R
Railwayβ€’6mo ago
Trajan

MySQL | Node.js: self-signed certificate in certificate chain

project id: 42952ebf-512e-4da5-8a59-ab7e240624cf I'm migrating my MySQL db to railway. Connection works fine as long as I don't require SSL, otherwise I get the self-signed certificate error. From reading another answer, I've attempted to download and provide the certificates locally using echo | openssl s_client -showcerts -connect roundhouse.proxy.rlwy.net:24296 > full_output.txt, (i've removed the certificate filter on this command to see the results) and get the following 
CONNECTED(00000005)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 327 bytes
Verification: OK
CONNECTED(00000005)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 327 bytes
Verification: OK
My environment holds both the server and the db. Am I expected to connect through the private network to my db? I'm relatively new to backend and db so I can tell I'm missing some important context
17 Replies
Percy
Percyβ€’6mo ago
Project ID: 42952ebf-512e-4da5-8a59-ab7e240624cf
Brody
Brodyβ€’6mo ago
if I remember correctly, the mysql database offered by railway does not come with certificates
Trajan
Trajanβ€’6mo ago
Are certificates unusable on mysql dbs? Or can I bring my own, if they're not providing any? "We currently do not support external SSL certificates since we provision one for you."
Brody
Brodyβ€’6mo ago
that's true for postgres, but not for mysql you could provide a mysql image that comes with certificates, but for mysql it's not natively provided though having a certificate would not matter as long as you connect to the database exclusively over the private network, it's private for a reason!
Trajan
Trajanβ€’6mo ago
Huh. That does makes sense, now doesn't it. Let me try it projects running locally will not be able to access the private network, correct? So i'll have to disable ssl when working locally
Brody
Brodyβ€’6mo ago
correct
Trajan
Trajanβ€’6mo ago
worked like a charm. that's pretty cool. I'm worried about running stuff locally, however. I connect to my production db locally sometimes. Won't it be exposed to man-in-the-middle attacks in that case?
Brody
Brodyβ€’6mo ago
you could not connection to your production database publicly, instead have another railway environment running a development database. if you need to manage the production database, do that through dbgate
Brody
Brodyβ€’6mo ago
thats what i do, the app on railway connects to the database privately, and the database itself has the tcp proxy removed, thus cutting off public access. then database is managed with dbgate deployed into the same project.
No description
Trajan
Trajanβ€’6mo ago
sorry, i'm not sure I understand how to connect locally to the dbGate app, or how to connect the dbGate app to my db on the same project
Brody
Brodyβ€’6mo ago
open the domain it generates
Trajan
Trajanβ€’6mo ago
oh damn!
Brody
Brodyβ€’6mo ago
username and password are in the service variables
Trajan
Trajanβ€’6mo ago
sorry yeah, i got excited and started playing around
Brody
Brodyβ€’6mo ago
haha railway is pretty exciting
Want results from more Discord servers?
Add your server