Error on deploy with vapor migration


I’m trying to deploy a vapor project with a postgres db following this instruction Vapor: Deploy → Fly
App has configured and attached db on fly launch command.
When i just deploy an app, all goes fine, but when i add this flag to start migration:

 release_command = "migrate -y"

it fails with error on this:

Migrate Command: Prepare
  Migrate Command: Prepare
  [ WARNING ] PSQLError(code: connectionError, underlying: NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error:  EOF during handshake])))
  Swift/ErrorType.swift:200: Fatal error: Error raised at top level: PSQLError(code: connectionError, underlying: NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error:  EOF during handshake])))

Also, migration works fine if i run it locally on my machine.

May be you have some ideas, what could go wrong?

Hey there,

I see you are getting a migrate command error. I just want to note this section here in the docs that you provided- Vapor: Deploy → Fly. Are you using the default Vapor Dockerfile and is your ENTRYPOINT set to ./App?

Yep, i’m using default dockerfile from vapor

# Start the Vapor service when the image is run, default to listening on 8080 in production environment


CMD ["serve", "--env", "production", "--hostname", "", "--port", "8080"]
1 Like

Thank you for that! The error definitely has to do with an issue with the SSL/TLS configuration for the database connection. You aren’t on a VPN or using a firewall by any chance? If not I would try running fly wg websockets enable and see what happens when you try to deploy.

Thanks for fast reply!

Tried run with fly wg websockets enable before deploy and got the same error, also no vpn/firewall (or could be there some firewall by default on macbook machine?).
Btw, i have some prints in my project, and when/if i get "DATABASE_URL" env, i print it and see it in logs before error. It has ?sslmode=disable on the end, could this be a part of problem?

Hey @randomflyuser, good tip on the DATABASE_URL env variable. For some reason seeing you mention that, and that error together tripped my spidey senses.

Glancing at the postgres docs as I understand it we do follow the somewhat standard param values for sslmode: PostgreSQL: Documentation: 15: 34.19. SSL Support

I’m not super familiar with Vapor, but I do recall that swift seems to be slightly newer to the web world? I decided to dig around their code a bit and found what looks like their parsing logic for the Postgres URL config:

If I’m reading that correctly they take any param containing ssl or TLS and use the value of that to configure TLS. However, they don’t anticipate the sslmode=disabled which makes me think they assume it should configured rather than disabled.

Short of submitting a patch to Vapor, I wonder if we could try writing a new secret that uses the same host, port, etc. but sets ssl param to the format that Vapor’s client is expecting.

Do you still have the DATABASE_URL that was output when you setup your fly pg instance? It was a fly pg instance it sounded like? If you have that DATABASE_URL I would just take that same string, delete the sslmode param and do:

fly secrets set VAPOR_DATABASE_URL="yourdburl?ssl=false"

Then you would need to update your database configuration on Vapor to use that new environment variable.

Does that all make sense? If you’re able to try that could you let us know if it winds up working for you?


Hi @jphenow,
thanks for your investigation, this was really deep, and finally helped to move from the point!

I confirm, using ssl=false instead of sslmode=disable let migration to start.
Unfortunately i ran into another error with postgis extensions, but I think i will create another topic for this.

1 Like

I submitted an issue with the vapor/postgres-kit in hopes that we can improve this in the future.

Looks like this is fixed in postgres-kit 2.12.0

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.