Connect nakama to cockroachdb in secure mode using docker compose

I’ve been trying to run cockroachdb in secure mode using docker compose, and I think I got that working now but nakama doesn’t seem to be able to connect to it. Dose anyone know how to fix it?

A link to all the code I have so far.

And this is just the docker-compose file

version: '3.5'

volumes:
  certs-roach-0:
  certs-client:

services:

  roach-cert:
    container_name: roach-cert
    hostname: roach-cert
    build: roach-cert
    volumes:
      - certs-roach-0:/certs/roach-0
      - certs-client:/certs/client

  roach-0:
    container_name: roach-0
    hostname: roach-0
    image: cockroachdb/cockroach:latest
    command: start-single-node --cluster-name=example-secure-nginx --logtostderr=WARNING --log-file-verbosity=WARNING --certs-dir=/certs
    volumes:
      - certs-roach-0:/certs
    depends_on:
      - roach-cert

  lb:
    container_name: lb
    hostname: lb
    build: haproxy
    ports:
      - "5432:5432"
      - "8080:8080"
      - "8081:8081"
    depends_on:
      - roach-0

  roach-init:
    container_name: roach-init
    hostname: roach-init
    image: timveil/cockroachdb-remote-client:latest
    environment:
      - COCKROACH_HOST=lb:5432
      - COCKROACH_INSECURE=false
      - COCKROACH_CERTS_DIR=/certs
      - DATABASE_NAME=admin
      - DATABASE_USER=admin
      - DATABASE_PASSWORD=password
    volumes:
      - certs-client:/certs
    depends_on:
      - lb
      - roach-cert
  nakama:
    container_name: nakama
    image: heroiclabs/nakama:2.12.0
    entrypoint:
      - "/bin/sh"
      - "-ecx"
      - >
          /nakama/nakama migrate up --database.address root@roach-0:26257 &&
          exec /nakama/nakama --config /nakama/data/my-special-config.yml
    restart: always
    links:
      - "roach-cert:db"
    depends_on:
      - roach-cert
    volumes:
      - ./:/nakama/data
    expose:
      - "7349"
      - "7350"
      - "7351"
    ports:
      - "7349:7349"
      - "7350:7350"
      - "7351:7351"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:7350/"]
      interval: 10s
      timeout: 5s
      retries: 5
#volumes:
#  data:

Here is the error message from nakama

nakama        | + /nakama/nakama migrate up --database.address root@roach-0:26257

nakama        | {"level":"info","ts":"2020-11-01T23:10:28.764Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257"}

nakama        | {"level":"fatal","ts":"2020-11-01T23:10:31.008Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"ERROR: node is running secure mode, SSL connection required (SQLSTATE 08P01)"}

nakama        | + /nakama/nakama migrate up --database.address root@roach-0:26257

nakama        | {"level":"info","ts":"2020-11-01T23:10:36.951Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257"}

nakama        | {"level":"fatal","ts":"2020-11-01T23:10:36.952Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"ERROR: node is running secure mode, SSL connection required (SQLSTATE 08P01)"}

nakama        | + /nakama/nakama migrate up --database.address root@roach-0:26257

nakama        | {"level":"info","ts":"2020-11-01T23:10:40.471Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257"}

nakama        | {"level":"fatal","ts":"2020-11-01T23:10:40.472Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"ERROR: node is running secure mode, SSL connection required (SQLSTATE 08P01)"}

nakama        | + /nakama/nakama migrate up --database.address root@roach-0:26257

nakama        | {"level":"info","ts":"2020-11-01T23:10:44.023Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257"}

nakama        | {"level":"fatal","ts":"2020-11-01T23:10:44.025Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"ERROR: node is running secure mode, SSL connection required (SQLSTATE 08P01)"}

nakama        | + /nakama/nakama migrate up --database.address root@roach-0:26257

nakama        | {"level":"info","ts":"2020-11-01T23:10:47.469Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257"}

nakama        | {"level":"fatal","ts":"2020-11-01T23:10:47.471Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"ERROR: node is running secure mode, SSL connection required (SQLSTATE 08P01)"}

nakama        | + /nakama/nakama migrate up --database.address root@roach-0:26257

nakama        | {"level":"info","ts":"2020-11-01T23:10:50.564Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257"}

nakama        | {"level":"fatal","ts":"2020-11-01T23:10:50.565Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"ERROR: node is running secure mode, SSL connection required (SQLSTATE 08P01)"}

Your database address string does not tell Nakama to use SSL or how to find certificates, so the error message you get is very accurate.

Have a look at the docs for setting up the server’s database connection. You’ll need to adjust the database.address string with extra SSL-related parameters.

Thanks, I’ve looked through the docs and I think I got further, but now I’m getting this error message.
Do you know what it means?

nakama        | {"level":"info","ts":"2020-11-02T20:10:01.381Z","caller":"migrate/migrate.go:139","msg":"Database connection","dsn":"root@roach-0:26257?sslcert=/certs/client.root.crt&sslkey=/certs/client.root.key.pk8&sslmode=verify-full&sslrootcert=/certs/ca.crt"}
nakama        | {"level":"fatal","ts":"2020-11-02T20:10:01.383Z","caller":"migrate/migrate.go:147","msg":"Error pinging database","error":"unable to read cert: tls: failed to find any PEM data in key input","errorVerbose":"tls: failed to find any PEM data in key input\nunable to read cert\ngithub.com/jackc/pgx.configTLS\n\tgithub.com/jackc/pgx@v3.5.0+incompatible/conn.go:1028\ngithub.com/jackc/pgx.ParseURI\n\tgithub.com/jackc/pgx@v3.5.0+incompatible/conn.go:768\ngithub.com/jackc/pgx.ParseConnectionString\n\tgithub.com/jackc/pgx@v3.5.0+incompatible/conn.go:874\ngithub.com/jackc/pgx/stdlib.(*Driver).Open\n\tgithub.com/jackc/pgx@v3.5.0+incompatible/stdlib/sql.go:157\ndatabase/sql.dsnConnector.Connect\n\tdatabase/sql/sql.go:688\ndatabase/sql.(*DB).conn\n\tdatabase/sql/sql.go:1228\ndatabase/sql.(*DB).PingContext\n\tdatabase/sql/sql.go:782\ndatabase/sql.(*DB).Ping\n\tdatabase/sql/sql.go:800\ngithub.com/heroiclabs/nakama/v2/migrate.Parse\n\tgithub.com/heroiclabs/nakama/v2/migrate/migrate.go:146\nmain.main\n\tmain.go:79\nruntime.main\n\truntime/proc.go:203\nruntime.goexit\n\truntime/asm_amd64.s:1373"}