Kong doesn't work with postgres with ssl enabled

[sheerun]

Summary

I try to run newest kong in docker with default postgres database on heroku (it requires ssl auth).

When kong is running, it just outputs:

Kong Error

An unexpected error occurred.

Steps To Reproduce

Install most recent docker, docker-compose and run kong with following:

kong:
  image: kong:0.9.5
  restart: always
  command: kong start --vv
  ports:
    - 8000:8000
    - 8443:8443
    - 8001:8001
  environment:
    - KONG_DATABASE=postgres
    - KONG_PG_DATABASE=d57ikv2upqqikk
    - KONG_PG_HOST=ec2-54-75-230-140.eu-west-1.compute.amazonaws.com
    - KONG_PG_USER=qhgntawciwnmvn
    - KONG_PG_PASSWORD=******
    - KONG_PG_SSL=true
    - KONG_PG_SSL_VERIFY=false
  expose:
    - 8000
    - 8433
    - 8001
    - 7946
    - 7946/udp

You can get proper credentials by creating a project on heroku and adding sample database.

Additional Details & Logs

• Kong version: 0.9.5
• Kong debug-level startup logs ($ kong start --vv)

kong_1  | 2016/11/27 22:54:07 [verbose] Kong: 0.9.5
kong_1  | 2016/11/27 22:54:07 [debug] ngx_lua: 10006
kong_1  | 2016/11/27 22:54:07 [debug] nginx: 1011002
kong_1  | 2016/11/27 22:54:07 [debug] Lua: LuaJIT 2.1.0-beta2
kong_1  | 2016/11/27 22:54:07 [debug] PRNG seed: 236231237128
kong_1  | 2016/11/27 22:54:07 [verbose] no config file found at /etc/kong.conf
kong_1  | 2016/11/27 22:54:07 [verbose] no config file found at /etc/kong/kong.conf
kong_1  | 2016/11/27 22:54:07 [verbose] no config file, skipping loading
kong_1  | 2016/11/27 22:54:07 [debug] KONG_PG_PASSWORD ENV found with "******"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_PG_SSL ENV found with "true"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_PG_DATABASE ENV found with "d57ikv2upqqikk"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_PG_HOST ENV found with "ec2-54-75-230-140.eu-west-1.compute.amazonaws.com"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_NGINX_DAEMON ENV found with "off"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_PG_SSL_VERIFY ENV found with "false"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_PG_USER ENV found with "qhgntawciwnmvn"
kong_1  | 2016/11/27 22:54:07 [debug] KONG_DATABASE ENV found with "postgres"
kong_1  | 2016/11/27 22:54:07 [debug] admin_listen = "0.0.0.0:8001"
kong_1  | 2016/11/27 22:54:07 [debug] anonymous_reports = true
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_consistency = "ONE"
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_contact_points = {"127.0.0.1"}
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_data_centers = {"dc1:2","dc2:3"}
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_keyspace = "kong"
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_port = 9042
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_repl_factor = 1
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_repl_strategy = "SimpleStrategy"
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_ssl = false
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_ssl_verify = false
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_timeout = 5000
kong_1  | 2016/11/27 22:54:07 [debug] cassandra_username = "kong"
kong_1  | 2016/11/27 22:54:07 [debug] cluster_listen = "0.0.0.0:7946"
kong_1  | 2016/11/27 22:54:07 [debug] cluster_listen_rpc = "127.0.0.1:7373"
kong_1  | 2016/11/27 22:54:07 [debug] cluster_profile = "wan"
kong_1  | 2016/11/27 22:54:07 [debug] cluster_ttl_on_failure = 3600
kong_1  | 2016/11/27 22:54:07 [debug] custom_plugins = {}
kong_1  | 2016/11/27 22:54:07 [debug] database = "postgres"
kong_1  | 2016/11/27 22:54:07 [debug] dnsmasq = true
kong_1  | 2016/11/27 22:54:07 [debug] dnsmasq_port = 8053
kong_1  | 2016/11/27 22:54:07 [debug] log_level = "notice"
kong_1  | 2016/11/27 22:54:07 [debug] lua_code_cache = "on"
kong_1  | 2016/11/27 22:54:07 [debug] lua_package_cpath = ""
kong_1  | 2016/11/27 22:54:07 [debug] lua_package_path = "?/init.lua;./kong/?.lua"
kong_1  | 2016/11/27 22:54:07 [debug] lua_ssl_verify_depth = 1
kong_1  | 2016/11/27 22:54:07 [debug] mem_cache_size = "128m"
kong_1  | 2016/11/27 22:54:07 [debug] nginx_daemon = "off"
kong_1  | 2016/11/27 22:54:07 [debug] nginx_optimizations = true
kong_1  | 2016/11/27 22:54:07 [debug] nginx_worker_processes = "auto"
kong_1  | 2016/11/27 22:54:07 [debug] pg_database = "d57ikv2upqqikk"
kong_1  | 2016/11/27 22:54:07 [debug] pg_host = "ec2-54-75-230-140.eu-west-1.compute.amazonaws.com"
kong_1  | 2016/11/27 22:54:07 [debug] pg_password = "******"
kong_1  | 2016/11/27 22:54:07 [debug] pg_port = 5432
kong_1  | 2016/11/27 22:54:07 [debug] pg_ssl = true
kong_1  | 2016/11/27 22:54:07 [debug] pg_ssl_verify = false
kong_1  | 2016/11/27 22:54:07 [debug] pg_user = "qhgntawciwnmvn"
kong_1  | 2016/11/27 22:54:07 [debug] prefix = "/usr/local/kong/"
kong_1  | 2016/11/27 22:54:07 [debug] proxy_listen = "0.0.0.0:8000"
kong_1  | 2016/11/27 22:54:07 [debug] proxy_listen_ssl = "0.0.0.0:8443"
kong_1  | 2016/11/27 22:54:07 [debug] serf_path = "serf"
kong_1  | 2016/11/27 22:54:07 [debug] ssl = true
kong_1  | 2016/11/27 22:54:07 [verbose] prefix in use: /usr/local/kong
kong_1  | 2016/11/27 22:54:07 [verbose] preparing nginx prefix directory at /usr/local/kong
kong_1  | 2016/11/27 22:54:07 [verbose] saving serf identifier to /usr/local/kong/serf/serf.id
kong_1  | 2016/11/27 22:54:07 [debug] searching for OpenResty 'resty' executable
kong_1  | 2016/11/27 22:54:07 [debug] /usr/local/openresty/bin/resty -V: 'nginx version: openresty/1.11.2.1'
kong_1  | 2016/11/27 22:54:07 [debug] found OpenResty 'resty' executable at /usr/local/openresty/bin/resty
kong_1  | 2016/11/27 22:54:07 [verbose] saving serf shell script handler to /usr/local/kong/serf/serf_event.sh
kong_1  | 2016/11/27 22:54:07 [verbose] SSL enabled, no custom certificate set: using default certificate

• Kong error logs (<KONG_PREFIX>/logs/error.log)

2016/11/27 22:58:36 [error] 86#0: *29 lua entry thread aborted: runtime error: /usr/local/share/lua/5.1/pgmoon-mashape/init.lua:172: ngx.socket connect: expecting 1 ~ 5 arguments (including the object), but seen 6
stack traceback:
coroutine 0:
	[C]: in function 'send_ssl_message'
	/usr/local/share/lua/5.1/pgmoon-mashape/init.lua:172: in function 'connect'
	/usr/local/share/lua/5.1/kong/dao/postgres_db.lua:142: in function 'query'
	/usr/local/share/lua/5.1/kong/dao/postgres_db.lua:171: in function 'retrieve_primary_key_type'
	/usr/local/share/lua/5.1/kong/dao/postgres_db.lua:189: in function 'get_select_query'
	/usr/local/share/lua/5.1/kong/dao/postgres_db.lua:400: in function 'count'
	/usr/local/share/lua/5.1/kong/dao/dao.lua:220: in function 'count'
	/usr/local/share/lua/5.1/kong/core/cluster.lua:83: in function </usr/local/share/lua/5.1/kong/core/cluster.lua:48>, context: ngx.timer

[sheerun]

This is a regression: #1720

[sheerun]

Here's dockerfile that fixes this issue:

FROM kong:0.9.5

RUN yum install git -y

RUN luarocks install pgmoon-mashape 2.0.1 --force

RUN sed -i '/pgmoon-mashape/c\  "pgmoon-mashape == 2.0.1",' /usr/local/lib/luarocks/rocks/kong/0.9.5-0/kong-0.9.5-0.rockspec

I've published it under: sheerun/kong:0.9.5

[thibaultcha]

Copy-pasting my message from #1720 here for future reference in case someone stumbles upon this issue:

@sheerun Hey, sorry for the delay on our side. I just released 0.9.6:
  https://github.com/Mashape/kong/releases/tag/0.9.6

Which takes care of bumping the pgmoon-mashape dependency. This definitely warrants a hotfix. It can already be installed over an existing Kong install via:

$ luarocks install kong 0.9.6

We we be releasing the updated distribution packages by the end of the day. 

Thanks again!

We will also update the Docker image. Thanks!

[sheerun]

@thibaultcha Could you release docker image on docker hub?