Error connecting Kong Gateway to PostgreSQL

Uses: Kong Gateway
TL;DR

Why do I get Failed to retrieve PostgreSQL server_version_num: FATAL: no pg_hba.conf entry with “SSL off” or “no encryption” when connecting Kong to PostgreSQL?

Kong Gateway is connecting without SSL, but the PostgreSQL server requires it. Set pg_ssl to on (and pg_ssl_version if needed) to connect with SSL.

Problem

You see this error when trying to connect Kong Gateway to your PostgreSQL database (DB) server:

Error: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: FATAL: no pg_hba.conf entry for host "<IP/Hostname>", user "<user>", database "kong", SSL off

Another variation of the error looks like this:

Error: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: FATAL: no pg_hba.conf entry for host "<IP/Hostname>", user "<user>", database "kong", no encryption"

Cause

This error occurs when Kong Gateway connects to the PostgreSQL DB server without SSL, but the server requires SSL connections.

Solution

To resolve this error, consider the following options:

  • We recommend configuring Kong Gateway to connect to the PostgreSQL DB server using SSL. The PostgreSQL configuration properties are documented in the documentation on PostgreSQL settings.

    Set the pg_ssl property to on, and if needed, set pg_ssl_version to tlsv1_2 or the version required by your PostgreSQL server.

  • Disable the SSL-only requirement on the PostgreSQL server to allow non-SSL connections.

    Warning: Disabling the SSL-only requirement reduces security. We do not recommend this option.

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!