This is my config file for Sequelize:
...
staging: {
username: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
host: process.env.DB_HOST,
dialect: "postgres",
native: true,
ssl: "require", // not working
dialectOptions: {
project: "demo-db",
},
pool: {
max: 5,
min: 0,
acquire: 30000,
idle: 10000,
},
},
...
What is the right way to config in Sequelize to set sslmode=require
?
1 Like
Daniel
#2
Hi, I found that this works. Please try it and let us know.
dialectOptions: {
ssl: {
require: true
}
}
@Daniel thanks for the reply. But getting a new error now:
Daniel
#4
I am looking at this for the first time myself. With that in mind, here’s a couple of options to try:
- Use
rejectUnauthorized: false
dialectOptions: {
ssl: {
require: true,
rejectUnauthorized: false, // <-- Add this line
},
},
This essentially disables SSL/TLS certificate validation, which is not recommended from a security perspective.
- Specify a root cert file, as in this example:
const { Sequelize } = require('sequelize');
const fs = require('fs');
// Read the certificate file (use the correct path for your certificate file)
const rootCert = fs.readFileSync('/etc/ssl/certs/ca-certificates.crt');
const sequelize = new Sequelize('postgres://<user>:<password>@ep-snowy-unit-123456.us-east-2.aws.neon.tech/neondb', {
dialectOptions: {
ssl: {
require: true,
ca: rootCert, // Use the root certificate
}
}
});
We provide some information here about the location of cert files on different operating systems: Connect to Neon securely — Neon Docs
The cert file path used in the example above is for my Ubuntu machine.
Let us know if you get it working.
rejectUnauthorized: false
solves the issue. Here is my complete config for anyone coming in search for Sequelize:
username: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
host: process.env.DB_HOST,
dialect: "postgres",
native: true,
dialectOptions: {
project: "bb-core-demo-db",
ssl: {
require: true,
rejectUnauthorized: false,
},
},
1 Like