Wiki.js ECS service fails to connect to Postgres Database

Question

I'm setting up a Wiki.js instance in AWS, and have followed this setup guide to deploy my instance via ECS.

Here is the task definition i've currently got:

{
    "taskDefinitionArn": "xxx",
    "containerDefinitions": [
        {
            "name": "wikijs",
            "image": "requarks/wiki:2",
            "cpu": 0,
            "portMappings": [
                {
                    "name": "wikijs-3000-tcp",
                    "containerPort": 3000,
                    "hostPort": 3000,
                    "protocol": "tcp",
                    "appProtocol": "http"
                },
                {
                    "name": "wikijs-80-tcp",
                    "containerPort": 80,
                    "hostPort": 80,
                    "protocol": "tcp",
                    "appProtocol": "http"
                }
            ],
            "essential": true,
            "environment": [
                {
                    "name": "DB_TYPE",
                    "value": "postgres"
                },
                {
                    "name": "DB_SSL",
                    "value": "false"
                },
                {
                    "name": "DB_PASS",
                    "value": "password"
                },
                {
                    "name": "DB_PORT",
                    "value": "5432"
                },
                {
                    "name": "DB_USER",
                    "value": "postgres"
                },
                {
                    "name": "DB_NAME",
                    "value": "wiki"
                },
                {
                    "name": "DB_HOST",
                    "value": "wiki-db.xxx.xxx.rds.amazonaws.com"
                }
            ],
            "environmentFiles": [],
            "mountPoints": [],
            "volumesFrom": [],
            "ulimits": [],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/wikijs",
                    "awslogs-region": "xxx",
                    "awslogs-stream-prefix": "ecs"
                },
                "secretOptions": []
            }
        }
    ],
    "family": "wikijs",
    "executionRoleArn": "arn:aws:iam::xxx:role/wikijs-task-execution-role",
    "networkMode": "awsvpc",
    "revision": 10,
    "volumes": [],
    "status": "ACTIVE",
    "requiresAttributes": [
        {
            "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
        },
        {
            "name": "ecs.capability.execution-role-awslogs"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
        },
        {
            "name": "ecs.capability.task-eni"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
        }
    ],
    "placementConstraints": [],
    "compatibilities": [
        "EC2",
        "FARGATE"
    ],
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "256",
    "memory": "512",
    "runtimePlatform": {
        "cpuArchitecture": "ARM64",
        "operatingSystemFamily": "LINUX"
    },
    "registeredAt": "2024-01-26T10:27:31.013Z",
    "registeredBy": "arn:aws:iam::xxx:xxx",
    "tags": []
}

The guide I've followed says to only setup a port mapping for port 3000, but I've additionally set one up for port 80 just in case.

I have also setup a database inside postgres called wiki

When I setup my service, it successfully initializes, with the following logs (newest at bottom):

- =======================================
- =======================================
- Initializing...
- = Wiki.js 2.5.300 =====================
- Using database driver pg for postgres [ OK ]
- Connecting to database...

It then makes 10 attempts and failures to connec to the database, ending on this set of logs:

- Connecting to database...
- Database Connection Error: 28000 undefined:undefined
- Will retry in 3 seconds... [Attempt 10 of 10]
- Connecting to database...
- Database Initialization Error: no pg_hba.conf entry for host "<ecs task ip>", user "postgres", database "wiki", no encryption

In my attempts to fix this, I've tried setting the rds.force_ssl parameter for the postgres db to false - this results in the exact same error

I've also tried setting the DB_SSL environment parameter to true, but this results in the following error instead:

- Database Initialization Error: self-signed certificate in certificate chain

Instead of these errors, the behaviour I'm expecting here is that my wikijs instance should connect to the database, and begin setting up the tables it needs to get started. Is there something obvious I'm missing that is preventing this behaviour from happening?

Answer 1

Reboot the database

In order for the updated parameter group to be applied to the database, it needed to be rebooted.

Once rebooted, the rds.force_ssl parameter was disabled, and the ECS task could connect to the database.