Elixir / Phoenix connection failed

Hi neon folks.

I love neonDB and desperately wanna setup to run with my existing elixir/phoenix app. So i followed this guide:

The errors

first, i tried connection without the compute endpoint like
postgres://username:password@us-east-2.aws.neon.tech/neondb
then i got error message
(Postgrex.Error ERROR XX000 (internal_error) connection is insecure (try using sslmode=require))
maybe that’s because i didn’t enable SSL or the compute endpoint i cannot remember.

Then, i tried with compute endpoint, SSL and projectID as option like
postgres://username:password@my-endpoint-123456.us-east-2.aws.neon.tech/neondb?options=project%3Dmy-endpoint-123456
this time the error message

 ** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2967ms. This means requests are coming in and your connection pool cannot serve them fast enough. You can address this by:
           1. Ensuring your database is available and that you can connect to it
           2. Tracking down slow queries and making sure they are running fast enough
           3. Increasing the pool_size (although this increases resource consumption)
           4. Allowing requests to wait longer by increasing :queue_target and :queue_interval

Failed and failed and in the end i give up, i revert back to using previous working connection string.
But the final error message is plain connection error without much error message.

Stacks

App: Elixir v1.14.1 / Phoenix v1.7.2 / Ecto v3.6
DB: neonDB
Hosting: Flyio

What I did

I followed the second guide mentioned above. And here is a example snippet

%URI{host: database_host} = URI.parse(database_url)

config :my_app, MyApp.Repo,
    migration_source: "ecto_migrations",
    ssl: true,
    url: database_url,
    ssl_opts: [
      verify: :verify_peer,
      cacertfile: Path.join("priv", "cert/cacert.pem"),
      server_name_indication: to_charlist(database_host),
      customize_hostname_check: [
        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
      ]
    ],
    pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
    socket_options: maybe_ipv6

The cacertfile: Path.join("priv", "cert/cacert.pem"), will be getting the ca cert from priv/cert/cacert.pem" and i got the cacert.pem content from curl - Extract CA Certs from Mozilla

Doing this locally in my dev environment, is it working as expected.
But when i flyctl deploy it failed.

These might be some slight misconfig that I don’t know about that causes the connection failed. Hope someone shed some light. I hope someone from neon team could come out a official guide for elixir/phoenix and i believe elixir community would fall in love with neon.

Note

I have 3 places I can ask this question: elixirforum, flyioforum and here. I chose here because i not sure where is the appropriate place to ask but since this is neonDB connection issue, I decided to ask here and hope to get some guidance or solutions.
And I chose not to give up because F this sh*t developer never give up.

Risky move

if anyhow you want to see the error message, I would love to take some risks and do it in production server and obtain those error messages.

1 Like

Hey. It’s because of SNI check.

Here we described different workarounds

For Elixir, you need to define SSL option server_name_indication

1 Like