I try to setup Hyperdrive with a tunnel
I try to setup Hyperdrive with a tunnel. Followed all the steps 3 times but get this error:
"Failed to connect to database using the provided information: Internal error."
- On the server "cloudflared tail --level debug" and in the dashboards 'Access authentication logs' i dont see anything happen.
- Tunnel status on dashboard says "Healthy".
- Everytime i try to setup it up in Application > Policies a policy is automaticly created.
- First time I run "cloudflared tail --level debug" i got the error "Cannot determine default origin certificate path." which i fixed with this
13 Replies
Hey Nick! Good to confirm that you see the tunnel is healthy on the dashboard. Have you properly configured the tunnel to point to your database service? https://developers.cloudflare.com/hyperdrive/configuration/connect-to-private-database/#12-connect-your-database-using-a-public-hostname
Might be the case that your vpc is blocking access between your services
There's also general troubleshooting, such as verifying that your database works with TLS/SSL https://developers.cloudflare.com/hyperdrive/configuration/connect-to-private-database/#troubleshooting without requiring custom certificates
If you think it would help, grab 30 minutes on my calendar, it'll give me the chance to learn more about what you're building and see how we can debug (but try the above solutions ideally) https://calendar.app.google/ADMa36YtHgF7d73W6
I am currently using the same database/server as a public host with Hyperdrive, which requires TLS for secure connections. However, I want to switch to a tunneling solution because I can't secure the server using IP whitelisting; Hyperdrive relies on dynamic, unknown IP addresses, making it challenging to restrict access effectively.
Is there a way to test the tunnel without using Hyperdrive?
Yep. The easiest way would be to run cloudflared somewhere else for ingress, as an arbitrary tcp tunnel, and then just use PSQL or similar to send traffic across the tunnel.
Something like this: https://ryan-schachte.com/blog/cf_tunnel_tcp/
TCP tunneling with Cloudflare Tunnel
TCP connection forwarding with Cloudflare Tunnel
Also, while we don't have a hard date for delivery, we are working on supporting that kind of IP allowlisting, too.
Question, what's the point of using Hyperdrive locally vs. connecting directly?
It's mainly for simplicity in DX & so you don't depend on the connection string being the same as the original one.
Is anything being routed through Cloudflare?
Using
wrangler dev, no, there's a local server that simulates Hyperdrive. Using wrangler dev --remote, yes, your application is hosted in CF and behaves the same as a deployed CF Worker. This is why some people have trouble connecting to IPv6 addresses of supabase with wrangler dev but not with wrangler dev --remote (CF handles IPv6 routing, most ISPs do not)there's a local server that simulates HyperdriveAh, it's more than just a straight TCP proxy?
Yes, it mainly does TCP proxying but in the future could do more of what Hyperdrive does in terms of functionality
For now, I think you could reliably toggle between origin db connection string for local dev & hyperdrive connection string in prod
ah yeah, you got what I was trying to ask 😛
The reason why using the origin db connection string is easier, is because that way I can use
.dev.vars to store it, instead of having to set an env variable manually for hyperdrive.