I am trying to connect to google cloud's postgres with ssl certificates. I have pgadmin application locally. I tried connecting by setting my ip addess in allow netwroks and it worked. But, If I emove that settinging and tried with SSL certificates its not working.
I tried all ssl modes (sllow,require, verifiy-CA,verfy-full) . But, none of these works. please help me.
As #jjanes said it seems like its not possible. so, I allowed to every ip address 0.0.0.0/0 and allowed connection only with ssl certificates. This worked for me.
Related
Problem
In general, there have been a ton of issues in connecting a remote service to a PostgreSQL database. The documentation for most services doesn't really have documentation for this since the task of connecting to a PostgreSQL database requires the Admin to modify both the postgresql.conf and pg_hba.conf files.
The current scenario is giving AppSmith remote access to the given server.
PostgreSQL needs to allow the following IP addresses at the pg_hba.conf: 18.223.74.85 and 3.131.104.27
Research SSL Connections and if one would be required in this case
Success Criteria:
Appsmith is able to connect to given database
Appsmith is able to read/write data to given database
Resolution Research
Allowing the above IP addresses to connect to the PostgreSQL database in the pg_hba.conf file and changing the postgresql.conf file to allow remote connections using listening_addresses = '*' did not resolve the issue. Appsmith is unable to connect to the database.
SSL Connection: SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
SSL proved to be a dead-end for this issue with no resolution.
In order to create an SSL connection, the following steps must be followed (PostgreSQL SSL documentation: https://www.postgresql.org/docs/9.1/ssl-tcp.html):
OpenSSL needs to be installed on the host server (https://fedingo.com/how-to-install-openssl-in-ubuntu/). Determined that OpenSSL is already installed on the host server using openssl version -a.
Following the above steps from the postgresql documentation does not produce the desired result.
Following steps from https://www.cyberciti.biz/faq/postgresql-remote-access-or-connection/ does not work either.
Error in all cases on Appsmith: Failed to initialize pool: The connection attempt failed
Next-steps
Consult with the Stackoverflow community to see if anyone else is having a similar issue.
Similar issues have been found, but Appsmith documentation and the Stackoverflow community did not have the information needed to fulfill this issue. I will post the full case to the community.
I resolved this problem using ngrok to make a tcp tunnel on your localhost.
Donwload and conifg ngrok and create a new tunnel on terminal, just run ngrok tcp 5432 at terminal
After this, get the host/port and insert at Appsmith PostgreSQL Connection.
make sure your username/password is correct.
Image from host/port create on ngrok
Image to how config this host/port on Appsmith
I just setup aws rds and I'm trying to connect pgadmin to it. I put in the Endpoint and the port shown in the rds dashboard, and the username and password I set. When I try connecting, I get an error message saying: Unable to connect to server "host name" port "port" failed: timeout expired.
I also tried connecting prisma to it by running npx prisma migrate dev --name init and I also get an error saying P1001: Can't reach database server at "host name".
I made sure to set Publicly accessible to Yes, but it's still not working. What am I doing wrong and how can I fix it?
(For the settings, I used the default free tier settings.)
In the question thread, the security group is defined to accept All Traffic from all IPv6 addresses ::/0. Permission for IPv4 address should be added as well. You may want to address All Traffic for IPv4 address 0.0.0.0/0.
I'm using Cloudflare access to authenticate my MongoDB server(using an SSH tunnel) but Robo3T not invoking browser authentication while using Cloudflare DNS with Robo3T SSH configuration(creating a tunnel through a bastion host to access the mongodb server).
But if I'm using bastion server IP instead of DNS i.e. bypassing Cloudflare access authentication, it works perfectly fine.
I'm facing the same issue with the MongoDB-compass as well.
Any help is really appreciated.
Hi we are running into a problem with tls between PostgreSQL 11 and pgbouncer 1.9, both on the same host in different containers.
tls enabled and is working between client and pgbouncer and between pgbouncer and PostgreSQL.
The problem is that client connet to pgbouncer with client key and certificate, and after auth pgbouncer pass the client with his/her username and password to postgreSQL and use its own pgbouncer certificate. Immediatly we got error because PostgreSQL checks the username and username in cert and they doesn't match.
What is the right way of solving this issue?
Is there a way to pass client certificate to pgbouncer and then to PostgreSQL?
Thank you
For now there is a mapping on postgres side like this
mymap pgbouncer clientuser
but this is not a viable solution
The best you can do in this case is not to use certificate authentication with PostgreSQL.
In a setup like yours, it is pgBouncer that verifies the authenticity of the incoming client connection using certificates. One this is done, you don't need any further verification.
So use the trust authentication for connections between pgBouncer and PostgreSQL, if that is a trusted network for you.
I'm trying to connect to MongoDB Atlas using Robo 3T.
I must be doing something wrong, cause when i'm trying to connect I get the following error message:
Failed to connect to cluster via SSL tunnel.
in details: Error: ssl connection failure: Authentication failed.
What iv'e tried so far:
Selected a "Direct connection" type.
I used my primary cluster as address (including the port number)
for Authentication I used "admin" Database, and put my username (my email) and the password of MongoDB Atlas.
I also white listed my IP address, and even set it as "allow access from anywhere", though it's not secure.
I checked "Use self-signed certificate"
Nothing I do seems to work.
Any idea what am I doing wrong?
thanks
At Atlas connections are SSL encrypted.
Go to SSL Tab in the connection settings window
Select Use SSL Protocol option
Now try connecting.
Exclude the port number in your cluster URI. :PORT. Exclude the port then use ssl and self certificate.