3 months ago
I am trying to connect an external service, powersync (sync engine), to my postgres database hosted on Railway.
The service requires connection to be in verify-full ssl mode. And when trying to connect it to TCP proxy, it throws "self-signed certificate in certificate chain". And it is indeed self-signed.
Is there a way to get a non-self-signed cert on database, like all other apps have? They get proper certs on custom domains or domains generated by railway (.up.railway.app).
Or any other ways to approach this problem?
1 Replies
Status changed to Awaiting Railway Response Railway • 3 months ago
3 months ago
The TCP proxy uses self-signed certificates for TLS, and we don't currently support CA-signed certificates on TCP proxy connections. This means sslmode=verify-full won't work through the TCP proxy. One possible workaround is deploying your PowerSync service within the same Railway project, which would let it connect to the database over private networking without going through the TCP proxy at all.
Status changed to Awaiting User Response Railway • 3 months ago
2 months ago
This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!
Status changed to Solved Railway • 2 months ago