将Heroku应用程序指向AWS RDS数据库 [英] Point Heroku application to AWS RDS database
问题描述
我需要将Heroku应用程序指向我的AWS RDS数据库。我的RDS数据库已启动并正在运行,并且具有一个具有0.0.0.0/0访问权限的安全组。
I need to point my Heroku application to my AWS RDS database. My RDS database is up and running and has a security group with 0.0.0.0/0 access.
当前,我已经删除了Heroku postgreSQL数据库,并且试图将Heroku应用程序指向我的RDS数据库。由于某种原因,我的应用程序崩溃了。我相信我要采取的步骤是在Heroku端设置DATABASE_URL。
Currently, I've removed my Heroku postgreSQL database and I am attempting to point my Heroku application to my RDS database. For some reason my application is crashing. The step that I believe I am on is setting my DATABASE_URL on the Heroku side.
假设我的数据库凭据为:
Let's say that my database credentials are:
db实例:mydb
dbname :mydb
用户:wcronyn
通过:密码
db instance: mydb
dbname: mydb
user: wcronyn
pass: password
我尝试过:
heroku config:set DATABASE_URL = postgres:// wcronyn:password@mydb.XXXXXXX.us-east-1.rds.amazonaws.com:5432 / mydb
heroku config:set DATABASE_URL=postgres://wcronyn:password@mydb.XXXXXXX.us-east-1.rds.amazonaws.com:5432/mydb
,并且我尝试通过将.pem文件下载到我的config文件夹中,然后引用它来设置权限:
and I've attempted to set the permissions by downloading the .pem file into my config folder and then referencing it:
DATABASE_URL = postgres:// wcronyn:password@mydb.XXXXXXX.us-east-1.rds.amazonaws.com:5432 / mydb?sslca = config / amazon-rds-ca-cert.pem& sslmode = require& encrypt = true
DATABASE_URL=postgres://wcronyn:password@mydb.XXXXXXX.us-east-1.rds.amazonaws.com:5432/mydb?sslca=config/amazon-rds-ca-cert.pem&sslmode=require&encrypt=true
我尝试了这两个数据库URL,但是我的应用程序不断崩溃。
I have tried these two database urls but my application keeps crashing.
有人可以概述成功托管RDS数据库并将其指向应用程序所需的步骤吗?
Can someone outline the steps that I need to take to successfully host my RDS database and point my application to it?
推荐答案
以下步骤对我有效(2017年2月),并进行了以下设置:
The following steps worked for me (Feb 2017), given the following setup:
- AWS RDS区域eu-west-2(使用VPC安全组,而不是DB
安全组) - Postgres 9.6
- Heroku,托管Flask应用程序(例如,应用程序名称:
heroku-app-stage
) - 将带有遥控器的Git添加到Heroku应用程序中(例如,遥控器:
stage
) - DATABASE_URL值为
postgresql :// username:password @ awsrdshost:5432 / dbname
- AWS RDS Region eu-west-2 (which uses VPC Security Groups, not DB Security Groups)
- Postgres 9.6
- Heroku, hosting a Flask application (eg appname:
heroku-app-stage
) - Git with a remote added into the Heroku app (eg remote:
stage
) - DATABASE_URL value of
postgresql://username:password@awsrdshost:5432/dbname
大致可分为四个步骤:
There are broadly four steps to this:
- 下载Amazon RDS SSL根证书并将其安装到您的Heroku应用中
- 配置您的Heroku应用引用所述根证书
- 在RDS实例上启用SSL
- 将RDS安全组配置为允许所有IP地址范围内的传入流量 li>
- Download and install the Amazon RDS SSL root certificate into your Heroku app
- Configure your Heroku app to refer to said root certificate
- Enable SSL on your RDS instance
- Configure your RDS security group to allow all IP address ranges for Incoming traffic
下载并安装l Amazon RDS SSL根证书
- 从下面的Amazon RDS链接下载.pem证书文件。
- 将文件放入您的应用程序文件夹(记下位置,我已将其与.py文件放置在根文件夹中)
- 将该文件提交到您的应用程序文件夹中git存储库,然后将提交提交到Heroku远程服务器(
git push stage master
) - 验证证书已上传到预期路径(您可以执行
heroku运行bash --app heroku-app-stage
来查看dyno中的文件)
- Download the .pem certificate file from the Amazon RDS link below.
- Put the file into your app folders (make a note of location, I have placed it in my root folder with my .py files)
- Commit that file into your git repository, and push said commit into the Heroku remote (
git push stage master
) - Verify that the certificate has been uploaded into the expected path (you can do
heroku run bash --app heroku-app-stage
to see your files in the dyno)
配置Heroku以引用根证书
- 通过Heroku仪表板,导航到
heroku-app-stage
,转到设置标签,然后单击显示配置变量 - 通过以下方式更新您的DATABASE_URL变量:添加
?sslrootcert = rds-combined-ca-bundle.pem& sslmode = require
。现在,新值应为postgresql:// username:password @ awsrdshost:5432 / dbname?sslrootcert = rds-combined-ca-bundle.pem& sslmode = require
- Via the Heroku dashboard, navigate to
heroku-app-stage
, go to Settings tab, and click on Reveal Config Vars - Update your DATABASE_URL variable by adding
?sslrootcert=rds-combined-ca-bundle.pem&sslmode=require
. The new value should now bepostgresql://username:password@awsrdshost:5432/dbname?sslrootcert=rds-combined-ca-bundle.pem&sslmode=require
请注意,此答案使用了根证书;在这种情况下,可能还有其他一些您可能需要的选项,请参阅以下SO:
Note that this answer uses a root certificate; there may be other options which may be what you want in which case refer to the following SO:
在RDS实例上启用SSL
- 通过RDS控制台,导航至实例详细信息并记下使用的参数组
- 转到仪表板上的参数组屏幕
- 如果使用默认参数组,则需要创建另一个参数组,因为您将无法编辑默认参数组。
- 将force_ssl参数修改为值1并保存。
- 验证是否已在RDS实例上启用SSL。如果运行
psql postgres -h awsrdshost -p 5432 -U用户名
,则应该在连接详细信息中看到SSL
- Via your RDS console, navigate to your instance details and note down the Parameter Group that it is using
- Go to the Parameter Group screen on the dashboard
- If you are using the default parameter group, you will need to create another parameter group, as you will not be able to edit the default one.
- Modify the force_ssl parameter to have value 1 and save.
- Verify that SSL is now enabled on your RDS instance. If you run
psql postgres -h awsrdshost -p 5432 -U username
, you should see SSL in the connection details
配置RDS安全组以允许所有传入IP范围
- 通过您的RDS控制台,检查您实例的活动安全组
- 导航到EC2控制台(在Compute> EC2下),然后选择安全组
- 选择相关的安全组(从步骤1开始),然后转到底部的入站选项卡。您应该在那里看到一个PostgreSQL项目。如果单击编辑,则应该有一个将源更改为任何地方的选项。
注意:说明仅在您使用使用VPC安全组的RDS设置
Note: instructions are only relevant if you're using an RDS setup that uses VPC Security Groups
就是这样!
链接到所使用的参考页面:
Links to the reference pages used:
Amazon在Postgres上使用SSL的指南
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
Amazon's guide to SSL on Postgres http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
Heroku的(非常简短的)Amazon RDS指南
https://devcenter.heroku.com/articles/amazon-rds
Heroku's (very short) guide to Amazon RDS https://devcenter.heroku.com/articles/amazon-rds
这篇关于将Heroku应用程序指向AWS RDS数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!