I installed Postgres 9.3 yesterday on Ubuntu 18.04 (using the Ubuntu package index). I need to add lines to the pg_hba.conf file to allow pgAdmin access on port 5432.
For example, I need to add a line in this format:
hostssl database user address auth-method [auth-options]
My first question is what should I use for the the IP address in the "address" field. I am using pgAdmin on my local computer (Windows) to access my Ubuntu 18.04 server in the cloud, but I don't have a static IP address, so entering my IP address won't do. What IP address should I put in the address field for outside access from my local computer? It's not clear from the docs at https://www.postgresql.org/docs/11/auth-pg-hba-conf.html.
My second question is how do I indicate port 5432 in the line above? I believe that's the default listener port for Postgres, so doesn't it need to be specified in the line above?
What you have to specify in pg_hba.conf is not an IP address, but a netmask: an IP address followed by a number between 0 and 32 that tells how many bits of the address are significant.
For example
12.23.34.99/24
matches all IP addresses between 12.23.34.0 and 12.23.34.255.
Find out in which range your possible IP addresses are and use that.
pg_hba.conf determines which authentication method is used for an incoming connection. It comes into play after the TCP connection to server port 5432 has been established.
To configure on which TCP port PostgreSQL should listen, edit postgresql.conf and restart PostgreSQL.
Related
I was succesfull with connecting another computer with my local PostgreSQL Server(On Windows 10). I've
added two specific lines of arguments in the respectful config files.
postgresql.conf:
listen_addresses = '*'
pg_hba.conf:
host all all all md5
I understood, that this connection is now possible in my local Network, where I am currently connected to. Is this really the case, or do I have to look out for some connections outside my network to block them? (ssl = off, hope that without ssl it is only local)
For completness, i also added a firewall rule where I allowed TCP connections for a port [Port] and profiles in a domain, private and public network.
You can limit the IP range adding a mask like, I'm not sure about that 3rd "all":
host all all 192.168.0.1/24 md5
In any case, you can check the log and see if pg up and listen (pg_log or -l parameter)
I have a PgAdmin server running on localhost and I'm trying to connect to it from another computer on the same network (they have the same IPv4 address).
I've gone through a lot of questions but all of them explain how to connect to a remote server, which I assume is running on an available host.
I've tried:
adding listen_addresses = '*' to postgresql.conf (on both computers)
adding host all all 0.0.0.0/0 md5 to pg_hba.conf (on both computers, replacing 0.0.0.0/0 with a variety of ip addresses)
some other things I saw in tutorials but don't remember
What I'm trying to understand is:
Is it possible to connect remotely to a server running on localhost?
If it is possible, which IP address does the remote computer need to connect?
You need to resolve some basic questions first:
What is the IP of the computer where PG is running? e.g. 192.168.100.10
Which port is PG exposed on? e.g. 9999
After you collected the two above information you can go on the second computer where you have pgAmin and execute
telnet <host> <port>
substituting <host> and <port> with the info collected above. If telnet replies with
Trying ::1...
Connected to <host>.
Escape character is '^]'.
this should mean that the port is open and PG should be listening on that host:port. You found your connection string to PG!
I am just sharing my understanding here. Corrections are welcome.
pgAdmin can connect to one/more postgres servers via TCP over using JDBC like protocol. pgAdmin is just a stand-alone web-interface ( web adapter ).
So some web-server configuration/tuning should be needed in pgAdmin configuration to enable access from remote machines.
I'm having a PostgreSQL instance running on my local machine, listening on all the interfaces (listen_addresses = '*'), and Docker running a Rails application which needs to connect to this database.
Updating manually the pg_hba.conf file by adding a line allowing my IP address makes the application working.
Now, given my computer has the IP address 192.168.1.10, how to allow this IP address only in the pg_hba.conf, dynamically so that in case my IP address changes, the file is updated and PostgreSQL will continue accepting connections?
(My point is that I don't want to allow the 192.168.1.0 network, otherwise my colleagues are gonna be able to connect to my DB, which I don't want obviously :))
I want to have a postgres database on a computer that I can use from multiple (external) computers. It will act as a trial server for me, leaving it on whenever I need it.
I researched how to do it and found out I had to forward the service postgres to the internet. Postgres is on port 5432. I logged in my router which has a forwarding option. I opened up the port 5432, but cant add postgres to the list of services.
Is there a reason for that?
Actually. I found that I just have to adapt the pg_hba.conf file (just started trying). I am running windows. Any advise is welcome, this is not my expertise. I dont understand why it would work if I just adapt the pg_hba.conf. For games or other services, like a game, I have to open a port in the router. Or should I do both?
From Postgres documentation - Client authentication is controlled by a configuration file, which traditionally is named pg_hba.conf and is stored in the database cluster's data directory. (HBA stands for host-based authentication.)
Each record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user name, and the authentication method to be used for connections matching these parameters.
So it is absolutely required to set up your pg_hba.conf for it to allow access to other computers. You will also need to setup router and firewall settings for allowing incoming connections to port 5432.
Here is what you need to do
on postgres.conf change listen_address to:
listen_addresses = '*'
and on pg_hba add this to the end of the file
host all all 0.0.0.0/0 md5
And also make sure the port is forwarded to the machine running Postgres from your router
So I been developing a web application which connected to a postgresql server on another machine. Everything works fine.
Then I deployed the web application to the the same machine running the postgresql server and got an error message:
FATAL: 28000: no pg_hba.conf entry for host "fe80::ccee:154f:18f5:418f%11", user "myuser", database "mydb", SSL off
My pg_hba-conf already has this line:
# IPv6 local connections:
host all all ::1/128 md5
Thats supposed to be the loopback address for ipv6 right?
I can fix it by adding this line(pure guessing):
#host all all fe80::/16 md5
I suspect this works by letting everyone connect?
So question is why would it use ipv6 instead of ipv4?
And why does the loopback not work?
When you connect using a hostname, one of the first things that happens is that libpq (the postgresql client library) will attempt to resolve the hostname. In most cases this will mean looking it up via DNS. Whatever address comes back will then be used for the connection.
I am guessing that in your case the address that the hostname resolves to is an IPv6 address. Your experiments with ping would seem to back up that assumption.
So, despite being on the same machine, it is connecting via the IPv6 address of the host. As far as the server is concerned, it sees the connection coming in from the IPv6 address of the host. This address is not ::1/128 (localhost) so it does not match that entry in pg_hba.conf.
One way to resolve this would be to change the connection string of your appication to localhost (or ::1/128, or even 127.0.0.1). That would cause the loopback entries in the pg_hba.conf to be selected.
If you were using a platform that supports UNIX domain sockets, and as you are connecting to the server on the same host, you would be better off to remove the host parameter from the connection string altogether. In that case libpq would use local UNIX domain sockets to connect to the server, which would be more efficient than connecting locally via an IP address anyway. However since you are using .NET that solution probably does not apply.