Question

Docker Application with Managed Database

Posted January 10, 2021 235 views
PythonDockerPostgreSQLDigitalOcean App Platform

I have a Python (FastAPI) application running on the app platform within a docker container which I’d like to connect to a managed database. At the moment, I’m only using a dev database.

When I deploy my application, the message which pops up is as follows:

asyncpg.exceptions.InvalidAuthorizationSpecificationError: no pg_hba.conf entry for host "167.99.147.79", user "db", database "db", SSL off

I’m using sqlalchemy to make the connection, but it appears as though I’m making the conscious effort not to use SSL.

Default connection options try SSL first; when I require it, it still returns this message.

Any leads? I imagine the cause is that the server may not be set up for SSL from the get-go, but I’m stumped on proving this to myself.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @wjziv,

You would need to pass the CA certificate to your application as an environment variable.

You can refer to the CA_CERT variable which holds the CA certificate for the managed databases.

For more information on how to use the environment variables on the App platform, I could suggest taking a look at the official documentation here:

https://www.digitalocean.com/docs/app-platform/how-to/use-environment-variables/

Hope that this helps.

Regards,
Bobby

  • Thanks for the tip, Bobby.

    Could you point me at some sqlalchemy examples running on DO’s App Platform? I’ve had success pulling the contents of the CA_CERT into the application, but as far as I can tell, sqlalchemy begs these contents to live in a static file on the server.

    I’d like to follow best practices where applicable and avoid antipatterns for SSL access on the platform; as of yet, I haven’t found many guidelines/tutorials for a Python-specific app on DO.

Submit an Answer