Neon Tech - Postgres that separates compute from storage

Just got an app deployed with and used Neon for the db.

I listened to their podcast on changeling Taking Postgres serverless with Nikita Shamgunov from Neon (The Changelog #510) |> Changelog

and they’re coming out with pretty cool things: Edge-compatible Serverless Driver for Postgres - Neon

Just thought I’d share because it’s pretty neat. The one thing that did trip me up was connecting to postgres from fly.

To get it to work I ended up grabbing the cacert pem file from curl - Extract CA Certs from Mozilla I believe. Then set it up like this:


defp load_app do

docker file:

# Appended by flyctl
# ENV ECTO_IPV6 true <- commented out
ENV ERL_AFLAGS "-proto_dist inet6_tcp"


  %URI{host: database_host} = URI.parse(database_url)
  maybe_ipv6 = if System.get_env("ECTO_IPV6"), do: [:inet6], else: []

  config :my_app, MyApp.Repo,
    migration_source: "ecto_migrations",
    ssl: true,
    url: database_url,
    ssl_opts: [
      verify: :verify_peer,
      cacertfile: Path.join(:code.priv_dir(:my_app), "cert/cacert.pem"),
      server_name_indication: to_charlist(database_host),
      customize_hostname_check: [
        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
    pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
    socket_options: maybe_ipv6

Primarily courtesy of: Guide on connecting via Ecto - Framework Integrations - Neon

I think that setup is right… but I know for sure it’s working and connecting. Just thought I’d share and am curious if anyone else has tried them yet?


How did you manage to upload the cacert.pem file to the priv_dir(:my_app) directory on the server? Did you write some curl commands in the dockerfile? If so, could you please provide this command?

Screen Shot 2023-02-18 at 3.48.24 PM

Hi @joges I just pasted it actually into ./priv/cert/cacert.pem


@gdub01, how’s your app with Neon going?

There’s now a guide from Neon:

I finally got around to trying to connect to it, just from my local dev so far. In NixOS, I’ve set cacertfile to /etc/ssl/certs/ca-certificates.crt.

A couple of gotchas I found:

  • If a PGHOST environment variable is set, as it is in my project’s Devbox environment, that will be used over what’s in Ecto’s Repo config. So I ran mix ecto commands with:
    PGHOST="" mix ecto.migrations
    (Of course, the environment wouldn’t usually have PGHOST set to something other than Neon if it’s Neon that’s in use, but I just wanted to temporarily experiment.)
  • If Neon has suspended compute after a few minutes of inactivity, the connection for the mix ecto command results in ** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2987ms. Simply running the command again works for me.

I’d like to look at using Neon’s branching for a staging envrionment and to enable easy backups and recovery of lost data in the event of an issue with production.

Oh that’s a great idea having a staging branch with them.
I’m not using it for that personally but I like that idea.

I had tried fly’s postgres but got a little nervous seeing a few issues in the community forms. Had they had a way to easily have automated offsite backups to R2 or S3 or something probably would not have tried Neon. But having Neon with branching and point in time recovery and autoscaling is pretty nice.

Main downside is scale to zero takes a second to boot up again. I don’t think it’s a bad thing to have if your app has heavy traffic… but mine doesn’t so there’s sometimes a bit of a lag. But I think it’s still early days for them and they’ll only get faster.

1 Like