I’m trying to deploy a vapor project with a postgres db following this instruction Vapor: Deploy → Fly
App has configured and attached db on fly launch command.
When i just deploy an app, all goes fine, but when i add this flag to start migration:
release_command = "migrate -y"
it fails with error on this:
Migrate Command: Prepare
Migrate Command: Prepare
[ WARNING ] PSQLError(code: connectionError, underlying: NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: EOF during handshake])))
Swift/ErrorType.swift:200: Fatal error: Error raised at top level: PSQLError(code: connectionError, underlying: NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: EOF during handshake])))
Also, migration works fine if i run it locally on my machine.
I see you are getting a migrate command error. I just want to note this section here in the docs that you provided- Vapor: Deploy → Fly. Are you using the default Vapor Dockerfile and is your ENTRYPOINT set to ./App?
# Start the Vapor service when the image is run, default to listening on 8080 in production environment
CMD ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"]
Thank you for that! The error definitely has to do with an issue with the SSL/TLS configuration for the database connection. You aren’t on a VPN or using a firewall by any chance? If not I would try running fly wg websockets enable and see what happens when you try to deploy.
Tried run with fly wg websockets enable before deploy and got the same error, also no vpn/firewall (or could be there some firewall by default on macbook machine?).
Btw, i have some prints in my project, and when/if i get "DATABASE_URL" env, i print it and see it in logs before error. It has ?sslmode=disable on the end, could this be a part of problem?
If I’m reading that correctly they take any param containing ssl or TLS and use the value of that to configure TLS. However, they don’t anticipate the sslmode=disabled which makes me think they assume it should configured rather than disabled.
Short of submitting a patch to Vapor, I wonder if we could try writing a new secret that uses the same host, port, etc. but sets ssl param to the format that Vapor’s client is expecting.
Do you still have the DATABASE_URL that was output when you setup your fly pg instance? It was a fly pg instance it sounded like? If you have that DATABASE_URL I would just take that same string, delete the sslmode param and do:
fly secrets set VAPOR_DATABASE_URL="yourdburl?ssl=false"