I have created a free instance of Heroku cleardb instance for my app. I set the database URL as:
heroku config:set DATABASE_URL='mysql://user:pass#us-cdbr-iron-east-03.cleardb.net/heroku_database?reconnect=true'
I'm trying to connect using a Go app. But when I try to access my application, it gives the following mysql error:
default addr for network 'us-cdbr-iron-east-03.cleardb.net' unknown
I tried to set the database url with protocol and port as well:
heroku config:set DATABASE_URL='mysql://user:pass#tcp(us-cdbr-iron-east-03.cleardb.net:3306)/heroku__database?reconnect=true'
This changes the errror to:
Access denied for user
which i'm guessing is because direct access to port is disallowed. Does anybody know what is the issue here?
This is a Go specific problem. Three changes are required:
Go's sql.Open already takes scheme as its first parameter so it needs to be stripped off of DATABASE_URL.
Connection string shouldn't have any query parameters (remove ?reconnect=true).
Protocol (tcp) and port (3306 for MySQL) number are required.
Thus final database URL would be:
DATABASE_URL='user:pass#tcp(us-cdbr-iron-east-03.cleardb.net:3306)/your_heroku_database'
Related
I'm trying to connect to the MySQL server on PlanetScale, but can't as it requires SSL.
Here's their doc for that, but it's unclear what it says.
https://planetscale.com/docs/concepts/secure-connections
Here's the connection URL: DATABASE_URL='mysql://co30rXXXXXXX:pscale_pw_XXXXXXX#hoqx01444p30.us-east-4.psdb.cloud/restaurant?ssl={"rejectUnauthorized":true}'
Here's what I see from my terminal when I run yarn run migration-run
yarn run v1.22.18 $ npx prisma migrate dev Environment variables
loaded from .env Prisma schema loaded from prisma/schema.prisma
Datasource "db": MySQL database "restaurant" at
"hoqx0XXXXX.us-east-4.psdb.cloud:3306"
Error: Migration engine error: unknown error: Code: UNAVAILABLE server
does not allow insecure connections, client must use SSL/TLS
error Command failed with exit code 1. info Visit
https://yarnpkg.com/en/docs/cli/run for documentation about this
command.
Is there anyone who has tried to connect to PlanetScale DB from Node.js on localhost? I have tried some other suggestions from Stackoverflow, but don't seem to work.
?ssl={"rejectUnauthorized":false}&sslcert=/etc/ssl/certs/ca-certificates.crt
Adding these params at the end of the connection link, the issue has been fixed. :)
SSL ISSUE ON WINDOWS
If you're working on a Windows machine and using a .env file for your connection string, here is what worked for me to run locally (windows does not have a default /etc/ssl/certs/ reference as answered here).
You get your connection string from the PlanetScale console, via "overview" > "connect"
This will look something like:
DATABASE_URL='mysql://xxxxxx:*****#aws-eu-west-1.connect.psdb.cloud/dbName?ssl={"rejectUnauthorized":true}'
When plainly using this you will most likley get the follow error message (as the question states):
Code: UNAVAILABLE server does not allow insecure connections, client must use SSL/TLS
You therefore need to provide a local cert, one can be downloaded from the following trusted location:
https://curl.se/docs/caextract.html
Next, you need to save this file to a logical location on disk that can be referenced in your connection string, for example c:/temp/cacert.pem
Once saved you can then append then following to your connection string:
&sslcert=C:\\temp\\cacert.pem
Restart your server and you should be all set! 🎉
The equivelant ssl cert update in NodeJs would look as follows:
const connection = mysql.createConnection({
host: 'hostNameHere',
user: 'userNameHere',
password: 'passwordHere',
database: 'dbHere',
ssl: {
ca: fs.readFileSync('C:\\temp\\cacert.pem')
}
});
I have installed LAMP on my EC2, running mariaDB.
So now I would like to connect to mySQL, but what should my $servername be in the .php file (where i store the db_connect details)?
I've tried the Public DNS (IPv4) address of the instance provided on the EC2 dashboard, however, I am getting connection fail error when I run the .php files.
Am i using the right server name here?
Or is it because I need to set some access rights regarding Security group? I've added port 3306,tcp,0.0.0.0/0 to the Security Group but still getting the "Connection failed: Access denied for user 'root'#....."
I've also checked the my.cnf, which i assume it should not have any bind address values in it?
It seems this is credentials issue, port listening seems working fine. Are php files running on same box? if so, use "localhost", that should work fine. Here is tutorial on how to enable remote connections.
Good luck!
I'm trying to connect my server code running as a Docker container in our Kubernetes cluster (hosted on Google Container Engine) to a Google Cloud SQL managed MySQL 5.7 instance. The issue I'm running into is that every connection is being rejected by the database server with Access denied for user 'USER'#'IP' (using password: YES). The database credentials (username, password, database name, and SSL certificates) are all correct and work when connecting via other MySQL clients or the same application running as a container on a local instance.
I've verified that all credentials are the same on the local and the server-hosted versions of the app and that the user I'm connecting with has the wildcard % host specified. Not really sure what to check next here, to be honest...
An edited version of the connection code is below:
let connectionCreds = {
host: Config.SQL.HOST,
user: Config.SQL.USER,
password: Config.SQL.PASSWORD,
database: Config.SQL.DATABASE,
charset: 'utf8mb4',
};
if (Config.SQL.SSL_ENABLE) {
connectionCreds['ssl'] = {
key: fs.readFileSync(Config.SQL.SSL_CLIENT_KEY_PATH),
cert: fs.readFileSync(Config.SQL.SSL_CLIENT_CERT_PATH),
ca: fs.readFileSync(Config.SQL.SSL_SERVER_CA_PATH)
}
}
this.connection = MySQL.createConnection(connectionCreds);
Additional information: the server application is built in Node using the mysql2 library to connect to the database. There are no special firewall rules in place that are causing network issues, and that's confirmed by the fact that the library IS connecting, but failing to authenticate.
After setting up Cloud SQL Proxy I managed to figure out what the actual error was: somewhere between the secret and the pod configuration an extra newline was being added to the database name, causing any connection attempt to fail. With the proxy set up this was made clear because there was an actual error message to that effect displayed.
(notably all of my logging around the credentials that I was using to validate that the credentials were accurate didn't explicitly display the newline and was disguised by the fact that the console display added line breaks to wrap the display, and it happened to line up exactly with where the database name ended)
Have you read the documentation on https://cloud.google.com/sql/docs/mysql/connect-container-engine ?
In Container Engine, you need to set up a Cloud SQL Proxy container alongside your application pod and talk to it. The Cloud SQL Proxy will then make the actual call to Cloud SQL service.
If the container worked locally, I assume you have Application Default Credentials set on your development machine. It could be failing because those credentials are not on your container as a Service Account file. Try configuring a Service Account file, or create your GKE cluster with --scopes argument that gives your instances access to Cloud SQL.
I am new to Centura application configuration
When I try opening the windows client application, which has the Centura sql.ini configuration file. I get the below error.
Can anyone please help me understand the issue?
Error code: 401
Reason: FOR SQLBASE: The specified database cannot be found. SQLBase cannot find the file named "x:\dbdir\dbname\dbname.DBS" where x:\dbdir is either the default, c:\SQLBASE, or modified with the DBDIR SQL.INI configuration keyword. In a multiuser network configuration, this error indicates that your network is working correctly, but the database system was unable to locate the specified database filename.
FOR NON-SQLBASE DATABASES: This problem can also occur with a SQLGateway when leaving out the protocol type in the SERVERNAME parameter that the client uses to communicate with the gateway (like SQLNBIOS).
For example, SERVERNAME=SERVER33,SQLQUEUE DBNAME=DB2DBMS, SQLQUEUE, SQLNBIOS
will not allow a remote client process (using SQLNBIOS on the LAN to communicate with the SQLGateway machine) to connect to the SQLGateway machine.
For SPX connectivity from DOS or MS Windows to a Unixware SQLBase Server check for the omission of the "serverpath=..." parameter in the SQL.INI file under the client section.
Remedy: Verify the database file exists. The default drive letter and dbdirname is c:\SQLBASE unless overridden with a DBDIR SQL.INI configuration keyword parameter. Verify the DBDIR keyword is not missing or pointing to a wrong database directory. Verify the DBNAME keyword is specified for the named database. Verify the SERVER keyword is not missing or conflicting with other network server names. In your CONFIG.SYS file, verify at least 40 files set with the FILES=40 parameter. If the server was being initialized while the connection was tried, retry the connection after the server has initialized. If all of the above fails, try using a different database name or try connecting to the database in single user mode at the same machine. If you can connect with a local engine it probably indicates a network configuration error exists. If you can connect with a new database name it probably indicates a previously named database was never properly initialized.
I'm running a Rails 3.2 app on the Cedar stack at Heroku.
I'm using Amazon RDS for my MySQL database, and I have the proper DATABASE_URL setup in the Heroku config vars.
How do I get Heroku to use SSL in its connection to Amazon RDS?
Normally this would be specified as a value in database.yml, but since Heroku generates database.yml for us, I'm not sure how to control this setting.
Thanks!
You can specify some mysql2 SSL params through the DATABASE_URL config. They will get added as items to the dynamic database.yml that is generated during the Heroku build process, and so they'll be passed when mysql2 connections are created.
The only param you need to pass for this to work is sslca (not to be confused with sslcapath).
1. Download the Amazon RDS CA certificate and bundle it with your app.
(Edit) Amazon will be rotating this certificate in March 2015. You'll need the new file from that page instead of this one.
curl https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem > ./config/amazon-rds-ca-cert.pem
2. Add the file to git, and redeploy to Heroku.
3. Change DATABASE_URL to pass sslca:
heroku config:add DATABASE_URL="mysql2://username:password#hostname/dbname?sslca=config/amazon-rds-ca-cert.pem -a <app_id>
The relative path there is important—see below.
That's it! Now that you have SSL working, you may want to enforce that all connections with that user only allow SSL:
GRANT USAGE ON dbname.* TO 'username'#'%' REQUIRE SSL;
Troubleshooting
Make sure to pass a relative path to sslca! Otherwise, rake assets:precompile may break with an SSL error. If you receive an error like:
SSL connection error: ASN: bad other signature confirmation
or even just:
SSL connection error
...then there is likely something wrong with how the CA cert file is referenced.
From looking at the injected database.yml (see bottom of http://neilmiddleton.com/sharing-databases-between-heroku-applications/) you can pass in extra configuration as part of the db URL as query params.
In theory, this should let you configure it how you want although I've not tried it.