I created a postgres docker image on top of the official image to copy my own pg_hba.conf into it, because I need to disable listening on IPv6 :
FROM postgres:13
COPY pg_hba.conf /etc/
Afterwards I run the container using the following docker-compose.yaml:
postgres:
image: custom-postgres
command: postgres -c hba_file="/etc/pg_hba.conf"
But postgres still tries listening on the none existent IPv6 socket. What am I doing wrong? This is my pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
But I get the feeling it is not beeing used as I can see that the default pg_hba.conf is still created in /var/lib/postgresql/data
If you want to shape what interface(s) the Postgres server listens on you need to use the listen_addresses in postgresql.conf. To restrict to IPv4 then set to 0.0.0.0. See documentation link for more options. pg_hba.conf is used to control client access to a server. It does not control what interface the server listens on.
Related
PostgreSQL 13 is running on a remote machine in a docker container. I can't get access to it remotely in any way, the error is
no pg_hba.conf entry for host,
ssl is disabled.
Connect from the local machine by the host name localhost or 127.0.0.1 is excellent. But if I set a own IP of the current server 192.168.1.102 - I am getting the error. And from any remote machine it is the same
postgresql.conf
listen_addresses = '*'
pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
#host all all 127.0.0.1/32 trust
host all all all trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all ::1/128 trust
host all all all md5
I did a container restart and the postgres user has a password
Thanks
Try use
docker run --publish=192.168.1.102:<exposed-port>:<container-port> postgresql-image
Also make sure you can ping to IP from other PC. Firewalls, Virus guards etc should check.
There are a great number of solutions described here
I'm using Docker on Windows to use in local a postgres database. I made two docker container: one for the database called pg and another called pgadmin with pgadmin4.
After inspected pg, I connected pgadmin4 in 172.17.0.3:5432 and it works.
Now time to code but...
psycopg2.OperationalError: could not connect to server: Connection timed out (0x0000274C/10060)
Is the server running on host "172.17.0.3" and accepting
TCP/IP connections on port 5432?
I read a lot of questions like that, but i can't figure it out. Doesn't seem, to me, like a problem generated in pg_hba.conf for the denied connection, because in this case pgadmin should not work, right?
(But if is a problem with pg_hba.conf where I can find it? In the docker installation folder I did't find it)
I put my python code here but don't seems the problem:
conn = psycopg2.connect(
database = 'example',
user = 'username',
password = 'secretpassword',
host = '172.17.0.3', # default port is 5432 so it's not necessary
)
Upgrade edit:
I found the configurations
In postgresql.conf the listen_addresses = '*', that is correct.
In pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
You could use docker run and the --expose parameter to expose your ports, on each container.
Another command you can run is docker network connect which allows you to connect a container to a network, so if two containers are on the same network, they should be able to communicate with each other.
The usage is docker network connect [OPTIONS] NETWORK CONTAINER
One advantage of using the docker network create command is to be able to create an --ip-range so to specify ip addresses to be used on the network.
Afterwards you can assign a container to have a specific ip address, docker network connect. If the container was not on the network for example, the ip address would not be reassigned to another container on the network.
More information in the docker documentation,
https://docs.docker.com/engine/reference/commandline/network_connect/
I am running postgresql 11.2 inside docker containers.
While preparing the master and standBy PostgreSQL instances for streaming replication, I have enabled archiving on the master server. After this I need to run the pg_basebackup command on the standBy server to take a backup from master to standBy.
No matter what I do, I am facing the same error:
pg_basebackup: could not connect to server: FATAL: no pg_hba.conf entry for replication connection from host "10.244.0.1", user "repluser", SSL off
Commands I am running using postgres user, inside the docker container running standBy server, are:
pg_basebackup -h 10.0.0.1 -D /data/postgres -U repluser -v -P --wal-method=stream
OR
pg_basebackup -h 10.0.0.1 -U repluser -Ft -D /data/postgres
(Please assume 10.0.0.1 is my master server's IP and 10.0.0.2 is my standBy server's IP. They are in same subnet)
The pg_hba.conf file on the master server looks like this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
host all all all md5
# TYPE DATABASE USER ADDRESS METHOD
host replication repluser 10.0.0.2/32 trust
Postgresql has told you what the problem is. Add "10.244.0.1" to the pg_hba for replication (unless you think that that is the IP address of an MITM attacker).
Maybe you think the IP address is 10.0.0.2, but PostgreSQL does not. If the host machine is NATing the outside world for the virtual machine inside it, then the connection will look like it is coming from the host machine so that is what IP address you need to use. But of course, this means IP restriction implemented in pg_hhba doesn't provide much security since all connections might appear to come from the same place, you have to implement the restriction at the host level instead, or use a different method of authentication than just IP restriction. You might also be able to change your VM set up so it has the network bridge rather than NAT.
I followed this tutorial.
I managed to set up everything and do exactly as it was mentioned in the tutorial.
But when I tried to connect to it using PGADMIN 4, i get connection time and out and I was never able to fix it.
then I found this link, which has the following command:
sudo -i -u postgres
psql
\conninfo
then I cans see the following message:
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".
So I dont understand what is wrong now and when I type:
sudo nano ../../etc/postgresql/9.3/main/pg_hba.conf
to see the content of the file and I put my password, its not being accepted.
Then I restart everything by closing the window and open it again, then I can check out the file:
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
# IPv4 remote connections for the tutorial:
#host all all 127.0.0.1/32 md5
#host all all 35.196.55.208/32 md5
host all all all md5
The last 4 lines I've added to fix the problem, but nothing yet.
What am I doing wrong? I'm looking at many tutorials, and also several pages from Stack Overflow but still nothing!
You have not provided permission to connect remotely.
In the given tutorial, Connecting remotely section it is clearly mentioned that you need to provide your IP address in the pg_hba.conf file.
Replace [YOUR_IPV4_ADDRESS] with the address of your local computer.
Also, In the Instances page in the Google Cloud Platform Console, click the
instance to open its Overview page. Select the Authorization tab.
Under Authorized networks, click Add network and enter the IP address
of the client machine where your client is installed. Click Done, then
click Save at the bottom of your page to save your changes. Connect to
your instance, either with SSL or without SSL.
Provide your IP address in the pg_hba.conf file, Restart Postgres service and try again.
I've been trying to edit pg_hba.conf file in order to be able to access the server using just the IP address with, so far, no success.
For example, I can access using «localhost», but I want to access using the IP address that my router gave me which is something like 192.168.1.X
This is mi pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres trust
#host replication postgres 127.0.0.1/32 trust
#host replication postgres ::1/128 trust
host all all 0.0.0.0/0 trust
Any help?
First, edit the postgresql.conf file, and set listen_addresses. The default value of 'localhost' will only listen on the loopback adaptor. You can change it to '*', meaning listen on all addresses, or specifically list the IP address of the interfaces you want it to accept connections from. Note that this is the IP address which the interface has allocated to it, which you can see using ifconfig or ip addr commands.
You must restart postgresql for the changes to listen_addresses to take effect.
Next, in pg_hba.conf, you will need an entry like this:
# TYPE DATABASE USER ADDRESS METHOD
host {dbname} {user} 192.168.1.0/24 md5
{dbname} is the database name you are allowing access to. You can put "all" for all databases.
{user} is the user who is allowed to connect. Note that this is the postgresql user, not necessarily the unix user.
The ADDRESS part is the network address and mask that you want to allow. The mask I specified will work for 192.168.1.x as you requested.
The METHOD part is the authentication method to use. There are a number of options there. md5 means it will use an md5 hashed password. 'trust' which you had in your sample means no authentication at all - this is definitely not recommended.
Changes to pg_hba.conf will take effect after reloading the server. You can to this using pg_ctl reload (or via the init scripts, depending on your OS distro).