Postgres SSL Connection Error - no pg_hba.conf entry
When deploying your application, you might encounter the following error:
PostgresError: no pg_hba.conf entry for host "10.192.10.12", user "flightcontrol", database "flightcontrol", SSL encryptionThis error typically occurs with PostgreSQL 16+ which enforces SSL connections by default. The error indicates that your application is attempting to connect to PostgreSQL without proper SSL configuration.
Resolution
You have two options to resolve this issue:
Option 1: Configure SSL Mode in Your Application
Update your PostgreSQL connection configuration to allow unverified SSL connections. Add the sslmode parameter to your connection string or configuration:
// Example with connection string
const connectionString = "postgresql://user:password@host:5432/database?sslmode=prefer"
// Example with connection object
const config = {
host: "your-host",
user: "your-user",
database: "your-database",
ssl: {
rejectUnauthorized: false, // For development only
},
}Option 2: Implement Full SSL Verification
For enhanced security in production environments, you can implement full SSL verification. Follow these steps:
- Download the SSL certificate from your PostgreSQL server
- Configure your application to use the certificate
For AWS RDS PostgreSQL instances, follow the AWS documentation for SSL certificate rotation.
Example configuration with proper SSL verification:
const fs = require("fs")
const config = {
host: "your-host",
user: "your-user",
database: "your-database",
ssl: {
ca: fs.readFileSync("/path/to/server-ca.pem").toString(),
rejectUnauthorized: true,
},
}Security Considerations
- For production environments, use proper SSL verification
- Never set
rejectUnauthorized: falsein production as it makes your connection vulnerable to man-in-the-middle attacks - Keep your PostgreSQL client libraries up to date