Menu
i'm trying to configure a rails app to remotely connect to a postgres db. i've noticed that the connection adapters for mysql have options that specify the required info for setting up an ssl connection, but there is no equivalent options for the postgres/pg adapter.
after googling around, i haven't been able to find anything either (only connecting via an ssh tunnel).
so simply, is trying to get the rails postgres adapter to connect over ssl a dead end?
thanks. any help or direction is appreciated.
-h
944
PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security.
With SSL support compiled in, the PostgreSQL server can be started with SSL enabled by setting the parameter ssl to on in postgresql. conf. The server will listen for both normal and SSL connections on the same TCP port, and will negotiate with any connecting client on whether to use SSL .
In late 2012, things seem to have changed. Although documentation is still sparse, the pg gem seems to auto-negotiate SSL, and the jdbc drivers can be coerced to use SSL.
My app is a hybrid MRI-jRuby app, that accesses heroku-postgres, a cloud postgresql server that requires SSL.
# Gemfile.lock
pg (0.14.1)
activerecord-jdbc-adapter (1.2.2.1)
activerecord-jdbcpostgresql-adapter (1.2.2.1)
jdbc-postgres (9.1.901)
The pg gem, seemed to auto-negotiate SSL. However, the JDBC adapter did not. MRI connected with a typical database.yml (no mention of ssl), but JDBC threw:
(FATAL: no pg_hba.conf entry for host "xx.xx.xx.xx", user "username", database "database", SSL off)
I eventually tried specifying the connection details in JDBC-URL format, and the connection succeeded:
# jruby database.yml
production:
adapter: jdbcpostgresql
url: jdbc:postgresql://host/database?user=user&password=password&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
(sslfactory may not be needed for all setups)
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
