Menu
I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error:
OperationalError at /path/
(2026, 'SSL connection error')
Here's the setup:
On Heroku:
DATABASE_URL: mysql2://username:[email protected]:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem
In Django settings:
DATABASES = {
'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}`
I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent.
Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error?
Update:
Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.
440
right-click on the particular MySQL instance and select "Edit Connection" Select the "SSL" tab under Connection Method. Select the drop-down for the "Use SSL" and choose "If Available" instead of "Required". Click the "Test Connection" button at the lower right connection to make sure you can now connect without errors ...
For Amazon RDS for Oracle instances, you can turn on SSL mode by adding the SSL option in your custom option group. Amazon RDS for Oracle supports Transport Layer Security (TLS) versions 1.0 and 1.2. To use the Oracle SSL option, use the SQLNET. SSL_VERSION option setting in your option group.
To enforce SSL, simply enable the newly introduced rds. force_ssl parameter ("0" by default) through the Parameter Groups page on the RDS Console, or through the CLI. Database instances that have this parameter enabled will only accept SSL connections.
You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. If you want to avoid the above MySQL warning, use the syntax mention in the beginning.
Solved:
The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path.
DATABASES = {
'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {
'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'}
}
Again, detecting the path like this does not work, the path must be hard coded:
DATABASES['default']['OPTIONS'] = {
'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With