I want to have a postgres database on a computer that I can use from multiple (external) computers. It will act as a trial server for me, leaving it on whenever I need it.
I researched how to do it and found out I had to forward the service postgres to the internet. Postgres is on port 5432. I logged in my router which has a forwarding option. I opened up the port 5432, but cant add postgres to the list of services.
Is there a reason for that?
Actually. I found that I just have to adapt the pg_hba.conf file (just started trying). I am running windows. Any advise is welcome, this is not my expertise. I dont understand why it would work if I just adapt the pg_hba.conf. For games or other services, like a game, I have to open a port in the router. Or should I do both?
From Postgres documentation - Client authentication is controlled by a configuration file, which traditionally is named pg_hba.conf and is stored in the database cluster's data directory. (HBA stands for host-based authentication.)
Each record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user name, and the authentication method to be used for connections matching these parameters.
So it is absolutely required to set up your pg_hba.conf for it to allow access to other computers. You will also need to setup router and firewall settings for allowing incoming connections to port 5432.
Here is what you need to do
on postgres.conf change listen_address to:
listen_addresses = '*'
and on pg_hba add this to the end of the file
host all all 0.0.0.0/0 md5
And also make sure the port is forwarded to the machine running Postgres from your router
Related
I have a postgres database called salephone_test with 3 tables (smartphones, listings, phone_listings) on my windows pc which I want to replicate to at least one ubuntu droplet on digitalocean. I attempted the following setup to replicate the smartphones table:
On my local machine (pc) in postgresql.conf I set the listen_addresses = '*' and wal_level = logical
in pg_hba.conf, I added the following lines
host salephone_test rep 0.0.0.0/0 md5
host salephone_test all 104.248.54.230/0 md5
host all all 0.0.0.0/0 md5
host all all 0.0.0.0/0 md5
where 104.248.54.230 is the IP of my digitalocean droplet
I also set up a replication user and publication by the following commands
CREATE ROLE rep REPLICATION LOGIN PASSWORD 'fakepass';
GRANT SELECT on smartphones to rep;
CREATE PUBLICATION test_phones FOR TABLE smartphones;
on my remote droplet, after installing postgres on the ubuntu, I created a database called salephone with a table called smartphones
in psql, I then used the following command to subscribe for logical replication
// 50.71.125.50 is my pc ip according to google
CREATE SUBSCRIPTION phone_sub CONNECTION 'dbname = salephone_test host = 50.71.125.50 user = rep password = fakepass port = 5432' PUBLICATION test_phones;
after a minute of waiting, I received the following
ERROR: could not connect to the publisher: connection to server at "50.71.125.50", port 5432 failed: Connection timed out
Is the server running on that host and accepting TCP/IP connections?
Note: i tried restarting postgres on my pc multiple times already via services.msc
Your home modem/router is surely blocking the connection. You will need to configure it to accept the connection and do 'port forwarding' to your pc. How you do that (or if it is even possible) would depend on the make and model of the router.
Also, your pg_hba doesn't make much sense. The reason to have a more specific entry above a more general entry is to give it a different auth method (or configuration). Since all your entries have the same method, you might as well just have the last line and not have the preceding 3.
I was succesfull with connecting another computer with my local PostgreSQL Server(On Windows 10). I've
added two specific lines of arguments in the respectful config files.
postgresql.conf:
listen_addresses = '*'
pg_hba.conf:
host all all all md5
I understood, that this connection is now possible in my local Network, where I am currently connected to. Is this really the case, or do I have to look out for some connections outside my network to block them? (ssl = off, hope that without ssl it is only local)
For completness, i also added a firewall rule where I allowed TCP connections for a port [Port] and profiles in a domain, private and public network.
You can limit the IP range adding a mask like, I'm not sure about that 3rd "all":
host all all 192.168.0.1/24 md5
In any case, you can check the log and see if pg up and listen (pg_log or -l parameter)
I am running my postgres-9.2 on 6432 port and pgbouncer on 5432 port. Few of my colleagues client machines have the firewall connection permissions on 5432 port on server machine. But as a DB admin, I wanted to restrict some IP addresses from accessing the database.
But, though I block in the pg_hba.conf file, since the pgbouncer port is allowed, they are able to access.
I can block at the OS firewall level but I don't want to take the help of my system administrator. So, is there any way to restrict and deny IP addresses from accessing the pgbouncer as we generally do through pg_hba.conf for the postgresql.
Please suggest.
https://pgbouncer.github.io/2015/12/pgbouncer-1-7
Main changes from v1.6 are support for TLS connections, HBA control
file and authentication via unix peer uid.
So from 1.7 you have hba file, just like in vanil postgres. And thus filtering connections by IP is as easy.
Also you can use some tricks, dropping connections after they connected, as described in my other recent answer https://stackoverflow.com/a/46191949/5315974 but again - it is more a trick for urgently getting rid of connections. Using such tricks in while loop or as a job is generally a bad idea.
So I been developing a web application which connected to a postgresql server on another machine. Everything works fine.
Then I deployed the web application to the the same machine running the postgresql server and got an error message:
FATAL: 28000: no pg_hba.conf entry for host "fe80::ccee:154f:18f5:418f%11", user "myuser", database "mydb", SSL off
My pg_hba-conf already has this line:
# IPv6 local connections:
host all all ::1/128 md5
Thats supposed to be the loopback address for ipv6 right?
I can fix it by adding this line(pure guessing):
#host all all fe80::/16 md5
I suspect this works by letting everyone connect?
So question is why would it use ipv6 instead of ipv4?
And why does the loopback not work?
When you connect using a hostname, one of the first things that happens is that libpq (the postgresql client library) will attempt to resolve the hostname. In most cases this will mean looking it up via DNS. Whatever address comes back will then be used for the connection.
I am guessing that in your case the address that the hostname resolves to is an IPv6 address. Your experiments with ping would seem to back up that assumption.
So, despite being on the same machine, it is connecting via the IPv6 address of the host. As far as the server is concerned, it sees the connection coming in from the IPv6 address of the host. This address is not ::1/128 (localhost) so it does not match that entry in pg_hba.conf.
One way to resolve this would be to change the connection string of your appication to localhost (or ::1/128, or even 127.0.0.1). That would cause the loopback entries in the pg_hba.conf to be selected.
If you were using a platform that supports UNIX domain sockets, and as you are connecting to the server on the same host, you would be better off to remove the host parameter from the connection string altogether. In that case libpq would use local UNIX domain sockets to connect to the server, which would be more efficient than connecting locally via an IP address anyway. However since you are using .NET that solution probably does not apply.
I just recently install PostgreSQL on our server via SSH. The installation went successful, until the time I tried to connect to it using pgAdmin on my Windows machine.I received this kind of error:
could not connect to server: Connection refused (0x0000274D/10061) Is
the server running on host "xxx.xxx.xxx.xxx" and accepting TCP/IP
connections on port 5432?
xxx.xxx.xxx.xxx = my server's public IP.
The docs suggest this can be fixed by setting the value of listen_addresses = '*' in the /etc/postgresql/9.1/main/postgresql.conf. I did that but still it won't let me.
additional error came up
FATAL: no pg_hba.conf entry for host "xxx.xx.xxx.xxx", user
"postgres", database "postgres", SSL on FATAL: no pg_hba.conf entry
for host "xxx.xx.xxx.xxx", user "postgres", database "postgres", SSL
off
xxx.xx.xxx.xxx = my IP address.
What seems to be I'm missing?
Things that could block a postgres connection:
misconfigured listen_address in postgresql.conf
selinux (?)
iptables
pg_hba.conf (although this should cause a different error, not server doesn't listen)
Can you connect to the server locally, if you ssh in and run psql?
On our internal dev servers, I just turn off selinux and iptables. This is a bad idea from a security standpoint, but it might serve as a temporary step to help you narrow down where the problem is.
You might need to change more than one configuration file. In your case, you probably need to edit pg_hba.conf, too. Search that file for "non-local connections".
I like to keep configuration files under version control. It's easier to recover from mistakes that way.
You probably need to restart the PostgreSQL server after making those changes.
After changing listen_addresses settings on the server, make sure to restart the PostgreSQL server (send SIGHUP to the postmaster process, with kill -HUP, etc).
Make sure that postgresql.conf port is set to 5432
Make sure that if a firewall is running on the server, that port 5432 is open for connections coming from the window's (client) machine you are using
Check pg_hba.conf to make sure that the subnet of your client machine is given access
Try using psql locally