I'm running a Postgres DB and a node app on Heroku. When I try to do
app.use(session({
store: new pgSession({
conString: process.env.DATABASE_URL
}),
secret: 'my-super-secret-session',
resave: false,
cookie: {
maxAge: 7 * 24 * 60 * 60 * 1000
}
}));
I get a complaint: error: no pg_hba.conf entry for host "1.2.3.4", user ,myuser", database "mydb", SSL off
I assume I need to tell connect-pg-simple to use SSL somehow?
If you're not able to edit pg_hba.conf, because you're using a service like heroku, try this.
All you have to do is replace conString with conObject and specify a connectionString and ssl options.
app.use(session({
store: new pgSession({
conObject: {
connectionString: process.env.DATABASE_URL,
ssl: true,
},
}),
secret: 'my-super-secret-session',
resave: false,
cookie: {
maxAge: 7 * 24 * 60 * 60 * 1000
}
}));
You need to add an entry in the pg_hba.conf to allow your connection.
Example:
vi $PGDATA/pg_hba.conf
host all all 1.2.3.4/32 md5
After saving this config file you will need to reload it by issuing a config reload command:
pg_ctl reload
Then retry the connection.
Related
I'm trying to connect to my postgres database in Heroku with Knex.
const db = knex({
client: "pg",
connection: {
connectionString:process.env.DATABASE_URL,
ssh: true,
},
});
process.env.DATABASE_URL is undefined, and when I use the connection string instead that I get from Heroku, it still doesn't work.
EDIT:
I fixed this issue by replacing process.env.DATABASE_URL with a
I'm front dev and I need to test locally my front app with backend (nest js) and postgresql DB. Who can write me the right way How to run and connect to DB ? I get some errors on app start. I work on win 10 and there is my steps for start this app.
install postgresql
npm install for my nest js app
run pgAdmin4 and create DB for my app
npm start
There is my ormconfig
module.exports = {
"type": "postgres",
"host": process.env.POSTGRES_HOST || "localhost",
"port": process.env.POSTGRES_PORT || 5432,
"username": process.env.POSTGRES_USER || "", //<- Here I try to set all possible username
"password": process.env.POSTGRES_PASSWORD || "", //<- Here I try to set all possible password
"database": process.env.POSTGRES_DB || "my_database",
"entities": ["dist/**/*.entity{.ts,.js}"],
"synchronize": true,
"logging": true
}
There is error that I encountered
error
Also on other computer I try to do this and I get error like
[Nest] ERROR [TypeOrmModule] Unable to connect to the database.
FATAL: password authentication failed for user "postgres" (postgresql 14 with pgAdmin 4)
In your typeormconfig.ts , you should write this:
export class PostgresTypeormConfiguration implements TypeOrmOptionsFactory
{
createTypeOrmOptions(connectionName?: string): TypeOrmModuleOptions | Promise<TypeOrmModuleOptions> {
const TypeOrmOptions:TypeOrmModuleOptions=
{
type: "postgres",
host: process.env.POSTGRES_HOST ,
port: process.env.POSTGRES_PORT ,
username: process.env.POSTGRES_USER ,
password: process.env.POSTGRES_PASSWORD ,
database: process.env.POSTGRES_DB,
entities: ["dist/**/*.entity{.ts,.js}"],
synchronize: true,
logging: true
}
return TypeOrmOptions
}
}
and you should define this in your module like this:
#Module({
imports:[TypeOrmModule.forRootAsync({useClass:PostgresTypeormConfiguration})]
})
note: if you still got an error , you wrote one of the config option wrong in your .env file or you did not define .env file in your configModule
I have been given a knexfile like this:
require('dotenv').config()
module.exports = {
client: 'pg',
connection: process.env.DB_CONNECTION,
pool: {
min: 2,
max: 10
},
migrations: {
tableName: 'knex_migrations'
}
};
The connection string I supply is:
Host=localhost;Database=heypay;Username=postgres;Password=1234
However, Knex keeps issuing the error:
password authentication failed for user "user"
Apparently, the username I have given is not user. Moreover, I have tried to hardcore the connection string into the connection filed under module.exports. This still ended up in vain.
The trick is, the connection property can either be a string or an object. That's why you were able to supply an environment variable (it's a string).
The reason your original string was failing is not a Knex problem: Postgres connection strings have a slightly different format. You can use a similar approach as your first attempt, but pay attention to the key names:
host=localhost port=5432 dbname=mydb connect_timeout=10
Also note spaces, not semicolons. However in my experience most people use a Postgres URI:
postgresql://[user[:password]#][netloc][:port][,...][/dbname][?param1=value1&...]
So in your example, you'd use:
module.exports = {
client: 'pg',
connection: 'postgresql://your_database_user:password#localhost/myapp_test',
pool: {
min: 2,
max: 10
},
migrations: {
tableName: 'knex_migrations'
}
};
I was using a .NET style connection string, the correct one would be in the following format:
{
host : '127.0.0.1',
user : 'your_database_user',
password : 'your_database_password',
database : 'myapp_test'
}
This might be a very newbie question, but I can't seem to get my Sails.js app working in production mode. I start it in production mode by setting NODE_ENV=production and it says it has lifted successfully on localhost:1337 but when I try to go to the link it just time out with no reply from server.
The Sails.js app works fine in development mode.
Been through all the documentation and can't see what am missing.
I have a production.js config file.
-- production.js (endpoints anonymized) ---
/**
* Production environment settings
*
* This file can include shared settings for a production environment,
* such as API keys or remote database passwords. If you're using
* a version control solution for your Sails app, this file will
* be committed to your repository unless you add it to your .gitignore
* file. If your repository will be publicly viewable, don't add
* any private information to this file!
*
*/
module.exports = {
minicabit: {
api: {
host: "https://api-endpoint",
prepend: "/vX/",
key: "wrwerwrwrwewre"
}
},
log: {
level: 'info'
},
csrf: true,
/***************************************************************************
* Set the default database connection for models in the production *
* environment (see config/connections.js and config/models.js ) *
***************************************************************************/
models: {
connection: 'connMysql'
},
// models: {
// connection: 'someMysqlServer'
// },
/***************************************************************************
* Set the port in the production environment to 80 *
***************************************************************************/
//port: 80,
/***************************************************************************
* Set the log level in production environment to "silent" *
***************************************************************************/
// log: {
// level: "silent"
// }
blueprints: {
rest: false,
shortcuts: false
},
session: {
/***************************************************************************
* *
* In production, uncomment the following lines to set up a shared redis *
* session store that can be shared across multiple Sails.js servers *
***************************************************************************/
adapter: 'connect-redis',
/***************************************************************************
* *
* The following values are optional, if no options are set a redis *
* instance running on localhost is expected. Read more about options at: *
* https://github.com/visionmedia/connect-redis *
* *
* *
***************************************************************************/
host: 'redis-endpoint',
port: 6379,
ttl: 3600
// db: 0,
// pass: <redis auth password>,
// prefix: 'sess:'
}
};
Am I missing anything else?
Thanks
I have found the issue, it looks like the connect-redis module I installed is not compatible with sail.js
https://github.com/balderdashy/sails/issues/2379
i'm part of a team that is developing an application that uses the Fiware GE's has part of the Smart-AgriFood accelerator.
We are using the Orion Context Broker for gathering the data provided by the sensor network, and we intend to use the Pep-Proxy to authenticate the sensor node for access the Orion instance. We have tried the following pepProxy's:
https://github.com/telefonicaid/fiware-orion-pep
https://github.com/ging/fi-ware-pep-proxy
We only have success implementing the second (fi-ware-pep-proxy) implementation of the proxy. With the fiware-orion-pep we haven't been able to connect to the Keystone Global instance (account.lab.fi-ware.org), we have tried the account.lab... and the cloud.lab..., my question are:
1) is the keystone (IDM) instance for authentication the account.lab or the cloud.lab?? and what port's to use or address's?
2) is the fiware-orion-pep prepared for authenticate at the account.lab.fi-ware.org?? here is way i ask this:
This one works with the curl command at >> cloud.lab.fiware.org:4730/v2.0/tokens
{
"auth": {
"passwordCredentials": {
"username": "<my_user>",
"password": "<my_password>"
}
}
}'
This one does't work with the curl comand at >> account.lab.fi-ware.org:5000/v3/auth/tokens
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"domain": {
"name": "<my_domain>"
},
"name": "<my_user>",
"password": "<my_password>"
}
}
}
} }'
3) what is the implementation that i should be using for authenticate the devices or other calls to the Orion instance???
Here are the configuration that i used:
fiware-orion-pep
config.authentication = {
checkHeaders: true,
module: 'keystone',
user: '<my_user>',
password: '<my_password>',
domainName: '<my_domain>',
retries: 3,
cacheTTLs: {
users: 1000,
projectIds: 1000,
roles: 60
},
options: {
protocol: 'http',
host: 'account.lab.fiware.org',
port: 5000,
path: '/v3/role_assignments',
authPath: '/v3/auth/tokens'
}
};
fi-ware-pep-proxy (this one works), i have set the listing port to 1026 at the source code
var config = {};
config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;
config.app_host = 'localhost';
config.app_port = '10026';
config.username = 'pepProxy';
config.password = 'pepProxy';
// in seconds
config.chache_time = 300;
config.check_permissions = false;
config.magic_key = undefined;
module.exports = config;
Thanks in advance for the time ... :)
The are currently some differences in how both PEP Proxies authenticate and validate against the global instances, so they do not behave in exactly the same way.
The one in telefonicaid/fiware-orion-pep was developed to fulfill the PEP Proxy requirements (authentication and validation against a Keystone and Access Control) in individual projects with their own Keystone and Keypass (a flavour of Access Control) installations, and so it evolved faster than the one in ging/fi-ware-pep-proxy and in a slightly different direction. As an example, the former supports multitenancy using the fiware-service and fiware-servicepath headers, while the latter is transparent to those mechanisms. This development direction meant also that the functionality slightly differs from time to time from the one in the global instance.
That being said, the concrete answer:
- Both PEP Proxies should be able to contact the global instance. If one doesn't, please, fill a bug in the issues of the Github repository and we will fix it as soon as possible.
- The ging/fi-ware-pep-proxy was specifically designed for accessing the global instance, so you should be able to use it as expected.
Please, if you try to proceed with the telefonicaid/fiware-orion-pep take note also that:
- the configuration flag authentication.checkHeaders should be false, as the global instance does not currently support multitenancy.
- current stable release (0.5.0) is about to change to next version (probably today) so maybe some of the problems will solve with the update.
Hope this clarify some of your doubts.
[EDIT]
1) I have already install the telefonicaid/fiware-orion-pep (v 0.6.0) from sources and from the rpm package created following the tutorial available in the github. When creating the rpm package, this is created with the following name pep-proxy-0.4.0_next-0.noarch.rpm.
2) Here is the configuration that i used:
/opt/fiware-orion-pep/config.js
var config = {};
config.resource = {
original: {
host: 'localhost',
port: 10026
},
proxy: {
port: 1026,
adminPort: 11211
} };
config.authentication = {
checkHeaders: false,
module: 'keystone',
user: '<##################>',
password: '<###################>',
domainName: 'admin_domain',
retries: 3,
cacheTTLs: {
users: 1000,
projectIds: 1000,
roles: 60
},
options: { protocol: 'http',
host: 'cloud.lab.fiware.org',
port: 4730,
path: '/v3/role_assignments',
authPath: '/v3/auth/tokens'
} };
config.ssl = {
active: false,
keyFile: '',
certFile: '' }
config.logLevel = 'DEBUG'; // List of component
config.middlewares = {
require: 'lib/plugins/orionPlugin',
functions: [
'extractCBAction'
] };
config.componentName = 'orion';
config.resourceNamePrefix = 'fiware:';
config.bypass = false;
config.bypassRoleId = '';
module.exports = config;
/etc/sysconfig/pepProxy
# General Configuration
############################################################################
# Port where the proxy will listen for requests
PROXY_PORT=1026
# User to execute the PEP Proxy with
PROXY_USER=pepproxy
# Host where the target Context Broker is located
# TARGET_HOST=localhost
# Port where the target Context Broker is listening
# TARGET_PORT=10026
# Maximum level of logs to show (FATAL, ERROR, WARNING, INFO, DEBUG)
LOG_LEVEL=DEBUG
# Indicates what component plugin should be loaded with this PEP: orion, keypass, perseo
COMPONENT_PLUGIN=orion
#
# Access Control Configuration
############################################################################
# Host where the Access Control (the component who knows the policies for the incoming requests) is located
# ACCESS_HOST=
# Port where the Access Control is listening
# ACCESS_PORT=
# Host where the authentication authority for the Access Control is located
# AUTHENTICATION_HOST=
# Port where the authentication authority is listening
# AUTHENTICATION_PORT=
# User name of the PEP Proxy in the authentication authority
PROXY_USERNAME=XXXXXXXXXXXXX
# Password of the PEP Proxy in the Authentication authority
PROXY_PASSWORD=XXXXXXXXXXXXX
In the files above i have tried the following parameters:
Keystone instance: account.lab.fiware.org or cloud.lab.fiware.org
User: pep or pepProxy or "user from fiware account"
Pass: pep or pepProxy or "user password from account"
Port: 4730, 4731, 5000
The result it's the same as before... the telefonicaid/fiware-orion-pep is unable to authenticate:
log file at /var/log/pepProxy/pepProxy
time=2015-04-13T14:49:24.718Z | lvl=ERROR | corr=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | trans=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | op=/v1/updateContext | msg=VALIDATION-GEN-003] Error connecting to Keystone authentication: KEYSTONE_AUTHENTICATION_ERROR: There was a connection error while authenticating to Keystone: 500
time=2015-04-13T14:49:24.721Z | lvl=DEBUG | corr=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | trans=71a34c8b-10b3-40a3-be85-71bd3ce34c8a | op=/v1/updateContext | msg=response-time: 50745 statusCode: 500
result from the client console
{
"message": "There was a connection error while authenticating to Keystone: 500",
"name": "KEYSTONE_AUTHENTICATION_ERROR"
}
I'm doing something wrong here??