When no SSL configs applied :
pg_hba.conf
host database user 0.0.0.0/0 scram-sha-256
postgresql.conf
listen_addresses = ‘*’
port = 5432
ssl = on
ssl_cert_file = ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’
ssl_key_file = ‘/wtc/ssl/private/ssl-cert-snakeoil.key’
I get : netstat -nltp
smadmin#studymatepro:~$ sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 970/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1405/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1079/cupsd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 3780/postgres
tcp6 0 0 :::22 :::* LISTEN 1405/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1079/cupsd
tcp6 0 0 :::5432 :::* LISTEN 3780/postgres
smadmin#studymatepro:~$
you can see the remote tcp/ip on port 5432 ; and can get SSL connection (server side authentication only)
Now , when I configure SSL , and add client.crt,client.key & root.crt to the client machine :
pg_hba.conf
hostssl database user 0.0.0.0/0 scram-sha-256 clientcert=1
postgresql.conf
listen_addresses = ‘*’
port = 5432
ssl = on
ssl_cert_file = ‘/etc/ssl/certs/server.crt’ // my self signed crt
ssl_key_file = ‘/etc/ssl/private/server.key’
ssl_ca_file = ‘/etc/ssl/certs/rootCert.crt’
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'
password_encryption = scram-sha-256
and do : netstat -nltp ; I get
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 970/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1405/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1079/cupsd
tcp6 0 0 :::22 :::* LISTEN 1405/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1079/cupsd
The remote TCP/IP on port 5432 gone !!! and thats why I’m getting the connection refused since remote port 5432 are no longer active .
The question is why this happined ...I’m I doing some wrong ?
Related
I am able to access postgres from the server where I have installed it. Not from different server.
Netstat output:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
my config file
# Database administrative login by Unix domain socket
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::1/128 md5
What could be the reason I am not able to access this from outside the server?
Error:
Is the server running on host "" (IP) and accepting
TCP/IP connections on port 5432?
I have just deployed a Postgres / timescaleDB on Ubuntu in AWS.
When I ssh my postgres VM, I can connect pgsql via CLI.
ubuntu#ip-172-31-35-57:~$ psql -U julien -h localhost db
Password for user julien:
psql (12.3 (Ubuntu 12.3-1.pgdg20.04+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
db=>
I can also see postgres is listening
ubuntu#ip-172-31-35-57:~$ sudo netstat -nlpute
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 101 46086 6152/systemd-resolv
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 20033 700/sshd: /usr/sbin
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 113 62083 20332/postgres
tcp6 0 0 :::80 :::* LISTEN 0 68924 23549/apache2
tcp6 0 0 :::22 :::* LISTEN 0 20044 700/sshd: /usr/sbin
udp 0 0 127.0.0.53:53 0.0.0.0:* 101 46085 6152/systemd-resolv
udp 0 0 172.31.35.57:68 0.0.0.0:* 100 651337 6134/systemd-networ
I checked ufw:
ubuntu#ip-172-31-35-57:~$ sudo ufw status
Status: inactive
I also opened fully Security Groups.
But still, I cannot connect my postgres DB from local.
With a local Postgres DB, I have no problem ( my app works )
What did I forget ???
Check listen_addresses in postgresql.conf file allowed remote connections. It should be
listen_addresses = '*'
In pg_hba.conf file you need to add following entry
host all all 0.0.0.0/0 md5
Be sure it is not a firewall issue.
I am trying to allow remote connections to postgresql on ubuntu 19, I first edited postgresql.conf, specifically the parameter listen_addresses, like this:
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
as this tutorial says https://blog.bigbinary.com/2016/01/23/configure-postgresql-to-allow-remote-connection.html,
then I restarted the psql server with the following command:
$ service postgresql restart
Following, I edited pg_hba.conf file too adding these two lines at the very end:
host all all 0.0.0.0/0 md5
host all all ::/0 md5
restarted again the psql server. The tutorial says that this should be all but when I do the netstat -nlt command to see if it is already working, netstat shows the following information:
$ netstat -nlt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp6 0 0 ::1:42545 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::1883 :::* LISTEN
when it shoudl be showing something like this, specifically on port 5432:
$ netstat -nlt
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2812 0.0.0.0:* LISTEN
tcp6 0 0 ::1:11211 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
I have done some research and it might be something related with postgresql.auto.conf file overwriting the postgresql.conf file, but i could not get further since postgresql.auto.conf only shows this:
# Do not edit this file manually!
# It will be overwritten by the ALTER SYSTEM
I would appreciate some help about this issue, thanks.
Having a time trying to connect to a PostgreSQL database on Ubuntu 18.04 server.
Here is my:
postgresql.conf file:
port=5432
listen_addresses='*'
pg_hba.conf:
host all all 0.0.0.0/0 md5
firewall is currently disabled
here is the output when I did the command (saw in another thread to do this...):
sudo netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 608/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 842/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2922/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1055/master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 867/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 842/sshd
tcp6 0 0 :::25 :::* LISTEN 1055/master
tcp6 0 0 :::80 :::* LISTEN
I have restarted postgresql each when making a change using the command:
sudo service postgresql restart.
I have tried to access the db using the python library psycopg2 on macOS and getting this error
could not connect to server: Connection refused
Is the server running on host "<ip_address>" and accepting
TCP/IP connections on port 5432?
What am I missing?
From the netstat output it is obvious that you didn't restart PostgreSQL after changing listen_addresses.
I have postgreSQL runiing on my google cloud instance and i added firewall rule "tcp 5432" on Google cloud firewall but still i am unable to connect, even telnet is not working.
officetaskpy#instance-1:/etc/postgresql/9.5/main$ netstat -ntpl
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5910 0.0.0.0:* LISTEN 9020/Xvnc
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:44801 0.0.0.0:* LISTEN 16023/phantomjs
tcp 0 0 0.0.0.0:53619 0.0.0.0:* LISTEN 812/phantomjs
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
Result of netstat command
Above is my firewall rule. Is there anything which i am missing here.