I have the following lines in pg_hba.conf. Postgres is installed on a Windows server.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
#host all all myip md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I would like to allow connection only from one more public IP address. How can I achieve that? As soon as I enable the above line IP: Postgres doesn't start.
Looking for some guidance.
To open the port 5432 edit your /Program Files/PostgreSQL/10/data/postgresql.conf and change
# Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
In /Program Files/PostgreSQL/10/data/pg_hba.conf
# IPv4 local connections:
host all all 0.0.0.0/0 md5
Now restate the Postgres server use cmd
pg_ctl -D "C:\Program Files\PostgreSQL\10\data" restart
I run postgres on several Windows servers (Windows Server 2012 R2, Windows Server 2016) as a part of a commercial framework running on an Apache tomcat webserver. The local connection worked fine. However, I want the same postgres server to be accessible for another framework (Cakephp) on another server (Red Hat Enterprise Linux) on the same server farm. This used to work until I upgraded to postgres 9. Now I had to upgrade to postgres 10. No matter what I tried, I failed.
Here is what I did to solve the problem:
Find your local postgres configuration files. They are usually in the same directory as the postgres tablespace, in my case:
d:\PG10Data\postgresql.conf.
This file has to contain the following lines:
# - Connection Settings:
listen_addresses = '*' # what IP addresses/interfaces to listen on
port = 5432
The next file to be modified is the pg_hba.conf (hba = host based access):
# TYPE DATABASE USER ADDRESS METHOD
# some sample entries:
# this will open UP ALL REMOTE IPv4 connections, do not open up permanently
host all all 0.0.0.0/0 md5
# only 1 database for 1 user from 1 IPv4 address:
host yourdatabasename yourusername 10.15.17.13/32 md5
# don not forget the "/32", otherwise the postgres server will not start up!
After editing these files, restart the postgres server.
You can run
netstat -a -n | findstr 5432
to see if the postgres listener is running.
You can also run the following to test connectivity from the Windows command prompt:
psql -Uyourusername -dyourdatabasename -p5432 -hlocalhost
This should work at any time. The next level will be to use your computer's local IPv4 address. This you can find out with
ipconfig
This will tell you your local IPv4 address. Use this in the following command:
psql -Uyourusername -dyourdatabasename -p5432 -hyourlocalip
My problem was, this command failed. Since I ran it directly on my server, it could not be the local Windows firewall.
The solution:
There is a 2nd configuration file:
d:\PG10Data\postgresql.auto.conf
The file starts ominously with the following 2 lines:
# Do not edit this file manually!
# It will be overwritten by the ALTER SYSTEM command
And it ends:
listen_addresses = 'localhost'
I tried the ALTER SYSTEM command when I was logged on locally as postgres via psql, but no success.
In the end I turned cheeky and changed the entry in d:\PG10Data\postgresql.auto.conf to;
listen_addresses = '*'
Bingo! After a postgres restart, remote access worked like a charm on both Windows servers.
N. B. Don't forget the Windows Firewall: Open port 5432 for remote access. Also check there are no firewalls in the network the block access to port 5432 from your remote client.
It would be nice if someone were able to tell me how I should have changed the parameter without editing the postgresql.auto.conf, but at least both of my framesworks - both on the local and the remote server - are working.
That is incorrect syntax: myip is not an IP address, and the /32 after it is missing.
Related
I installed PostgreSQL on my server today and quickly took notes. I hope that I have compiled the answers I found for my question beautifully for you.
UPDATE PG_HBA.CONF
If you are using an ubuntu distribution, the file path should be this way.
I use the 10 version and use the ubuntu distribution. This path may differ depending on your operating system. Find this file on your system. etc/postgressql/10/main/pg_hba.conf Using nano, you can open it directly with the command.
nano etc/postgresql/10/main/pg_hba.conf
here are two settings we need to make.
# "local" is for Unix domain socket connections only
local all all md5
# Remote connections for navicat
host samerole all 0.0.0.0/0 md5
don't touch the others, should look like this in its final form.
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
# Remote connections for navicat
host samerole all 0.0.0.0/0 md5
UPDATE POSTGRESQL.CONF
Open this file with nano, find the line below and update it as follows.
nano etc/postgresql/10/main/postgresql.conf
listen_addresses = 'localhost'
change it
listen_adresses = '*'
The settings required for the translate remote connection to work are only related to these two settings. But if your system has a Firewall, we need to whitelist the ports for PostgreSQL like UFW. Let's do this when we say it.
$ sudo ufw status
When you check the firewall status, if it is active, you will see an output like this. If disabled, inactive appears.
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
5432/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
5432/tcp (v6) ALLOW Anywhere (v6)
This place is very important! Make sure you have ssh permission when activating UFW. I will always let this habit. If you do not do this, you need to login to the system with root and interfere with ufw settings. you kind of lock yourself up :)
Let's continue with UFW permissions.
$ sudo ufw allow ssh
$ sudo ufw allow 5432/tcp
We also gave the necessary permissions. Let's do one more check. Let's make sure our PostgreSQL password is default postgres. Because it's a nonsense by the way. Let's secure our business. Time is cash.
CHECKING THE DEFAULT USERNAME AND PASSWORD (postgres, postgres, postgres)
$ sudo -u postgres psql
\password postgres
\q
just restart the postgres service.
$ sudo service postgresql restart
NOW WE START THE NAVICAT SETTINGS
Open your Navicat application and create a new connection that selects the PostreSQL connection from the new connection tab.
Two setting steps are waiting for you in the connection you created. General and SSH settings.
I enter my default PostgreSQL information in General settings. Just like in the picture.
Connection Name: Your Connection Name
Host: localhost
Port: 5432
Initial Database: postgres
User Name: postgres
Password: postgres
postgres is default database, username and password !
Let's set the SSH connection settings as follows.
Host: your droplet IP
Port: 22 is defeault SSH port
User Name: root (default root login)
Authentication Method: Public Key
Private Key: /Users/username/.ssh/id_rsa
Passphrase: your passhrase
If we have made our settings for Navicat, we can now test our connection. Click the Test Connection button and see if we connect.
Congratulations !!!
I created an EC2 instance and then installed postgresql (version 11) and timescaledb in it. My security group looks as follows:
As of now, I have enabled this instance for all the IP addresses.
My /etc/postgresql/11/main/pg_hba.conf looks like this:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 0.0.0.0/0 md5 #ipv4 range
host all all ::0/0 md5 #ipv6 range
host all all all md5 #all ip
and the /etc/postgresql/11/main/postgresql.conf looks like this:
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
Then, I try to connect to the database via Pgadmin4 using the Public DNS(IPv4):ec2-xx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com
After I enter the username and password, it throws the following error:
Unable to connect to server:
could not connect to server: Connection refused
Is the server running on host "ec2-xx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com" (xx.xxx.xxx.xxx) and accepting
TCP/IP connections on port 5432?
I had a look at the following post and followed all the instructions, but to no avail:
connect-to-remote-postgresql-server-on-amazon-ec2
Can anyone please help me out with this?
Edit 1
When I do:
/etc/init.d/postgresql restart
I get:
[....] Restarting postgresql (via systemctl): postgresql.service==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'postgresql.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
I don't know what password to enter here so that the postgresql can get restarted
As pointed out by #jjanes in the comments, I had to restart the postgresql inorder to access it.
Doing
/etc/init.d/postgresql restart
was throwing an error (as shown in the question) that's why I had to use
sudo /etc/init.d/postgresql restart
in order to grant the root access.
Once the db was restarted, I tried connecting to the ec2 instance again via pgadmin4, and this time it worked.
I got this confusing error of unable to access PostgreSQL running inside a Linux on top of Hyper-V on Windows 10.
Below is part of my hb_pga.conf. I already check it using psql show hba_file that I edited the correct configuration file.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 0.0.0.0/0 trust
# IPv6 local connections:
host all all ::1/128 md5
If I add listen_addresses='*', I can't access it from within linux VM itself (nor Windows host). But If I remove listen_addresses, and test using IP connection via psql -h 127.0.0.1 -U postgres postgres, it will work.
I am using default switch and add another internal switch for samba mounted drive. Not sure whether that means something though.
Using this command to check all opened ports:
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1368/postgres
Shouldn't 127.0.0 be 0.0.0.0 to allow connecting from outside?
Solved.
Turn out, that listen_address='*' argument is on different file on the same directory with pg_hba.conf, that is postgresql.conf
Adding listen_addresses='*' to postgresql.conf solved this issue.
I put all of it here, should you need it https://medium.com/#swdev/quick-start-postgresql-on-linux-windows-and-hyper-v-bf5eef40eb84
I cannot connect to my postgresql instance remotely on port 5432. Connection times out. I cannot connect remotely using psql, pgAdmin or telnet. I feel like I have everything configured correctly. Postgresql has been restarted several times with these settings. Remote connection works fine.
What could I be missing?
netstat:
postgressql.conf
pg_hba.conf:
Try referring this link for help
https://www.thegeekstuff.com/2014/02/enable-remote-postgresql-connection/?utm_source=tuicool
in short you have to the following steps
1. Add the following line to the pg_hba.conf server. This will allow connection from “192.168.xxx.xx” ip-address (This is the client ip)
# vi /var/lib/pgsql/data/pg_hba.conf
host all all 192.168.xxx.xx/xx trust
Change the Listen Address in postgresql.conf
# grep listen /var/lib/pgsql/data/postgresql.conf
listen_addresses = '*'
Test the Remote Connection
You just need to change the method md5 to trust and and enter the address as 0.0.0.0/0.
Open the config file
vi /var/lib/pgsql/data/pg_hba.conf
Insert the following line
host all all 0.0.0.0/0 trust
Maybe it will work.
I use a Windows 10 machine with Virtualbox 5.0.16 in which Ubuntu 15.10 is running. The network adapter is a Bridged one with the name set to Intel(R) Dual Band Wireless-AS 3165. The promiscuous-Mode is set to allow all VMs and the host and the underlying checkbox is checked (cable connected).
In this Ubuntu, I run a PostgreSQL 9.4.5 instance in which I configured both the postgresql.conf and pg_hba.conf files.
In the postgresql.conf file, I have well set this line:
listen_addresses = '*'
And in the pg_hba.conf, I have following lines at the bottom:
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 0.0.0.0/0 md5
host all all ::1/128 md5
host all all ::/0 md5
host all all 192.168.1.13 md5
host all all 0.0.0.0/0 md5
Currently, the ip address of my host machine is (ipconfig command and wireless) 192.168.1.13 and the guest machine is (ifconfig command) 192.168.1.4
When using pgadmin from the host machine to connect to the guest machine, I get following message: FATAL: no pg_hba.conf entry for host "192.168.1.13", user "postgres", database "postgres", SSL off
I tried to connect to my host to guest via ssh but I get a "Network error: Connection refused" message. Maybe this is a key insight of my issue?
The ping works in both directions.
Thanks to #DanielVérité.
The command show hba_file showed me the pg_hba I was actually editing was not the right one. I edited the one in /etc/postgresql/9.4/main folder while the one used by postgreSQL is /opt/PostgreSQL/9.4/data