HelioHost Posted July 20, 2023 Posted July 20, 2023 Username: ooliteaccount, Server: Johnny, Main domain: oolite.helioho.stOn Monday, May 22nd, 2023 at 22:17, HelioHost Support wrote: > Remote access enabled. > > You may view the status of your ticket by visiting: > > https://helionet.org/index/index.php?showtopic=55993 Hello! Access from my local development pc works well, but when I try to connect from prod server (CloudFlare Worker) I got error: no pg_hba.conf entry for host "2a09:bac5:2a93:126e::1d6:117", user "ooliteaccount_db", database "ooliteaccount_pg1", SSL encryption Plz! Can u help and tell me - is it problem on my side? Maybe in pg_hba.conf only my dev machine ip? Thanks! Regards!
Krydos Posted July 21, 2023 Posted July 21, 2023 By default remote PostgreSQL access is enabled for IPv4 traffic only. Instead of using a host like "oolite.helioho.st" use the host "65.19.141.67" and that error should go away. Let us know if you need further assistance.
HelioHost Posted July 25, 2023 Author Posted July 25, 2023 On Friday, July 21st, 2023 at 5:28, HelioHost Support wrote: > By default remote PostgreSQL access is enabled for IPv4 traffic only. Instead of using a host like "oolite.helioho.st" use the host "65.19.141.67" and that error should go away. Let us know if you need further assistance. > > You may view the status of your ticket by visiting: > > https://helionet.org/index/index.php?showtopic=56521 Hello! At this moment I use db hostname johnny.heliohost.org If I try using something else - I got errors like this: "TLS peer's certificate is not trusted; reason = IP address mismatch" or if I use oolite.helioho.st - I got: "TLS peer's certificate is not trusted; reason = Hostname mismatch" openssl show info: $ openssl s_client -starttls postgres -connect oolite.helioho.st:5432 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = johnny.heliohost.org psql client ignoring mismatch by default, but Node.js libraries fail and no way to ignore this :( Thanks, regards!
Krydos Posted July 25, 2023 Posted July 25, 2023 Perhaps this will help? https://stackoverflow.com/questions/55161907/node-js-wont-load-lets-encrypt-certificates
HelioHost Posted July 29, 2023 Author Posted July 29, 2023 On Wednesday, July 26th, 2023 at 1:06, HelioHost Support wrote: > Perhaps this will help? https://stackoverflow.com/questions/55161907/node-js-wont-load-lets-encrypt-certificates no, this is IMHO no matter :( IMHO just one thing can help me - disable resolve hostname in ipv6 for socket connect and prefer ipv4, this settings exists in "classic" dns module for nodejs, but in CloudFlare Worker runtime it is just stub and I can't call dns.setDefaultResultOrder('ipv4first'); So, I still trying to find working variant... Localy in dev enviroment all works well, because ipv6 forbidden. You recommended use IP in connection params, but (IMHO) is such case certificates should be issued for IP - not for hostname, else we'll get much problems with mismatch of certificate CN and real connection host. Thanks for your time! Regards!
Krydos Posted July 29, 2023 Posted July 29, 2023 No, we're not going to disable IPv6. The entire point of IPv6 is that IPv4 doesn't have enough IP addresses, and the world is phasing out use of IPv4 and replacing it with IPv6. We will disable IPv4 before we disable IPv6.
Recommended Posts