Neon Tech - Postgres that separates compute from storage

Just got an app deployed with and used Neon for the db.

I listened to their podcast on changeling Taking Postgres serverless with Nikita Shamgunov from Neon (The Changelog #510) |> Changelog

and they’re coming out with pretty cool things: Edge-compatible Serverless Driver for Postgres - Neon

Just thought I’d share because it’s pretty neat. The one thing that did trip me up was connecting to postgres from fly.

To get it to work I ended up grabbing the cacert pem file from curl - Extract CA Certs from Mozilla I believe. Then set it up like this:


defp load_app do

docker file:

# Appended by flyctl
# ENV ECTO_IPV6 true <- commented out
ENV ERL_AFLAGS "-proto_dist inet6_tcp"


  %URI{host: database_host} = URI.parse(database_url)
  maybe_ipv6 = if System.get_env("ECTO_IPV6"), do: [:inet6], else: []

  config :my_app, MyApp.Repo,
    migration_source: "ecto_migrations",
    ssl: true,
    url: database_url,
    ssl_opts: [
      verify: :verify_peer,
      cacertfile: Path.join(:code.priv_dir(:my_app), "cert/cacert.pem"),
      server_name_indication: to_charlist(database_host),
      customize_hostname_check: [
        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
    pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
    socket_options: maybe_ipv6

Primarily courtesy of: Guide on connecting via Ecto - Framework Integrations - Neon

I think that setup is right… but I know for sure it’s working and connecting. Just thought I’d share and am curious if anyone else has tried them yet?


How did you manage to upload the cacert.pem file to the priv_dir(:my_app) directory on the server? Did you write some curl commands in the dockerfile? If so, could you please provide this command?

Screen Shot 2023-02-18 at 3.48.24 PM

Hi @joges I just pasted it actually into ./priv/cert/cacert.pem