22

I'm following the official instructions to deploy my strapi starter app to Heroku. The app runs fine locally. The only thing I left out in my deployment instructions were installing the PG node module (it is already installed because my local app uses Postgresql).

Accessing the Heroku logs, I see this:

error: Middleware "strapi::session": App keys are required. 
Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])

Maybe this is an important detail: I followed this process once, and everything worked. I was able to deploy to Heroku. I tried it again and it didn't work. I was thinking maybe Heroku had a problem with me re-using an app name, but I tried to name the app something different in Heroku and I still had the same error.

Is heroku looking in the wrong place for my server.js file? Should it be looking in my "./config/env/production" folder instead of my "./config" folder?

Per the instructions, here is my ./config/env/production/database.js

const parse = require('pg-connection-string').parse;
const config = parse(process.env.DATABASE_URL);

module.exports = ({ env }) => ({
  connection: {
    client: 'postgres',
    connection: {
      host: config.host,
      port: config.port,
      database: config.database,
      user: config.user,
      password: config.password,
      ssl: {
        rejectUnauthorized: false
      },
    },
    debug: false,
  },
});

Here is my ./config/env/production/server.js

module.exports = ({ env }) => ({
    url: env('MY_HEROKU_URL'),
});

And here is my ./config/server.js

module.exports = ({ env }) => ({
  host: env('HOST', '0.0.0.0'),
  port: env.int('PORT', 1337),
  app: {
    keys: env.array('APP_KEYS'),
  },
});

my package.json for good measure:

{
  "dependencies": {
    "@strapi/plugin-graphql": "^4.0.0",
    "@strapi/plugin-i18n": "4.0.6",
    "@strapi/plugin-users-permissions": "4.0.6",
    "@strapi/strapi": "4.0.6",
    "lodash.set": "^4.3.2",
    "pg": "8.6.0",
    "pg-connection-string": "^2.5.0"
  },
  "name": "backend",
  "private": true,
  "version": "0.1.0",
  "description": "A Strapi application",
  "scripts": {
    "develop": "strapi develop",
    "start": "strapi start",
    "build": "strapi build",
    "strapi": "strapi"
  },
  "devDependencies": {},
  "author": {
    "name": "A Strapi developer"
  },
  "strapi": {
    "uuid": "f64b509e-2d95-4464-8d39-d6f0d1c7a31a",
    "template": "@strapi/template-corporate@^1.0.0",
    "starter": "@strapi/starter-next-corporate"
  },
  "engines": {
    "node": ">=12.x.x <=16.x.x",
    "npm": ">=6.0.0"
  },
  "license": "MIT"
}

I'm running Node v14.18.3 and NPM v6.14.15

J7stin
  • 491
  • 1
  • 4
  • 12
  • Heroku will run the app for me now, but only if I list the keys directly in the ./config/env/production/server.js file. Anyone know why Heroku isn't picking up my global variables set in my root .env file? – J7stin Feb 01 '22 at 20:43
  • 1
    Turns out my .env was in .gitignore so heroku couldn't read the keys. – J7stin Feb 02 '22 at 00:56
  • 3
    I was able to add the keys to heroku directly with the "heroku config:set" command so I could keep my .env in .gitignore – J7stin Feb 03 '22 at 18:25

6 Answers6

15

I solved it with this in ./config/env/production/server.js

module.exports = ({ env }) => ({
  url: env("MY_HEROKU_URL"),
  proxy: true,
  app: {
    keys: env.array("APP_KEYS", ["testKey1", "testKey2"]),
  },
});

testKey1, testKey2 are just placeholders and need to be replaced by 2 random keys via CONFIG VAR in heroku

APP_KEYS=someSecret,anotherSecret

proxy: true was also important. Else it throws a Cannot send secure cookie over unencrypted connection

Temo
  • 479
  • 4
  • 12
  • Thanks. I found that my .env file was in .gitignore, so when I included it, Heroku was able to access the app keys in the .env file. Then I didn't need to include them in the server.js – J7stin Feb 02 '22 at 00:54
  • 7
    please avoid committing your env file or hardcoding them. instead, you can set the env from heroku cli or dashboard. – CoderKK Feb 11 '22 at 01:45
  • Thanks, this should be in the doc. – Stéphane Changarnier Mar 09 '22 at 14:01
  • 3
    Am i the only one for who this answer makes no sense? Replace placeholder by 2 random keys? I was able to get this to work by replacing with keys from heroku dashboard by revealing env variables - strapi keys. keys: env.array("APP_KEYS", ["DATABASE_URL", "MY_HEROKU_URL", "NODE_ENV"]), – kristjan reinhold Mar 23 '22 at 13:33
  • Are there suggestions for secure keys? (minimum recommended length, etc.) – vstollen Dec 30 '22 at 21:56
7

just create .env file in root of your project like this:

HOST=0.0.0.0
PORT=1337
APP_KEYS=jP8pb1lYsAhnmURarewxhA==,34xnLMYHY5jiU7ONTstTqQ==
Mohsen
  • 1,295
  • 1
  • 15
  • 45
6

Adding the environment variables to your file as @Temo mentioned is not the right solution. Although it works it poses quite some security threats.

What you should do is add the APP_KEYS to your environment variables on Heroku. You can generate a new key by creating a file with this code:

// filename: generateCode.js
const crypto = require('crypto')
console.log(crypto.randomBytes(16).toString('base64'))

and then running it from the console with:

node generateCode.js

The code it generates looks something like foP7OJcuRhCw1sTR6EfZPw==. Use that as your APP_KEY in Heroku.

Iggy van Lith
  • 606
  • 1
  • 7
  • 16
4

On Heroku, for that particular app, navigate to Settings->Config vars and add your environment variables there.

Alex
  • 73
  • 6
2

So you just need to create a variable in Heroku settings->config vars called APP_KEYS. And value of this variable you can get from your .env file where you should have APP_KEYS variable with value.

Nikita Prus
  • 191
  • 1
  • 5
-8

Just remove .env from git ignore. Then push again.

Diego Serrano
  • 3
  • 2
  • 1
    The whole point of using an `.env` file is so you aren't committing your configuration data. Committing it isn't a good idea, and `.env` files aren't a good fit on Heroku. A the other answers have said, use Config Vars instead. Both `.env` files and Config Vars are just convenient ways to set environment variables. – ChrisGPT was on strike Aug 14 '22 at 19:46
  • 1
    Please don't push your .env file into your repository – Dallas Clark Sep 21 '22 at 07:47
  • 2
    sure fire way to lose your job – ChrisAddams Oct 15 '22 at 00:42