31

I'm developing a Node.js application using PostgreSQL and hosting on Heroku. My problem is that I get an authentication error like so:

14:32:05 web.1     | { [error: no pg_hba.conf entry for host "193.40.244.196", user "username", database "database_name", SSL off]
14:32:05 web.1     |   length: 168,
14:32:05 web.1     |   name: 'error',
14:32:05 web.1     |   severity: 'FATAL',
14:32:05 web.1     |   code: '28000',
14:32:05 web.1     |   detail: undefined,
14:32:05 web.1     |   hint: undefined,
14:32:05 web.1     |   position: undefined,
14:32:05 web.1     |   internalPosition: undefined,
14:32:05 web.1     |   internalQuery: undefined,
14:32:05 web.1     |   where: undefined,
14:32:05 web.1     |   file: 'auth.c',
14:32:05 web.1     |   line: '483',
14:32:05 web.1     |   routine: 'ClientAuthentication' }

It might be an SSL problem, but it shouldn't be as mentioned here. SSL should be supported out of the box. So I'm stumped and can only ask what might cause this error?

I'm not sure if I have to maybe edit the pg_hba.conf on my system, but I can't even find it.

Improve this question

8 Answers 8

Reset to default
48

Solved it by setting PGSSLMODE (http://www.postgresql.org/docs/9.0/static/libpq-envars.html) on Heroku. It tells PostgreSQL to default to SSL.

$ heroku config:set PGSSLMODE=require
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Agreed. This is the best answer as it kept my local and remote versions working with the least amount of code.
It's indeed the most exact answer, as other solutions provided don't make use of process.env.DATABASE_URL
Excellent! After hours, this was my solution. Thank you.
Ran into this problem when I upgraded my postgresql instance devcenter.heroku.com/articles/…. PGSSLMODE was the fix.
This is a good discussion of the meanings of the settings available for PGSSLMODE, in case anyone else finds it helpful.
|
27

node-postgres doesn't support SSL in it's javascript bindings, which you're using if you do:

var pg = require('pg');

To get SSL, you need to use the native binding by doing this:

var pg = require('pg').native;

You don't need to use SSL when your app is running inside Heroku, you only need to use SSL to connect remotely (when your app is running locally).

Improve this answer

4 Comments

One does not need native binding to run SSL anymore.
Worked for me...thanks! (if you are using Sequelize, add native: true to the new Sequelize options object)
This requires npm i pg-native
devcenter.heroku.com/articles/… says to set pg.defaults.ssl = true; before connecting.
19

I added these params and can now connect to my heroku postgres instance from an outside server, specifically, in configuration of knex.js in a node express server:

var knex = require('knex')({
  client: 'postgres',
  connection: 'postgres://username:password@host:5432/yourdbname?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory'
});
Improve this answer

3 Comments

thanks for the knex example! Where did you find this information?
not sure! but I see it's documented, so perhaps it was here: devcenter.heroku.com/articles/…
This also helped me with local nodejs development using heroku postgre db
9

Ran into same issue. Just Enabled ssl=true in the db params.

var pg = require('pg');
var params = { host: 'heroku_hostname',user: 'username',password: 'password',database: 'database',ssl: true };
var client = new pg.Client(params);
client.connect();
Improve this answer

Comments

3

Ran into this myself, it's a simple fix. Just connect over HTTPS instead

Improve this answer

2 Comments

Usually just forcing the port to 5572 of the one listed with heroku config would suffice.
"Just connect over HTTPS instead". Could you elaborate? Do you mean specify port 5572 as David Pelaez suggests? That doesn't work for me, nor does specifying ssl: true in the params as someone else suggested, nor does specifying both. I'm using the javascript bindings, not native.
2

I too received the 'ClientAuthentication' no pg_hba.conf entry error in my Heroku PRODUCTION instance in April 2021. I was and continue to use the Plan "Hobby Dev" free account.

Heroku began rolling out changes to the platform in February 2021 that enforced SSL for all Heroku Postgres client connections. All Heroku Postgres client connections require SSL.

I fixed my PRODUCTION instance (where my NextJS App connected to the Heroku Postgres add-on) by adding the following config ssl: { rejectUnauthorized: false } when using node-postgres v8:

const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
  ssl: {
    rejectUnauthorized: false
  }
});
Improve this answer

Comments

2

Had the same issue. Here's what helped me.

new Sequelize(process.env.DATABASE_URL, {
    dialectOptions: {
      ssl: {
        require: true,
        rejectUnauthorized: false
      }
    }
  }
Improve this answer

Comments

0 
const db = new Pool({
   connectionString: process.env.DATABASE_URL,
   ...
   ssl: { rejectUnauthorized: false }
});

I just resolved the issue by adding the ssl: { rejectUnautorized: false } to my database configuration. Also, run heroku config:set PGSSLMODE=no-verify -a appName

NOTE: "appName" should be the name of your hosted application

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.