin As far as I understand (I don't work for CF or anything), Hyperdrive will do the...

andyhats•1/1/24, 7:53 PM

thanks Colin - yeah that makes sense. I am just wondering if there is also any material difference in the path that the bits take as they route around the globe.

Honestly no idea if it would even make a difference, but it would make sense to me if this route:

was faster than...