SSL issues with ForestAdmin

Hi,

I have some issues configuring forest admin:

Expected behavior

  1. It should connect to the database
  2. http://app.forestadmin.com should use SSL encryption

Actual behavior

  1. I have an Heroku postgres. Error form lumber:
✖ Connecting to your database
> Cannot connect to the database due to the following error:
> SequelizeConnectionError: self signed certificate
  1. http://app.forestadmin.com is without SSL and when I try https://app.forestadmin.com, I’m rediected to the non-ssl version

Context

Please provide any relevant information about your setup.

  • Package Version: last
  • Express Version: last
  • Sequelize Version: last
  • Database Dialect: postgres
  • Database Version: 12.3
  • Project Name: finary

Thanks !
Julien

1 Like

Hello @JulienBlancher, thanks for opening a thread and welcome to our community :confetti_ball::tada:

I can see that your database is using self signed certificate. Sequelize will automatically reject it, unless we tell it not to.

Under models/index.js you should be able to find a line such as the following:

databaseOptions.dialectOptions.ssl = true;

Changing the ssl option to an object with:

ssl: {
    require: true,
    rejectUnauthorized: false, // << this is the option to prevent self signed error
}

Should do the trick :slight_smile:

Please tell me if it helps out !

Steve.

1 Like

Many thanks Steve, I confirm it’s working !

Another question, do you have any document explaining the flow of data and how do you guarantee its security and private usage ?

1 Like

Hi @JulienBlancher

  1. A good place to start would be the following article - A deep-dive into Forest Admin’s architecture
  2. Don’t take our word for it, inspect Network Activity In Chrome DevTools when performing various actions in Forest Admin (displaying a collection of records, creating, editing…)
  3. Want to dig further? The agents are open-source, feel free to inspect the code on our github repos (forest-express & forest-express-sequelize)

Cheers,

1 Like

Hello @Steve_Bunlon ,

I have exactly the same issue as Julien,
How do I access models/index.js? Directly from heroku?

I was only on signup et connecting to my DB phase. I still didn’t get any forest code folder

Hi @kasro :wave:
This issue has been reported here and Forest Admin team taking this issue seriously: a fix should be released in a few days. In the meanwhile, I suggest you to follow the suggestion given by @Steve_Bunlon.

How do I access models/index.js? Directly from heroku?

You have to edit the file that has been generated during your onboarding in your local computer in the folder where you ran the command lumber generate. However if you are facing this issue during the install, you can’t change anything right now: you have to wait for the release of lumber (or use a non-self-signed certificate on heroku, which is unfortunately not free I guess) Be sure you will be notified as soon as it has been released.

Thank you for your patience then :pray:

Hello, @rap2h, some update on this issue?

Hello @kasro :wave:

We are still working on the fix, sorry for the inconvenience. However, knowing that you allready generated your project, this fix should not matter for you actually.

Lumber is used to generate projects, and once your project is generated, lumber is out of the process. To solve your issue, you have to edit your models/index.js file directly from the source generated (and then deploy the new code to your Heroku instance).

If you really want to solve your issue with lumber (once the fix has been released) you will need to create a new project :disappointed:.

That’s why I really encourage you to solve your issue by editing the code on your own source from your project, you will be running in 2 minutes !

I hope it helps out,

Steve.

Hello @Steve_Bunlon,

I got this error > Cannot connect to the database due to the following error:

SequelizeConnectionError: self signed certificate
before have the folder generated by lumber…

I migrated my DB to Amazon EC2 Postgres and stopped using Heroku, but I got exactly the same error!

Please what can I do here.

Thanks

1 Like

Hi @kasro @JulienBlancher :wave:

We just released a new version of Lumber that adds a DATABASE_REJECT_UNAUTHORIZED parameter in Lumber generated projects (it is set to false by default to ease users onboarding). If you update Lumber to the latest version then start a new project, you should not be annoyed anymore with the SequelizeConnectionError: self-signed certificate message.

If you want to fix your actual project without re-running the install command, add this line to your .env file:

DATABASE_REJECT_UNAUTHORIZED=false

Then edit models/index.js (here):

-  databaseOptions.dialectOptions.ssl = true;
+  if (process.env.DATABASE_REJECT_UNAUTHORIZED === false) {
+    databaseOptions.dialectOptions.ssl = { rejectUnauthorized: false };
+  } else {
+    databaseOptions.dialectOptions.ssl = true;
+  }

TL;DR: Issue fixed, update to latest Lumber version.

Thank you for your patience :pray: Let me know if you have any issue, I would be glad to help you!

2 Likes

Many thanks, awesome ! :slight_smile:

2 Likes

Hello @rap2h, I still got the issue…
Is it possible to speak to somebody by phone? I’ve been trying for the last two weeks to connect forest to my DB.
I created a new project but still have SequelizeConnectionError: self-signed certificate message.

1 Like

Hello @rap2h,
I have the same issue too with new version of Lumber
I’m using Heroku to serve the project

Hi @kasro, @feeleebaire,

Could you guys, share with us your lumber version (running lumber --version command)?
I just want to make sure you use the latest one.

Thanks for your help :pray:

Hi @arnaud
My lumber version is 3.7.0

Hi @kasro and @feeleebaire! Thank you for your patience and sorry for the mess. We missed something in the last release, a fix is on its way. I will notify you as soon as it’s release!

1 Like

@kasro @feeleebaire It has just been fixed a few minutes ago

Could you try again with the latest version of lumber? (v3.7.2)


If you want to fix your actual project without re-running the install command, add this line to your .env file:

DATABASE_REJECT_UNAUTHORIZED=false

Then edit models/index.js (here):

-  databaseOptions.dialectOptions.ssl = true;
+ const rejectUnauthorized = process.env.DATABASE_REJECT_UNAUTHORIZED;
+ if (rejectUnauthorized && (JSON.parse(rejectUnauthorized.toLowerCase()) === false)) {
+   databaseOptions.dialectOptions.ssl = { rejectUnauthorized: false };
+ } else {
+   databaseOptions.dialectOptions.ssl = true;
+ }

Let me know if it fixed your issue :pray:

1 Like

@rap2h it’s works !Thanks a lot !

2 Likes

Hi guys,

Just wanted to mention that this variable is not mentioned in the UI when deploying to a remote environment. I guess it’s worth adding the info to the wizard.

1 Like