typeorm: Unable to connect to Heroku postgres from outside of Heroku

In order to connect to Heroku postgres from outside of Heroku we need to use SSL.

So, I’m getting the following message when trying to connect typeorm to the Heroku postgres.

"message": "no pg_hba.conf entry for host "xxx", user "xxx", database "xxx", SSL off"

I believe this is happening because the postgres driver is trying to connect without SSL. If I’m correct, how can I tell the sql driver to use SSL.

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 19
Comments: 25 (4 by maintainers)

Links to this issue

Node.js, PostgreSQL error: no pg_hba.conf entry for host - Stack Overflow

Commits related to this issue

Add ssl for DOAP When running migrations on DOAP I got the following error: Error during migration run: error: no pg_hba.conf entry for host "134.209.211.49", user "db", database "db", SSL off. Thi... — committed to ardentink/adr-api by dansteren 4 years ago
Update to fix the issue, this github issue explains the issue https://github.com/typeorm/typeorm/issues/278 — committed to andreGarvin/openkey by andreGarvin 3 years ago

Most upvoted comments

@idudinov

getting the error:

Error: self signed certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
    at TLSSocket.emit (events.js:210:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}

not sure what certificate should I use, or can I bypass it somehow?

thanks in advance!

I’ve just run into this issue and it seems that node-postgres have added an option to disable rejecting unauthorized connections. I don’t think this is safe to run in production though. I’m just using it to run my migrations.

I believe the ideal solution is to get a new SSL certificate, but for now I have:

  ssl: true,
  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },

+131

JakeSidSmith on Apr 16, 2020

Solution is here. To do so in typeorm you need to provide option in special “extra” section of connection options:

createConnection(
    driver: {
        type: "postgres",
        host: "localhost",
        port: 5432,
        username: "root",
        password: "admin",
        database: "test",
        extra: {
             ssl: true
        }
    },);

+71

pleerock on Feb 11, 2017

What fixed for me while using Postgres from Heroku was only adding the following environment variable:

PGSSLMODE=no-verify

+29

italodeandra on Jul 3, 2020

hi there! still don’t able to connect to remote Heroku Postgres server from local machine, my config looks like:

const config: PostgresConnectionOptions = {
    ...baseConfig, // here're common settings
    url: process.env.DATABASE_URL, // got from DATABASE_URL config var in Heroku
    ssl: true, // double check
    extra: {
        ssl: true,
    },
};

also tried to set up PGSSLMODE=require as env var.

TypeORM in package.json: "typeorm": "0.2.20"

getting the error:

Error: self signed certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
    at TLSSocket.emit (events.js:210:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}

not sure what certificate should I use, or can I bypass it somehow?

thanks in advance!

+17

idudinov on Nov 26, 2019

Also PGSSLMODE=require solves this problem.

+15

AllanPamplona-zz on Apr 8, 2019

You need to set

TYPEORM_DRIVER_EXTRA = {"ssl":true}

+15

pleerock on Nov 24, 2017

@idudinov
getting the error:
Error: self signed certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
    at TLSSocket.emit (events.js:210:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}
not sure what certificate should I use, or can I bypass it somehow? thanks in advance!
I’ve just run into this issue and it seems that node-postgres have added an option to disable rejecting unauthorized connections. I don’t think this is safe to run in production though. I’m just using it to run my migrations.

I believe the ideal solution is to get a new SSL certificate, but for now I have:
  ssl: true,
  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },

it works for me. Thanks!

+12

aliskhanoff on Jun 27, 2020

What worked for me:

{
...
    "password": ...,
    "database": ...,
    "ssl": {
        "rejectUnauthorized": false,
    },
...
}

Haple on Aug 21, 2020

@idudinov
getting the error:
Error: self signed certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
    at TLSSocket.emit (events.js:210:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}
not sure what certificate should I use, or can I bypass it somehow? thanks in advance!
I’ve just run into this issue and it seems that node-postgres have added an option to disable rejecting unauthorized connections. I don’t think this is safe to run in production though. I’m just using it to run my migrations.

I believe the ideal solution is to get a new SSL certificate, but for now I have:
  ssl: true,
  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },

thanks a lot it worked for me too i was using typeorm and nest.js and i was getting this error while connecting a database located in digitalocean

agilatakishiyev on Jan 13, 2021

In my case:

put what you get from heroku config:get DATABASE_URL to your .env file (heroku will automatically add that to process.env
connect with:

createConnection({
    url: process.env.DATABASE_URL,
    type: 'postgres',
    entities: [YOUR ENTITIES GO HERE],
    synchronize: true,
    extra: {
      ssl: true,
    },
  });

pie6k on Mar 11, 2018

@idudinov
getting the error:
Error: self signed certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
    at TLSSocket.emit (events.js:210:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}
not sure what certificate should I use, or can I bypass it somehow? thanks in advance!
I’ve just run into this issue and it seems that node-postgres have added an option to disable rejecting unauthorized connections. I don’t think this is safe to run in production though. I’m just using it to run my migrations.

I believe the ideal solution is to get a new SSL certificate, but for now I have:
  ssl: true,
  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },

Just as a follow up, since Heroku enforced SSL for all postgres connections the above is the solution they recommend.

So I guess it is safe for production. 😊

JakeSidSmith on May 7, 2021

For me it worked with:

createConnection({
    url: process.env.DATABASE_URL,
    type: 'postgres',
    entities: [YOUR ENTITIES GO HERE],
    synchronize: true,
+   ssl: true,
  });

a1300 on Jan 17, 2019

jeez it fails on Heroku as well!

UPDATE: sorry, false alarm! it’s actually node-postgres issue: https://github.com/brianc/node-postgres/issues/2009

idudinov on Nov 26, 2019

For me it worked with:

createConnection({
    url: process.env.DATABASE_URL,
    type: 'postgres',
    entities: [YOUR ENTITIES GO HERE],
    synchronize: true,
+   ssl: true,
  });

worked for me too.

rakeshta on Sep 25, 2019