Postgres SSL连接无法建立

时间:2014-01-20 23:24:03

标签: ruby-on-rails postgresql ubuntu heroku

我正试图让一个流浪汉环境运行一个Rails应用程序,该应用程序连接到Heroku上托管的远程Postgres数据库。从我的主机(Mac OS X)运行应用程序工作得很好,但在我的流浪盒中安装新的Ubuntu失败,即使它们指向相同的源目录。这是我在尝试启动Web服务器时得到的结果:

00:02:22 web.1  | Connecting to database specified by database.yml
00:02:22 web.1  | /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/postgresql_adapter.rb:1216:in `initialize': FATAL:  no pg_hba.conf entry for host "207.172.212.123", user "user", database "database", SSL off (PG::ConnectionBad)
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/postgresql_adapter.rb:1216:in `new'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/postgresql_adapter.rb:1216:in `connect'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/postgresql_adapter.rb:324:in `initialize'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/postgresql_adapter.rb:28:in `new'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/postgresql_adapter.rb:28:in `postgresql_connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:315:in `new_connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:325:in `checkout_new_connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:247:in `block (2 levels) in checkout'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:242:in `loop'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:242:in `block in checkout'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/2.0.0/monitor.rb:211:in `mon_synchronize'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:239:in `checkout'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:102:in `block in connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/2.0.0/monitor.rb:211:in `mon_synchronize'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:101:in `connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/connection_adapters/abstract/connection_pool.rb:410:in `retrieve_connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/composite_primary_keys-5.0.13/lib/composite_primary_keys/connection_adapters/abstract/connection_specification_changes.rb:47:in `retrieve_connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/composite_primary_keys-5.0.13/lib/composite_primary_keys/connection_adapters/abstract/connection_specification_changes.rb:29:in `connection'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activerecord-3.2.13/lib/active_record/railtie.rb:88:in `block in <class:Railtie>'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:30:in `instance_exec'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:30:in `run'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:55:in `block in run_initializers'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:54:in `each'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/initializable.rb:54:in `run_initializers'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/application.rb:136:in `initialize!'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/railties-3.2.13/lib/rails/railtie/configurable.rb:30:in `method_missing'
00:02:22 web.1  |   from /vagrant/config/environment.rb:5:in `<top (required)>'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `block in require'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:236:in `load_dependency'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/activesupport-3.2.13/lib/active_support/dependencies.rb:251:in `require'
00:02:22 web.1  |   from config.ru:4:in `block in <main>'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/rack-1.4.5/lib/rack/builder.rb:51:in `instance_eval'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/rack-1.4.5/lib/rack/builder.rb:51:in `initialize'
00:02:22 web.1  |   from config.ru:1:in `new'
00:02:22 web.1  |   from config.ru:1:in `<main>'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/unicorn-4.6.3/lib/unicorn.rb:48:in `eval'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/unicorn-4.6.3/lib/unicorn.rb:48:in `block in builder'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:722:in `call'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:722:in `build_app!'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:140:in `start'
00:02:22 web.1  |   from /opt/ruby/lib/ruby/gems/2.0.0/gems/unicorn-4.6.3/bin/unicorn:126:in `<top (required)>'
00:02:22 web.1  |   from /opt/ruby/bin/unicorn:23:in `load'
00:02:22 web.1  |   from /opt/ruby/bin/unicorn:23:in `<main>'
00:02:22 web.1  | exited with code 1

我认为这个问题与pg gem没有成功建立与Postgres的SSL连接有关。是否需要在Ubuntu服务器上配置特殊的东西以实现SSL连接?

这是database.yml:

  adapter: postgresql
  encoding: unicode
  pool: 5
  database: database
  username: user
  password: password
  host: xxx-xxx-xxx-xxx.compute-1.amazonaws.com
  port: 5432

此配置适用于我的Mac,但不适用于Ubuntu VM。我也尝试过添加sslmode:require,这也没有帮助。

1 个答案:

答案 0 :(得分:3)

关键错误部分是:

  

致命:主机&#34; 207.172.212.123&#34;,用户&#34;用户&#34;,数据库&#34;数据库&#34;,SSL关闭

没有pg_hba.conf条目

这告诉您,您没有尝试建立SSL连接。您希望通过找到传递{{1}的方法,明确告诉您需要SSL连接的libpq(这是Pg gem,因此Rails用于连接到PostgreSQL) }参数到sslmode的值为libpq

This question表明Pg gem被修改为自动协商SSL。所以猜测,你的Mac上的版本比你的Ubuntu盒子上的版本更新。对于旧版本,看起来可能没有一种简单的方法来指定需要SSL,但是使用require的连接字符串的JDBC URL格式可用于解决缺陷问题,对于第一个答案,文章,但那有点难看。

您的评论表明您的Pg gem并不理解ssl=true sslmode作为database.yml中的一个选项,默默地忽略它。

在这种情况下,我尝试使用connstring:

 adapter: postgresql
 database: "dbname=database host=207.172.212.123 user=user sslmode=require"
 ...

通常,您可以在任何可以使用libpq放置数据库名称的位置提供connstring。如果您执行此操作,则应忽略user中的hostdatabase.yml等密钥。我还没有用Rails测试它,但这种方法适用于大多数事情。

或者您可以将Pg gem更新为正确支持SSL的宝石。它看起来像the current version should support sslmode作为连接选项。

<强>更新

事实证明,Ubuntu框上的libpq不支持SSL。

相关问题
最新问题