By default, PostgreSQL database server remote access disabled for security reasons. However, some time you need to provide the remote access to database server from home computer or from web server.
Step # 1: Login over ssh if server is outside your IDC
Login over ssh to remote PostgreSQL database server:
$ ssh user@remote.pgsql.server.com
Step # 2: Enable client authentication
Once connected, you need edit the PostgreSQL configuration file, edit the PostgreSQL configuration file /var/lib/pgsql/data/pg_hba.conf (or /etc/postgresql/8.2/main/pg_hba.conf for latest 8.2 version) using a text editor such as vi.
Login as postgres user using su / sudo command, enter:
$ su - postgres
Edit the file:
$ vi /var/lib/pgsql/data/pg_hba.conf
OR
$ vi /etc/postgresql/8.2/main/pg_hba.conf
Append the following configuration lines to give access to 10.10.29.0/24 network:
host all all 10.10.29.0/24 trust
Save and close the file. Make sure you replace 10.10.29.0/24 with actual network IP address range of the clients system in your own network.
Step # 2: Enable networking for PostgreSQL
You need to enable TCP / IP networking. Use either step #3 or #3a as per your PostgreSQL database server version.
Step # 3: Allow TCP/IP socket
If you are using PostgreSQL version 8.x or newer use the following instructions or skip to Step # 3a for older version (7.x or older).
You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf or /etc/postgresql/8.2/main/postgresql.conf.
# vi /etc/postgresql/8.2/main/postgresql.conf
OR
# vi /var/lib/pgsql/data/postgresql.conf
Find configuration line that read as follows:
listen_addresses='localhost'
Next set IP address(es) to listen on; you can use comma-separated list of addresses; defaults to 'localhost', and '*' is all ip address:
listen_addresses='*'
Or just bind to 202.54.1.2 and 202.54.1.3 IP address
listen_addresses='202.54.1.2 202.54.1.3'
Save and close the file. Skip to step # 4.
Step #3a - Information for old version 7.x or older
Following configuration only required for PostgreSQL version 7.x or older. Open config file, enter:
# vi /var/lib/pgsql/data/postgresql.conf
Bind and open TCP/IP port by setting tcpip_socket to true. Set / modify tcpip_socket to true:
tcpip_socket = true
Save and close the file.
Step # 4: Restart PostgreSQL Server
Type the following command:
# /etc/init.d/postgresql restart
Step # 5: Iptables firewall rules
Make sure iptables is not blocking communication, open port 5432 (append rules to your iptables scripts or file /etc/sysconfig/iptables):
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 10.10.29.50 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 10.10.29.50 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Restart firewall:
# /etc/init.d/iptables restart
Step # 6: Test your setup
Use psql command from client system. Connect to remote server using IP address 10.10.29.50 and login using vivek username and sales database, enter:
$ psql -h 10.10.29.50 -U vivek -d sales
Further readings:
=> man page: pgsql and configuration file
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Feb/6/08
Sign up for our daily email newsletter:
{ 21 comments… read them below or add one }
Hey,
Just tried out this and worked like wonder.
Keep up the great blogging!
Just wanted to point out that with PostgreSQL 8.x the option tcpip_socket is no longer valid.
The correct parameter is,
listen_address = ‘localhost’
which needs to be changed to,
listen_address = ‘*’
and PostgreSQL daemon restarted.
am working on postgres8.2.4
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 10.10.29.50 –dport 5432 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.10.29.50 –sport 5432 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
these additions gave me error on restarting, asking me to restore the iptables.
I removed the iptables from the above lines and it worked.
as am novice in this field, so am not sure if what i did was correct.
how to improve speed and performance of database server on linux
“How Do I Enable remote access to PostgreSQL database server? ”
Still does not answer the question…
the answer just points on to giving access to a small network, but what if you want to give access to ANY IP not just your network, basically REAL remote access.
whats the command for that
Xionicfire,
‘*’ = ALL, so use
host all all * md5Refer to man page.
but what if you want to give access to ANY IP not just your network, basically REAL remote access.
This is a bad idea, giving out access to whole world is really a bad idea. Do you wanna anyone come and try to connect your database server?
I am technical, but database and server admin is mot my area. I am writing a linux desktop application that reads data from postgres DB. I would like this application to able to use a central database (on my server).
I see vivek (#7 above) recommends not opening up postgres to all the world. What is recommendation for a distributed application? Is there some way for the application to identify itself to postgres? Since each instance of the application will be an a separate network.
Thanks for the info.
Hello!
During instalation process I can not log in. What I have to enter in the username and password fields to be able to conect?
I tried as username: postgres and for password postgrespass and postgresuser, but received a message :”invalid password or username”!?!?!
Regards,
Goran
very helpfull for newbie
How is this:
1, Listen to the world *
2, Use md5
3, only those database allowed
4, only specific user.
I will try this.
Hi all,
Now, i m facing problem in log in to postgresql by webmin interface. Problem is that all a long I used to login postgresql DB by webmin interface and able to login smoothly . But last few days ago , i ‘ve changed the root (super user) password and not able to log in at all . I believe password has been wrong for over 3 times and IP address has been blocked .
Hence , I ‘ve tried to login from different IP address and also the same thing encountering.
I ‘m using Postgresql very 7 + . Kindly pls help me to solve my problem by how to enable such thing back to normal . There is no IP talbes restrictions .
Looking forward to your solutions..
Hi all,
Now, when i tried to log in , below is the error for yours references :
12204 SSL port specified is not allowed.
An error occurred while trying to retrieve your URL.
This error could have been caused by:
Bad / misspelled URL
Your access permissions
Your network connection and/or transient conditions on the Internet
An error on the source web server
——————————————————————————–
Microsoft Proxy Server v2.0
And also , this postgresql is running on Linux Debian , port number 10000 for it.
Thanks
Hi all ,
Here is the error message for my issue,
12204 SSL port specified is not allowed.
An error occurred while trying to retrieve your URL.
This error could have been caused by:
Bad / misspelled URL
Your access permissions
Your network connection and/or transient conditions on the Internet
An error on the source web server
Hence, its running on Linux Debian and port 10000 ,
Thaxs
Okay, that’s great for remote access via ssh. My problem is that there is a PostgreSQL Server in one datacenter, and a php based website in another data center. I’m told that you can’t enable PostgreSQL support in PHP w/o actually installing PostgreSQL Server on that machine, but I don’t want PostgreSQL on the webserver, and I have a customer that want’s to use it via his website w/PHP.
This is what I’ve gotten so far from php.net:
In order to enable PostgreSQL support, –with-pgsql[=DIR] is required when you compile PHP. DIR is the PostgreSQL base install directory, defaults to /usr/local/pgsql. If shared object module is available, PostgreSQL module may be loaded using extension directive in php.ini or dl() function.
and from http://us3.php.net/manual/en/pgsql.requirements.php I get:
To use PostgreSQL support, you need PostgreSQL 6.5 or later, PostgreSQL 8.0 or later to enable all PostgreSQL module features.
So my question is, can I, or how can I enable PostgreSQL support in PHP w/o installing the actual database server on that particular machine?
Thanks,
Bradley
No Need to install PostgreSQL on same server. To connect via php, simply specifiy server IP, username and password. You also need to open port using iptables. Also, remote connection between two servers in the same data center is recommended. If you have a two different data center consider security (which can be overcome using SSL connection between db server and php app server) and latency.
HTH
I am still having problems connecting. my pg_hba.conf file is thus
# “local” is for Unix domain socket connections only
local all all * trust
IPv4 local connections:
host all all * trust
# IPv6 local connections:
host all all ::1/128 ident sameuser
my error message is this
psql -h 127.0.0.1 -d template1
psql: FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.
what am I doing wrong cause it was working before..
It is working now as I had to use the below …
http://www.postgresql.org/docs/8.0/interactive/client-authentication.html#AUTH-PG-HBA-CONF
Hello,
In CentOS 2.6.9-89.0.16.plus.c4smp :
Verify /var/lib/pgsql/data/postgresql.conf :
Not only change:
from:
#tcpip_socket = false
to:
tcpip_socket = true
But too:
from:
#port = 5432
to:
port = 5432
In /var/lib/pgsql/data/pg_hba.conf add:
host name_base name_user 0.0.0.0/0 md5
or
host name_base name_user fixed_ip md5
:)
Hello All,
I have postgre installed via ports and the only config file I have is :
/usr/ports/databases/postgresql82-server/files/patch-src:backend:utils:misc:postgresql.conf.sample
Any idea of what could it be ?
thanks dude…