[Self Hosted] Connection Issues: Self-hosted NocoDB on Hetzner to Supabase (ENOTFOUND, Self-signed cert errors)

External Data Source
1

Hello everyone,

I’m having persistent trouble connecting my self-hosted NocoDB instance to a Supabase cloud database. I’ve followed several troubleshooting paths, including another post on this forum, but I’m now stuck.

My Infrastructure:

  • NocoDB: Self-hosted on a Hetzner VPS, running inside a Docker container managed by Portainer.

  • Firewall: Using the Hetzner Cloud Firewall, which is applied to the VPS.

  • Database: A standard cloud-hosted project on Supabase.

## Attempt 1: Direct Database Connection

Initially, I tried to connect using the direct connection details from Supabase.

  • Host: db.<project-ref>.supabase.co

  • Port: 5432

  • User: postgres.<project-ref>

  • SSL: Enabled with require mode.

Result: This failed with a DNS error: Connection Failure: getaddrinfo ENOTFOUND db.<project-ref>.supabase.co.

Diagnostics:

  • Running ping from the Hetzner VPS to the Supabase host resolved to an IPv6 address but failed with a Destination unreachable: No route error.

  • Running ping -4 failed with Address family for hostname not supported.

  • This indicated a client-side DNS or IPv6 routing issue on my VPS.

## Attempt 2: Using the Connection Pooler (Following another forum post)

I found another post suggesting to use the Connection Pooler URL, so I switched my configuration.

  • Host: aws-0-eu-west-1.pooler.supabase.com

  • Port: 6543

  • User: postgres.<project-ref>

  • SSL: Enabled with require mode.

Result: This led to a new set of errors, pointing towards the firewall.

  1. Initial Error: When testing the connection with openssl s_client, the command failed with unexpected eof while reading and no peer certificate available. This showed the connection was being dropped instantly.

  2. Firewall Discovery: I checked my Hetzner Cloud Firewall and discovered I had 0 outbound rules, which means the firewall was operating on a default-deny policy for all outgoing traffic.

  3. Firewall Fix: I added a new outbound rule to the Hetzner firewall to Accept TCP traffic on port 6543 to Any destination.

  4. Current Error: After adding the firewall rule, the situation is now:

    • Connecting from the NocoDB UI gives me the error: Connection Failure: self-signed certificate in certificate chain.

    • However, running the diagnostic openssl s_client command from the VPS terminal still results in the exact same unexpected eof while reading error as before, which suggests the firewall rule is not having the desired effect.

I seem to be stuck between a firewall that is either blocking the connection or is intercepting it with its own certificate (causing the self-signed error in NocoDB).

Has anyone successfully connected a NocoDB instance from a Hetzner VPS (with the cloud firewall) to Supabase? Is there a known issue with Hetzner’s SSL inspection, or a specific configuration I am missing?

Any help would be greatly appreciated.

2

Not lucky with this as well, just one notice, that Supabase usually provides credentials to database which are:

port:5432
database:postgres
user:postgres

while i see

  • User: postgres.<project-ref>

at your end.

3

Unfortuanately, its hard to tell what is going wrong as its self-hosted and custom setup. However, 100s of users manage to connect nocodb to nocodb. Please try google or chatgpt.