Getting error: The server does not support SSL connections

[reselbob]

I think I am doing exactly as you instruct. I am using a CockraochDB cluster created under docker-compose. I can access the cluster via DBVisualizer against localhost. Please allow me to thank you in advance for any help you can provide. If the error is due some bad behavior on my part, please excuse me.

Here is the Docker-compose file.

version: "3"
services:
  roach1:
    container_name: roach1
    image: cockroachdb/cockroach:v1.1.3
    command: start --insecure
    ports:
      - "26257:26257"
      - "8080:8080"
    volumes:
      - ./cockroach-data/roach1:/cockroach/cockroach-data
    networks:
      roachnet:
        aliases:
          - roach1

  roach2:
    container_name: roach2
    image: cockroachdb/cockroach:v1.1.3
    command: start --insecure --join=roach1
    volumes:
      - ./cockroach-data/roach2:/cockroach/cockroach-data
    depends_on:
      - roach1
    networks:
      roachnet:
        aliases:
          - roach2

  roach3:
    container_name: roach3
    image: cockroachdb/cockroach:v1.1.3
    command: start --insecure --join=roach1
    volumes:
      - ./cockroach-data/roach3:/cockroach/cockroach-data
    depends_on:
      - roach1
    networks:
      roachnet:
        aliases:
          - roach3

networks:
  roachnet:
    driver: bridge

Here is the ormconfig.ts file:

module.exports = {
  type: "cockroachdb",
  host: "localhost",
  port: 26257,
  username: "reselbob",
  password: "password",
  database: "bank",
  ssl: false,
  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },
  //For secure connection:
  /*ssl: {
     ca: fs.readFileSync('certs/cc-ca.crt').toString()
   },*/
  synchronize: true,
  logging: false,
  entities: ["src/entity/**/*.ts"],
  migrations: ["src/migration/**/*.ts"],
  subscribers: ["src/subscriber/**/*.ts"],
  cli: {
    entitiesDir: "src/entity",
    migrationsDir: "src/migration",
    subscribersDir: "src/subscriber",
  },
};

Here is the error stack

Error: The server does not support SSL connections
    at Socket.<anonymous> (/Users/reselbob/Projects/hello-world-typescript-typeorm/node_modules/pg/lib/connection.js:72:37)
    at Object.onceWrapper (events.js:422:26)
    at Socket.emit (events.js:315:20)
    at Socket.EventEmitter.emit (domain.js:467:12)
    at addChunk (internal/streams/readable.js:309:12)
    at readableAddChunk (internal/streams/readable.js:284:9)
    at Socket.Readable.push (internal/streams/readable.js:223:10)
    at TCP.onStreamRead (internal/stream_base_commons.js:188:23)

[rafiss]

Hi @reselbob! Could you try commenting or removing the following lines from ormconfig.ts?

  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },

Since you have disabled SSL, I think having that extra config is causing some confusion in your client.

[reselbob]

Commenting out that lines you suggest @rafiss helped. Now I get this error:

QueryFailedError: syntax error at or near "current_schema"
    at new QueryFailedError (/Users/reselbob/Projects/hello-world-typescript-typeorm/src/error/QueryFailedError.ts:9:9)
    at Query.callback (/Users/reselbob/Projects/hello-world-typescript-typeorm/src/driver/cockroachdb/CockroachQueryRunner.ts:235:30)
    at Query.handleError (/Users/reselbob/Projects/hello-world-typescript-typeorm/node_modules/pg/lib/query.js:128:19)
    at Client._handleErrorMessage (/Users/reselbob/Projects/hello-world-typescript-typeorm/node_modules/pg/lib/client.js:335:17)
    at Connection.emit (events.js:315:20)
    at Connection.EventEmitter.emit (domain.js:467:12)
    at /Users/reselbob/Projects/hello-world-typescript-typeorm/node_modules/pg/lib/connection.js:115:12
    at Parser.parse (/Users/reselbob/Projects/hello-world-typescript-typeorm/node_modules/pg-protocol/src/parser.ts:102:9)
    at Socket.<anonymous> (/Users/reselbob/Projects/hello-world-typescript-typeorm/node_modules/pg-protocol/src/index.ts:7:48)
    at Socket.emit (events.js:315:20) {
  length: 182,
  severity: 'ERROR',
  code: '42601',
  detail: 'source SQL:\nSELECT * FROM current_schema()\n              ^',
  hint: 'try \\h <SOURCE>',
  position: undefined,
  internalPosition: undefined,
  internalQuery: undefined,
  where: undefined,
  schema: undefined,
  table: undefined,
  column: undefined,
  dataType: undefined,
  constraint: undefined,
  file: 'sql/pgwire/pgerror/errors.go',
  line: '33',
  routine: 'NewError',
  query: 'SELECT * FROM current_schema()',
  parameters: []
}

[rafiss]

@reselbob ah sorry I didn't notice before. Your docker-compose file is using a very old and unsupported version of CockroachDB. I recommend using v20.2.6. See our support policy here https://www.cockroachlabs.com/docs/releases/release-support-policy

[reselbob]

Could not get the cluster to work under Docker-Compose.

The way I got a local multi-cluster to work was to manually create the docker containers as described here:

https://www.cockroachlabs.com/docs/stable/start-a-local-cluster-in-docker-linux.html

Then, I create the bank database, like so: CREATE DATABASE bank;

However, I could not create a new user as described here: https://www.cockroachlabs.com/docs/v20.2/build-a-typescript-app-with-cockroachdb.html.

I tried to execute, CREATE USER reselbob WITH PASSWORD 'password'

But get the message [Code: 0, SQL State: 28P01] ERROR: setting or updating a password is not supported in insecure mode

So, I bypassed creating the user, and set the username to root as reflected in following settings in my ormconfig.ts file

module.exports = {
  type: "cockroachdb",
  host: "localhost",
  port: 26257,
  username: "root",
  password: "",
  database: "bank",
  ssl: false,
  /*
  extra: {
    ssl: {
      rejectUnauthorized: false,
    },
  },
  ssl: {
     ca: fs.readFileSync('certs/cc-ca.crt').toString()
   },*/
  synchronize: true,
  logging: false,
  entities: ["src/entity/**/*.ts"],
  migrations: ["src/migration/**/*.ts"],
  subscribers: ["src/subscriber/**/*.ts"],
  cli: {
    entitiesDir: "src/entity",
    migrationsDir: "src/migration",
    subscribersDir: "src/subscriber",
  },
};

Still, I wish I knew how to get the cluster up and running under Docker-Compose.

Thanks @rafiss !!!

[rafiss]

@reselbob Glad it's working! Did your docker-compose file still not work after changing it to use v20.2.6?

[reselbob]

The docker-compose did not work with the upgrade.

But, now, even under the current settings I am getting an error

reselbob@bobs-mac-mini hello-world-typescript-typeorm % docker exec -it roach1 ./cockroach sql --insecure
#
# Welcome to the CockroachDB SQL shell.
# All statements must be terminated by a semicolon.
# To exit, type: \q.
#
ERROR: cannot dial server.
Is the server running?
If the server is running, check --host client-side and --advertise server-side.

dial tcp 127.0.0.1:26257: i/o timeout
Failed running "sql"

Thanks for all the ongoing attention @rafiss

Something to keep in mind: I am running on a M1 miniMac, under a preview of Docker. I don't think this should matter. But also, I'll try it all out on a Ubuntu machine.

[reselbob]

Turns out that that one of the issues is indeed the M1 MINIMAC, it seems. I just ran this without a problem on Ubuntu:

https://www.cockroachlabs.com/docs/stable/start-a-local-cluster-in-docker-linux.html

I am embarrassed @rafiss.

[timveil]

@reselbob i'd like to draw your attention to some nice docker-compose examples for CRDB. I'm including links to both secure and insecure examples...

insecure - https://github.com/cockroachlabs-field/docker-examples/tree/master/example-haproxy
secure - https://github.com/cockroachlabs-field/docker-examples/tree/master/example-secure

notice both leverage a small helper container to simplify the process of doing initialization tasks. see the following service in each compose file. additional information on this helper container can be found here: https://github.com/cockroachlabs-field/cockroachdb-remote-client

 crdb-init:
    container_name: crdb-init
    hostname: crdb-init
    image: timveil/cockroachdb-remote-client:latest
    environment:
      - COCKROACH_HOST=crdb-0:26257
      - COCKROACH_INSECURE=true
      - DATABASE_NAME=test
    depends_on:
      - lb

[rafiss]

@reselbob It's not embarrassing at all! The M1 is quite new and we don't have them in the company, so I really do appreciate you testing it out and reporting how it went.

[ianjevans]

@ericharmeling Should we add a warning that our Hello World tutorials don't work with insecure clusters? Looks like the mix/match between the insecure Docker image and our instructions that create a new SQL user is part of the problem.

[reselbob]

@reselbob i'd like to draw your attention to some nice docker-compose examples for CRDB. I'm including links to both secure and insecure examples...

insecure - https://github.com/cockroachlabs-field/docker-examples/tree/master/example-haproxy
secure - https://github.com/cockroachlabs-field/docker-examples/tree/master/example-secure

notice both leverage a small helper container to simplify the process of doing initialization tasks. see the following service in each compose file. additional information on this helper container can be found here: https://github.com/cockroachlabs-field/cockroachdb-remote-client

 crdb-init:
    container_name: crdb-init
    hostname: crdb-init
    image: timveil/cockroachdb-remote-client:latest
    environment:
      - COCKROACH_HOST=crdb-0:26257
      - COCKROACH_INSECURE=true
      - DATABASE_NAME=test
    depends_on:
      - lb

[reselbob]

Hi @rafiss and @timveil: I made this Katacoda that demonstrates how to get CockroachDB up and running under Docker-Compose: https://katacoda.com/reselbob/scenarios/cockroachdb

Maybe you'll find it useful for others.

[MisterCommit]

extra: {
ssl: {
rejectUnauthorized: false,
},
},

i have same issue this was initially in the ormConfig file. i delete this and issue reselove with local conatiner.