External Postgres Connection Fails with pg_tls

Hello, I am unable to connect to my Postgres database from the public internet. The connection is consistently closed by the server during the TLS handshake, and I have now exhausted all possible client-side and configuration fixes.

Summary of Evidence:

  1. Multiple Rebuilds: I have completely destroyed and recreated the Postgres cluster multiple times. The issue persists on both a fresh Postgres 17 cluster and a fresh Postgres 16 cluster (flyio/postgres-flex:16.4).

  2. Service is Correctly Configured: fly services list and fly config show both confirm that public port 5432 is correctly configured with the pg_tls handler as per your documentation.

  3. Internal & Proxied Connections Work: My Wasp application (spectral-health-server) connects successfully to the database over the private network. A connection from my local machine using fly proxy also succeeds 100% of the time. This proves the database, credentials, and internal networking are healthy.

  4. All External Clients Fail: The direct public connection fails with both psql and a Python psycopg2 client. The error is always server closed the connection unexpectedly. This occurs even when testing from a fresh PG16 cluster.

Generated code

psql "sslmode=require host=spectral-health-db.fly.dev dbname=spectral_health_server user=spectral_health_server"
psql: error: connection to server at "spectral-health-db.fly.dev" (...) failed: server closed the connection unexpectedly

This evidence proves the failure lies within the Fly.io public proxy’s handling of the pg_tls protocol for my application (spectral-health-db). Could you please investigate this platform-level issue?

Hi… I’m not with Fly.io, but I think this is a known phenomenon, rather than a platform bug.

I was able to get through to the password prompt…

$ psql "sslmode=require sslsni=1 host=spectral-health-db.fly.dev user=postgres"
Password for user postgres: 
psql: error: connection to server at "spectral-health-db.fly.dev" (2a09:8280:1::82:c81c:0),
port 5432 failed: FATAL:  password authentication failed for user "postgres"

(Older versions of psql don’t have the sslsni knob, unfortunately.)

Hope this helps!


Aside: If you want to connect via IPv4, it would also be prudent to double-check that you have a dedicated address. (And remove the one labeled shared.)

1 Like

you are a god. this community is officially awesome.

1 Like