7 months ago
For the build stage that needs to access the database to create a static route, if I have no access to the local network yet, and I don't have desire to use Beta Builder, what are my steps to securely connect to the database via DATABASE_PUBLIC_URL?
Background: I am using Drizzle for ORM, here's my current setup:
import 'dotenv/config';
import { drizzle } from 'drizzle-orm/node-postgres';
import { PHASE_PRODUCTION_BUILD } from "next/dist/shared/lib/constants";
export const duringBuildStage = (process.env.NEXT_PHASE === PHASE_PRODUCTION_BUILD);
const dbSettings = duringBuildStage ?
{
// Local network is not available during build stage.
connectionString: process.env.DATABASE_PUBLIC_URL!,
ssl: true
} :
{
connectionString: process.env.DATABASE_URL!,
ssl: false
};
export const db = drizzle({
connection: {
...dbSettings
}
});I am guessing that the
drizzle.config.tsis only used by the drizzle-kit.
Any help would be appreciated.
ⓘ Deployment information is only viewable by project members and Railway employees.
4 Replies
7 months ago
The database certificates are indeed self signed, every database signs its own certificate, your database client needs to trust a self signed certificate.
Or simply generate the static route(s) during runtime instead of build time.
7 months ago
How can I obtain that self-signed certificate please? I must be missing something in the docs.
I'm assuming, that I'm supposed to modify my settings to look something like this:
ssl: {
rejectUnauthorized: false, // Set to false to trust self-assigned certificate
ca: fs.readFileSync(path.join(__dirname, 'certs', 'server.crt'))
}The missing piece is how to access the volume which Postgres is using.
7 months ago
OK, I see that actually providing
`ssl: { requestCert: true, rejectUnauthorized: false, }`
seems to _surprisingly_ swallow it, without specifying `ca`. This is not supposed to happen. I'll invest some time into this on a test container.
Thank you @brody
Status changed to Solved brody • 7 months ago