I've set up a PostgreSQL instance on Google Cloud SQL and have set it up now to only allow SSL connections. I'm able to connect from my workstation via psql and from some apps like R Studio.
However I'm trying to connect via the GCloud Shell and don't seem to see any options to connect with SSL. There are options to manage certifications and I've created another client key and downloaded the files for it in my cloud shell account, I just don't see options for using them to make a connection. Without it just tells me there isn't an HBA for a "No SSL" connection.
Here is what I see (some things obfuscated):
don#cloudshell:~ (xxx)$ gcloud sql connect foo --user=postgres
Whitelisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [postgres].Password for user postgres:
psql: FATAL: connection requires a valid client certificate
FATAL: pg_hba.conf rejects connection for host "a.b.c.d", user "postgres", database "postgres", SSL off
As per Cloud SQL GCP docs:
Cloud Shell connections do not support SSL. Connections from Cloud
Shell fail if the instance is configured to accept only SSL
connections.
Related
I'm trying to setup a pmm-agent to monitor my db at GCP but I'm getting this error:
pg_hba.conf rejects connection for host
The user is postgres and I can connect trhough psql, but when I'm using it trought a service in machine, this fails. Already check conections for db and network.
I've got a Flexible PostgreSQL Cluster hosted on MS Azure Database for PostgreSQL. This server requires TLS/SSL access like shown in the docs, e.g.:
psql "sslmode=verify-full sslrootcert=c:\ssl\DigiCertGlobalRootCA.crt.pem host=mydemoserver.postgres.database.azure.com dbname=postgres user=myadmin"
or without "verify-full" it works as well:
psql "sslmode=require host=mydemoserver.postgres.database.azure.com dbname=postgres user=myadmin"
Everything works fine when I connect directly, not using a proxy server. But at office we have a corporate HTTP proxy / Firewall configured like http://192.168.X.X:3128. When the proxy is activated, connection to Azure fails.
I was trying to use ssh to set up a proxy tunnel, like so:
ssh -p 5432 <Azure DB username>#<Azure DB host: ....database.azure.com> -L 3128:192.168.X.X:5432
But that didn't work (connection time out error). Also tried to configure connection via PuTTY using some examples from the web, but also to no avail.
Question is: is it at all possible to connect to a remote cluster (both Azure and Google Cloud enforce SSH access) from behind an HTTP proxy?
I have created a Citus DB cluster using the Cloud Formation template here:
Multi-Machine AWS Citus Cloud Formation
I can login to the DB using CLI once I go to the host in PuTTy. This does not require a username/pwd. And, this runs successfully.
/usr/pgsql-9.6/bin/psql -h localhost -d postgres
select * from master_get_active_worker_nodes();
I set the Inbound rules for the 5432 port to 0.0.0.0/0 just to allow my remote connection to the DB.
Yet, now, when I try to connect using a JDBC URL from a remote host, I don't know what username/pwd to enter into the PostgreSQL JDBC URL. Is there a default user/pwd to use?
Default username is ec2-user and there is no default password. As you can see from the pg_hba.conf file, authentication method for the localhost is defined as "trust". You may check the details of authentication methods from here. So, you need to let remote hosts to access the db by changing the pg_hba.conf file.
I am trying to connect AWS RDS PostgreSql from PgAdmin 3. I followed the below link
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToPostgreSQLInstance.html
In Security Group, I also added PostgreSQL and All traffic as below
The "publicly accessible" flag was enabled (updated after Mark B's comment)
I got the error from PGAdmin3
Very appreciate for any suggestion
******UPDATE*******
I can connect pgAdminIII to AWS RDS successfully using home wifi, but cannot connect using office wifi.
My concern is:
Was the port 5432 blocked by office wifi?
How can I configure/update the port without impacting to current API?
Note: My current API is working well (CRUD)
Can you can test your connection to a DB instance using common Linux or Windows tools first?
From a Linux or Unix terminal, you can test the connection by typing the following (replace with the endpoint and with the port of your DB instance):
$nc -zv DB-instance-endpoint port
For example, the following shows a sample command and the return value:
$nc -zv postgresql1.c6c8mn7tsdgv0.us-west-2.rds.amazonaws.com 8299
Connection to postgresql1.c6c8mn7tsdgv0.us-west-2.rds.amazonaws.com
8299 port [tcp/vvr-data] succeeded!
Windows users can use Telnet to test the connection to a DB instance. Note that Telnet actions are not supported other than for testing the connection. If a connection is successful, the action returns no message. If a connection is not successful, you receive an error message such as the following:
C:>telnet sg-postgresql1.c6c8mntzhgv0.us-west-2.rds.amazonaws.com
8299
Connecting To sg-postgresql1.c6c8mntzhgv0.us-west-2.rds.amazonaws.com...Could not
open connection to the host, on port 819: Connect failed
If Telnet actions return success, then you are good to go.
If you are trying to access it from a network which is not listed for that port. you need to add inbound rules for those network IPs from AMAZON RDS system
You will also need to set Public accessibility true under Connect & security tab in RDS console.
Read this post.In your security group go to unbound rules and add my ip.
and make sure your database is public.
https://serverfault.com/questions/656079/unable-to-connect-to-public-postgresql-rds-instance
I'm unable to connect to a new PostgreSQL in AWS RDS.
I have a Heroku app and I would like to use Amazon RDS for my database instead of Heroku. For that I've been following this guide: https://www.reinteractive.net/posts/128-heroku-app-backed-by-an-aws-rds-postgres-database
I've made a backup from my current Heroku DB and want to load it on the new database.
My security group for the database allows all inbound connections for port 5432 (0.0.0.0/0) and I've made a new VPC to have my DB set as Publicly Accesible (DNS hostnames and DNS resolution enabled). I created the database on postgres version 9.4.9.
However when I do:
-f latest.sql --host=xxx.xxx.us-west-2.rds.amazonaws.com --port=5432 --username=awsuser --password --dbname=mydatabase
from my computer, I only get a connection time out error:
psql: could not connect to server: Connection timed out
Is the server running on host xxx.xxx.us-west-2.rds.amazonaws.com" (1.2.3.4) and accepting
TCP/IP connections on port 5432?
The server is indeed running. In this case latest.sql is the backup I did. After this I edited the Database security groups to accept all connections (0.0.0.0/0) too.
Database Rules
(from what I've read this should not be necessary because I already have the VPC Security Group), but the result is the same.
Is there any way to trace what's going on / why is my connection getting blocked?