Skip to content

Commit a0a8b46

Browse files
damlayildizdamlayildiz
committed
chore: update docs
1 parent 1483e37 commit a0a8b46

File tree

1 file changed

+4
-7
lines changed

1 file changed

+4
-7
lines changed

docs/postgresql/SELF_HOSTING_POSTGRES_FLYIO.md

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -258,16 +258,13 @@ const http = require("http");
258258
const jwt = require("jsonwebtoken");
259259
260260
const PORT = process.env.PORT || 3001;
261-
const JWT_SECRET_RAW = process.env.JWT_SECRET;
261+
const JWT_SECRET = process.env.JWT_SECRET;
262262
263-
if (!JWT_SECRET_RAW) {
263+
if (!JWT_SECRET) {
264264
console.error("JWT_SECRET environment variable is required");
265265
process.exit(1);
266266
}
267267
268-
// Decode base64 secret to raw bytes — must match how CloudSync verifies tokens
269-
const JWT_SECRET = Buffer.from(JWT_SECRET_RAW, "base64");
270-
271268
function parseBody(req) {
272269
return new Promise((resolve, reject) => {
273270
let data = "";
@@ -627,7 +624,7 @@ JWT_SECRET=<your-jwt-secret>
627624
JWT_DEVELOPMENT_ISSUER_PROJECT_ID=cloudsync-postgres-flyio
628625
```
629626

630-
Both the auth server and CloudSync must decode the base64 secret to the same raw bytes before signing/verifying.
627+
Both the auth server and CloudSync must use the secret as the same raw string (not base64-decoded).
631628

632629
### Option B: RS256 (JWKS)
633630

@@ -752,7 +749,7 @@ docker compose logs -f auth # Auth server only
752749
| `fractional_indexing.h: No such file or directory` | Run `git submodule update --init --recursive` before building |
753750
| `cloudsync_version()` not found | Init scripts only run on first start. Run `CREATE EXTENSION IF NOT EXISTS cloudsync;` manually |
754751
| Auth server won't start | Check `docker compose logs auth`. Ensure `npm install` was run in `auth-server/` |
755-
| Token verification fails (HS256) | Ensure `JWT_SECRET` matches and both sides base64-decode it before use |
752+
| Token verification fails (HS256) | Ensure `JWT_SECRET` matches exactly — CloudSync uses the raw string, not base64-decoded |
756753
| Token verification fails (JWKS) | Ensure CloudSync can reach the JWKS endpoint and `JWT_ISSUER` matches the `ISSUER` env var |
757754
| JWKS keys lost after restart | The JWKS server generates new keys on each start. For production, persist keys to a volume |
758755
| Docker commands not found after VM restart | Run `/data/startup.sh` — Fly VM root filesystem resets on stop/start |

0 commit comments

Comments
 (0)