stackoom
  简体   繁体   中英

How to add an SSL certificate (ca-cert) to node.js environment variables in order to connect to Digital Ocean Postgres Managed Database?

 原文  2021-03-06 01:10:25       node.js/ postgresql/ ssl/ digital-ocean/ node-postgres

Question

I am currently using node-postgres to create my pool. This is my current code:

const { Pool } = require('pg')

const pgPool = new Pool({
  user: process.env.PGUSER,
  password: process.env.PGPASSWORD,
  host: process.env.PGHOST,
  database: process.env.PGDATABASE,
  port: process.env.PGPORT,
  ssl: {
    rejectUnauthorized: true,
    // Would like to add line below
    // ca: process.env.CACERT,
},
})

I found another post where they read in the cert using 'fs' which can be seen below.

const config = {
database: 'database-name',
host: 'host-or-ip',
user: 'username',
password: 'password',
port: 1234,
// this object will be passed to the TLSSocket constructor
ssl: {
  ca: fs.readFileSync('/path/to/digitalOcean/certificate.crt').toString()
 }
}

I am unable to do that as I am using git to deploy my application. Specifically Digital Oceans new App Platform. I have attempted reaching out to them with no success. I would prefer not to commit my certificate in my source control. I see a lot of posts of people suggesting to set

ssl : { rejectUnauthorized: false}

That is not the approach I want to take. My code does work with that but I want it to be secure.

Any help is appreciated thanks.

1 answers

solution1
 2  2021-03-06 11:34:20

Alright I finally was able to figure it out. I think the issue was multiline and just unfamiliarity with dotenv for my local developing environment.

I was able to get it all working with my code like this. It also worked with the fs.readFileSync() but I didn't want to commit that to my source control.

const { Pool } = require('pg')
const fs = require('fs')

const pgPool = new Pool({
user: process.env.PGUSER,
password: process.env.PGPASSWORD,
host: process.env.PGHOST,
database: process.env.PGDATABASE,
port: process.env.PGPORT,
ssl: {
    rejectUnauthorized: true,
    // ca: fs.readFileSync(
    //     `${process.cwd()}/cert/ca-certificate.crt`.toString()
    // ),
    ca: process.env.CA_CERT,
},
})
.on('connect', () => {
    console.log('connected to the database!')
})
.on('error', (err) => {
    console.log('error connecting to database ', err)
})

Now in my config.env I had to make it look like this:

CA_CERT="-----BEGIN CERTIFICATE-----\nVALUES HERE WITH NO SPACES AND A \n 
AFTER EACH LINE\n-----END CERTIFICATE-----"

I had to keep it as a single line string to have it work. But I was finally to connect with

{rejectUnauthorized:true}

For the digital ocean app platform environment variable, I copied everything including the double quotes and pasted it in there. Seems to work great. I do not think you will be able to have this setting set to true with their $7 development database though. I had to upgrade to the managed one in order to find any CA cert to download.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question mongoose connect with CA_CERT using SSL digital ocean Digital Ocean, Node.js, Nginx and Cloudflare (400 badrequest No required SSL certificate was sent) How to Create Connection Pools for Digital Ocean Managed Postgres Database using SSL with Nodejs? Connect Unity Game to Digital Ocean Node.js Server How to use non-CA SSL certificate as root certificate in node.js? Using node.js to verify a X509 certificate with CA cert Prisma won't connect to Postgres database on Digital Ocean Kubernetes node.js - how to add CA to the list of trusted CAs with tls.connect Unable to install bcrypt on Digital Ocean node.js instance Upstart node.js app on dokku deployment (Digital Ocean)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM