I’m trying to deploy a vapor project with a postgres db following this instruction Vapor: Deploy → Fly
App has configured and attached db on fly launch command.
When i just deploy an app, all goes fine, but when i add this flag to start migration:
[deploy]
release_command = "migrate -y"
it fails with error on this:
Migrate Command: Prepare
Migrate Command: Prepare
[ WARNING ] PSQLError(code: connectionError, underlying: NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: EOF during handshake])))
Swift/ErrorType.swift:200: Fatal error: Error raised at top level: PSQLError(code: connectionError, underlying: NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: EOF during handshake])))
Also, migration works fine if i run it locally on my machine.
I see you are getting a migrate command error. I just want to note this section here in the docs that you provided- Vapor: Deploy → Fly. Are you using the default Vapor Dockerfile and is your ENTRYPOINT set to ./App?
# Start the Vapor service when the image is run, default to listening on 8080 in production environment
ENTRYPOINT ["./App"]
CMD ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"]
Thank you for that! The error definitely has to do with an issue with the SSL/TLS configuration for the database connection. You aren’t on a VPN or using a firewall by any chance? If not I would try running fly wg websockets enable and see what happens when you try to deploy.
Tried run with fly wg websockets enable before deploy and got the same error, also no vpn/firewall (or could be there some firewall by default on macbook machine?).
Btw, i have some prints in my project, and when/if i get "DATABASE_URL" env, i print it and see it in logs before error. It has ?sslmode=disable on the end, could this be a part of problem?
Hey @randomflyuser, good tip on the DATABASE_URL env variable. For some reason seeing you mention that, and that error together tripped my spidey senses.
If I’m reading that correctly they take any param containing ssl or TLS and use the value of that to configure TLS. However, they don’t anticipate the sslmode=disabled which makes me think they assume it should configured rather than disabled.
Short of submitting a patch to Vapor, I wonder if we could try writing a new secret that uses the same host, port, etc. but sets ssl param to the format that Vapor’s client is expecting.
Do you still have the DATABASE_URL that was output when you setup your fly pg instance? It was a fly pg instance it sounded like? If you have that DATABASE_URL I would just take that same string, delete the sslmode param and do:
fly secrets set VAPOR_DATABASE_URL="yourdburl?ssl=false"
Then you would need to update your database configuration on Vapor to use that new environment variable.
Does that all make sense? If you’re able to try that could you let us know if it winds up working for you?
Hi @jphenow,
thanks for your investigation, this was really deep, and finally helped to move from the point!
I confirm, using ssl=false instead of sslmode=disable let migration to start.
Unfortunately i ran into another error with postgis extensions, but I think i will create another topic for this.