I need to specify sslmode=allow when using psql to connect to my PostgreSQL DB, like: psql sslmode=allow -h localhost -p 5432
otherwise I get server does not support SSL, but SSL was required
I tried specifying the same option to pg_dump but it doesn't recognize the option.
How do I specify sslmode to pg_dump?
You need to use the environment variable PGSSLMODE like this:
PGSSLMODE=allow pg_dump -h localhost -p 5432
see https://dba.stackexchange.com/a/227805
pg_dump "port=<port> host=<host> user=<user> dbname=<db> sslcert=<cert> sslkey=<key> sslrootcert=<ca.crt> sslmode=allow" -f <file>
Related
Some Postgres connection options are usually specified in the connection string. For example, sslmode=require can be set with the following connection string
postgresql://postgres:postgres#localhost:5432/postgres?sslmode=require
But psql --help doesn't provide any information on how to set something like that.
You can pass in a conninfo string or URI. The two examples below are equivalent.
psql postgresql://postgres:postgres#localhost:5432/postgres?sslmode=require
psql "sslmode=require" -U postgres -h localhost -p 5432 -d postgres
Multiple options are space delineated.
psql "dbname=postgres sslmode=require" -U postgres -h localhost -p 5432
See The Connection URI Parameter Key Words documentation for other options.
You can also inspect the current connection info using the \conninfo meta command
postgres=# \conninfo
You are connected to database "postgres" as user "postgres" on host "localhost" at port "5432".
The online documentation of psql goes into more detail under the
Connecting to a Database section.
I have a database server without much disk space, so I took a backup of the entire db (let's just call it redblue) and saved it locally using the following command (I don't have pg running on my computer):
ssh admin#w.x.y.z "pg_dump -U postgres redblue -h localhost " \
>> db_backup_redblue.sql
I'd like to now restore it to another server (1.2.3.4) which contains an older version of "redblue" database - however wanted to ask if this is right before I try it:
ssh admin#1.2.3.4 "pg_restore -U postgres -C redblue" \
<< db_backup_redblue.sql
I wasn't sure if I need to do -C with the name of the db or not?
Will the above command overwrite/restore the remote database with the file I have locally?
Thanks!
No, that will do nothing good.
You have to start pg_restore on the machine where the dump is. Actually, since this is a plain format dump, you have to use psql rather than pg_restore:
psql -h 1.2.3.4 -U postgres -d redblue -f db_backup_redblue.sql
That requires that there is already an empty database redblue on the target system.
If you want to replace an existing database, you have to use the --clean and --create options with pg_dump.
If you want to use SSL, you'll have to configure the PostgreSQL server to accept SSL connections, see the documentation.
I'd recommend the “custom” format of pg_dump.
Of course, you can do this :) Assuming you use ssh keys to authorize user from source host to destination host.
On the source host you do the pg_dump, then pipe through ssh to destination host like this:
pg_dump -C nextcloud | ssh -i .ssh/pg_nextcloud_key postgres#192.168.0.54 psql -d template1
Hope that helps ;)
I'm trying to pg_dump a SQL database on a remote server in our DMZ. There are 2 problems.
there is not a lot of space left on the remote server so the normal command run to locally backup the database
pg_dump -C database > sqldatabase.sql.bak won't work due to space issues.
I also can't run the other version of pg_dump command to dump database from remote server to local server using:
pg_dump -C -h remotehost -U remoteuser db_name | psql localhost -U localuser db_name
as the server is in our DMZ and port 5432 is blocked. What I'm looking to see is if it is possible to pg_dump the database and immediatly save it (ssh or some other form) as a file to a remote server.
What I was trying was: pg_dump -C testdb | ssh admin#ourserver.com | > /home/admin/testdb.sql.bak
Does anyone know if what i am trying to achieve is possible?
You can connect with ssh to your remote server, do with the connect the pg_dump call and send the output back to stdout of local machine.
ssh user#remote_machine "pg_dump -U dbuser -h localhost -C --column-inserts" \
> backup_file_on_your_local_machine.sql
let's create a backup from remote postgresql database using pg_dump:
pg_dump -h [host address] -Fc -o -U [database user] <database name> > [dump file]
later it could be restored at the same remote server using:
sudo -u postgres pg_restore -C mydb_backup.dump
Ex:
pg_dump -h 67.8.78.10 -Fc -o -U myuser mydb > mydb_backup.dump
complete (all databases and objects)
pg_dumpall -U myuser -h 67.8.78.10 --clean --file=mydb_backup.dump
restore from pg_dumpall --clean:
psql -f mydb_backup.dump postgres #it doesn't matter which db you select here
Copied from: https://codepad.co/snippet/73eKCuLx
You can try to dump part of the table to a file in your local machine like this (assume your local machine has psql installed):
psql -h ${db_host} -p 5432 -U ${db_user} -d ${db_name} \
-c "\copy (SELECT * FROM my_table LIMIT 10000) to 'some_local_file.csv' csv;"
And you can import the exported csv into another db later like this:
COPY my_table FROM '/path/to/some_local_file.csv' WITH (FORMAT csv);
One possible solution - pipe through ssh - has been mentioned.
You also could make your DB server listen on the public inet address, add a hostssl entry for your backup machine to pg_hba.conf, maybe configure a client certificate for security, and then simply run the dump on the client/backup machine with pg_dump -h dbserver.example.com ...
This is simpler for unattended backups.
For the configuration of the connection (sslmode) see also the supported environment variables.
If you would like to periodically backup a database PostgreSQL that is inside of a container in the remote server to your local host by using pg_dump over ssh, this is useful for you:
https://github.com/omidraha/periodic-pgdump-over-ssh
I have Kubuntu 14.10 desktop with PostgreSQL 9.4 database installed.
I have changed the password of the postgres user in the database by executing the SQL:
ALTER USER postgres PASSWORD 'password';
And I can connect to DB server by psql -h localhost -U postgres -W and giving that password but I can also connect without a password requirement by simply psql -h localhost -U postgres.
On the other hand, if I run psql -h 127.0.0.1 -U postgres it prompts me for the password set before.
What is the difference between the localhost and 127.0.0.1 hosts and their login method? Where is it set? I see no localhost-related entries in the pg_hba.conf file.
The behavior you see might be caused by a password file. The password file is conventionally named ~/.pgpass on Unix systems, but a different filename can be given through the PGPASSFILE environmental variable.
I think a password file that contains a line for "localhost", but does not contain a line for "127.0.0.1" will show the behavior you're seeing. My own ~/.pgpass file contains this line.
localhost:*:*:postgres:password
Here's what happens when I try to connect just like you did.
$ psql -h localhost -U postgres
psql (9.3.5)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
sandbox=# \q
$ psql -h 127.0.0.1 -U postgres
Password for user postgres:
Adding the line 127.0.0.1:*:*:postgres:password to ~/.pgpass lets me log in using 127.0.0.1 and no password.
$ psql -h 127.0.0.1 -U postgres
psql (9.3.5)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
sandbox=#
I am trying to configure ssl certificate for PostgreSQL server. I have created a certificate file (server.crt) and key (server.key) in data directory and update the parameter SSL to "on" to enable secure connection.
I just want only the server to be authenticated with server certificates on the client side and don't require the authenticity of client at server side. I am using psql as a client to connect and execute the commands.
I am using PostgreSQL 8.4 and Linux. I tried with the below command to connect to server with SSL enabled
psql "postgresql://localhost:2345/postgres?sslmode=require"
but I am getting
psql: invalid connection option "postgresql://localhost:2345/postgres?sslmode"
What am doing wrong here? Is the way I am trying to connect to server with SSL mode enabled is correct? Is it fine to authenticate only server and not the client ?
psql below 9.2 does not accept this URL-like syntax for options.
The use of SSL can be driven by the sslmode=value option on the command line or the PGSSLMODE environment variable, but the default being prefer, SSL connections will be tried first automatically without specifying anything.
Example with a conninfo string (updated for psql 8.4)
psql "sslmode=require host=localhost dbname=test"
Read the manual page for more options.
psql --set=sslmode=require -h localhost -p 2345 -U thirunas \
-d postgres -f test_schema.ddl
Another Example for securely connecting to Azure's managed Postgres database:
psql --file=product_data.sql --host=hostname.postgres.database.azure.com --port=5432 \
--username=postgres#postgres-esprit --dbname=product_data \
--set=sslmode=verify-full --set=sslrootcert=/opt/ssl/BaltimoreCyberTrustRoot.crt.pem
Well, you could provide all the information with the following command in CLI, if a connection requires in SSL mode:
psql "sslmode=verify-ca sslrootcert=server-ca.pem sslcert=client-cert.pem sslkey=client-key.pem hostaddr=your_host port=5432 user=your_user dbname=your_db"
Found the following options useful to provide all the files for a self signed postgres instance
psql "host={hostname} sslmode=prefer sslrootcert={ca-cert.pem} sslcert={client-cert.pem} sslkey={client-key.pem} port={port} user={user} dbname={db}"
On psql client v12, I could not find option in psql client to activate sslmode=verify-full.
I ended up using environment variables :
PGSSLMODE=verify-full PGSSLROOTCERT=server-ca.pem psql -h your_host -U your_user -W -d your_db
psql "sslmode=require host=localhost port=2345 dbname=postgres" --username=some_user
According to the postgres psql documentation, only the connection parameters should go in the conninfo string(that's why in our example, --username is not inside that string)
psql -h <host> -p <port> -U <user> -d <db>
and update /var/lib/pgsql/10/data/pg_hba.conf to change the auth method to cert. Check the following link for more information:
https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html
Another pattern that worked with v8 is
psql -h host_name -p port -U user_name "dbname=db sslmode=require"