Accidental Technologist

Musings about Entrepreneurship, Technology and Software Development

Ruby on Rails – Supporting SSL for PostgreSQL on Heroku

by Leave a Comment

For anyone who received this notice from Heroku:

Since 2016, all newly-provisioned Heroku Postgres databases have enforced the use of SSL to keep your data safe. However, one or more of your Postgres databases are running on legacy infrastructure, which does not enforce the use of SSL. In order to update your database to our security standards, and in response to potential impacts caused by Spectre and Meltdown, all databases – including those on legacy infrastructure – will be moved to our new Heroku PGX plans in a set of maintenances starting in March 2018 and concluding by April 2018.

What Do I Need to Do
In preparation for these maintenances, please check that your applications are using SSL to connect to your Postgres database and enable SSL connections if needed. Instructions on how to perform these steps are available in Dev Center.

If you’re using Rails 4.1+ there is a support article on the Heroku Dev Center, that helps clarify making updates to our database.yml file. This allows customizing some connection behavior to PostgreSQL.

Some parts of the database.yml file that cannot be changed include:

You cannot use the config/database.yml to set any values found in ENV[‘DATABASE_URL’]. This is a list of attributes you cannot change:

  • adapter
  • database
  • username
  • password
  • host
  • port

But, what can be changed include sslmode.

production:
 sslmode: require (disable|allow|prefer|require)
 pool: 15

I decided it would be helpful to reach out to Heroku to understand their guidance with regard to their notice. Their response:

If you’re using the pg gem, the default sslmode setting (and for libpq, the library that underpins it), is prefer this means that should the server have SSL support, it will be used when the connection is established. This means there should be no action required, though if you wish, it’s worth a test with spinning up a staging environment with a non-legacy Postgres instance.

It seems if you’re using Ruby on Rails with the pg gem, you should be OK doing nothing but with brownout period scheduled, it’s probably a good idea to test during one of those times.

Heroku Support also indicated setting the environment variable PGSSLMODE would also override the default behavior for sslmode used by libpq.

It seems this is a notice which doesn’t effect a majority of Heroku customers and is a necessary and worthwhile upgrade. Hopefully this helps others as the public information available for this from Heroku is minimal.

Speeding up Heroku Deploys

by Leave a Comment

Anyone who deploys their Rails 3.x or 4.x utilizing the asset pipeline and doesn?t precompile those assets yet deploys to Heroku, knows it can take a really long time for your deployment.

I searched around a bit and found a great article on how to shave some time off my Heroku deployments. ?Alex MacCaw has a nice write up about the process:

If you?re using Heroku, the first step is enabling a Memcache addon. I?ve gone with the?memcachier?service, as they?ve got a generous free plan (which is all we need at this stage).

heroku addons:add memcachier:dev

Then we need to make sure the environmental variables are available to your app during the pre-compilation stage. Usually this isn?t the case on Heroku, but they?ve got a new labs feature called?user-env-compile?which will do the trick.

heroku labs:enable user-env-compile

Next you?ll need to add the?dalli?and?memcachier?gems to your Gemfile. Finally, the last step is to configure Sprockets.

Since I am using Rails:

With Rails

With Rails, just configure the assets cache store inconfig/environments/production.rb.

config.assets.cache_store =:dalli_store

And the time savings would be?.

?An example of time saving with a relatively small project:

Not using the speed-up method, deploy time:?2 minutes 40 seconds

Using the above method:?47 seconds

It is definitely worth the little effort.