CODEWITHSUNDEEP
postgresqlamazon-rdstypeormnestjs-typeorm
Yaroslav
Yaroslav

Reputation: 1

typeorm connection to aws postgres rds via ssl

"@nestjs/typeorm": "10.0.2",
"@nestjs/core": "10.3.3",
"@nestjs/common": "10.3.3"

I have aws rds instance, postgres type, version 13.11 (also tried 11.x, 14.x, 15.x, 16.x) with Certificate authority = rds-ca-rsa2048-g1, parameter group values:

rds.force_ssl = 0
ssl = 1
ssl_ca_file = /rdsdbdata/rds-metadata/ca-cert.pem
ssl_cert_file = /rdsdbdata/rds-metadata/server-cert.pem
ssl_key_file = /rdsdbdata/rds-metadata/server-key.pem
ssl_min_protocol_version - TLSv1.2

I'm trying to connect my nestjs app to aws postgres rds, my connection config:

export const dbConfig = {
  type: process.env.POSTGRES_TYPE,
  host: process.env.POSTGRES_HOST,
  port: Number(process.env.POSTGRES_PORT),
  username: process.env.POSTGRES_USER,
  password: process.env.POSTGRES_PASSWORD,
  database: process.env.POSTGRES_DB,
  ssl: {
    rejectUnauthorized: false,
    ca: fs.readFileSync('./src/assets/eu-north-1-bundle.pem').toString(),
  },
  synchronize: JSON.parse(process.env.POSTGRES_SYNCHRONIZE),
  entities: [process.env.POSTGRES_ENTITIES],
  migrations: [process.env.POSTGRES_MIGRATIONS],
  migrationsRun: JSON.parse(process.env.POSTGRES_RUN_MIGRATIONS),
  logging: JSON.parse(process.env.POSTGRES_LOGS),
};

output is as following:

Error: 70580000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:c:\ws\deps\openssl\openssl\ssl\record\ssl3_record.c:355:

Seems like problem related to ssl, I read aws docs and downloaded pem file, spent 2 days searching related information or similar problems, but didn't found a solution that helped with this problem.

Tried different versions of rds postgres; tried to set rds.force_ssl = 1; tried to pass certificate as string -----BEGIN CERTIFICATE----- .... and as path to file and read it with fs module; tried not to pass ssl option to typeorm config (with rds.force_ssl = 0); tried not to set rejectUnauthorized at all and set it to true or false.

Nothing changed. Problem persist on localhost and also in docker container running on aws ec2. Am I doing something wrong? Before I created new aws account I had the same instances on aws with this app and all worked without sll at all.

Upvotes: 0

Views: 90

Answers (0)

Related Questions