How Do I Enable remote access to PostgreSQL database server?

by on October 9, 2007 · 37 comments· LAST UPDATED February 6, 2008

in , ,

By default, PostgreSQL database server remote access disabled for security reasons. However, some time you need to provide the remote access to database server from home computer or from web server.

Step # 1: Login over ssh if server is outside your IDC

Login over ssh to remote PostgreSQL database server:
$ ssh user@remote.pgsql.server.com

Step # 2: Enable client authentication

Once connected, you need edit the PostgreSQL configuration file, edit the PostgreSQL configuration file /var/lib/pgsql/data/pg_hba.conf (or /etc/postgresql/8.2/main/pg_hba.conf for latest 8.2 version) using a text editor such as vi.

Login as postgres user using su / sudo command, enter:
$ su - postgres
Edit the file:
$ vi /var/lib/pgsql/data/pg_hba.conf
OR
$ vi /etc/postgresql/8.2/main/pg_hba.conf
Append the following configuration lines to give access to 10.10.29.0/24 network:
host all all 10.10.29.0/24 trust
Save and close the file. Make sure you replace 10.10.29.0/24 with actual network IP address range of the clients system in your own network.

Step # 2: Enable networking for PostgreSQL

You need to enable TCP / IP networking. Use either step #3 or #3a as per your PostgreSQL database server version.

Step # 3: Allow TCP/IP socket

If you are using PostgreSQL version 8.x or newer use the following instructions or skip to Step # 3a for older version (7.x or older).

You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf or /etc/postgresql/8.2/main/postgresql.conf.
# vi /etc/postgresql/8.2/main/postgresql.conf
OR
# vi /var/lib/pgsql/data/postgresql.conf
Find configuration line that read as follows:
listen_addresses='localhost'
Next set IP address(es) to listen on; you can use comma-separated list of addresses; defaults to 'localhost', and '*' is all ip address:
listen_addresses='*'
Or just bind to 202.54.1.2 and 202.54.1.3 IP address
listen_addresses='202.54.1.2 202.54.1.3'
Save and close the file. Skip to step # 4.


Step #3a - Information for old version 7.x or older

Following configuration only required for PostgreSQL version 7.x or older. Open config file, enter:
# vi /var/lib/pgsql/data/postgresql.conf
Bind and open TCP/IP port by setting tcpip_socket to true. Set / modify tcpip_socket to true:
tcpip_socket = true
Save and close the file.


Step # 4: Restart PostgreSQL Server

Type the following command:
# /etc/init.d/postgresql restart

Step # 5: Iptables firewall rules

Make sure iptables is not blocking communication, open port 5432 (append rules to your iptables scripts or file /etc/sysconfig/iptables):

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 10.10.29.50  --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.10.29.50 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Restart firewall:
# /etc/init.d/iptables restart

Step # 6: Test your setup

Use psql command from client system. Connect to remote server using IP address 10.10.29.50 and login using vivek username and sales database, enter:
$ psql -h 10.10.29.50 -U vivek -d sales

Further readings:

=> man page: pgsql and configuration file

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 37 comments… read them below or add one }

1 Sam October 9, 2007 at 3:09 pm

Hey,

Just tried out this and worked like wonder.

Reply

2 Raju October 9, 2007 at 3:11 pm

Keep up the great blogging!

Reply

3 Swapneel November 14, 2007 at 2:07 am

Just wanted to point out that with PostgreSQL 8.x the option tcpip_socket is no longer valid.

The correct parameter is,

listen_address = ‘localhost’

which needs to be changed to,

listen_address = ‘*’

and PostgreSQL daemon restarted.

Reply

4 vibhor goyal January 22, 2008 at 7:26 am

am working on postgres8.2.4

iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 10.10.29.50 –dport 5432 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.10.29.50 –sport 5432 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

these additions gave me error on restarting, asking me to restore the iptables.

I removed the iptables from the above lines and it worked.

as am novice in this field, so am not sure if what i did was correct.

Reply

5 sashbeer bhandari February 26, 2008 at 2:07 pm

how to improve speed and performance of database server on linux

Reply

6 Xionicfire April 9, 2008 at 8:07 pm

“How Do I Enable remote access to PostgreSQL database server? ”

Still does not answer the question…

the answer just points on to giving access to a small network, but what if you want to give access to ANY IP not just your network, basically REAL remote access.

whats the command for that

Reply

7 nixCraft April 9, 2008 at 8:50 pm

Xionicfire,
‘*’ = ALL, so use

host all all * md5

Refer to man page.

but what if you want to give access to ANY IP not just your network, basically REAL remote access.
This is a bad idea, giving out access to whole world is really a bad idea. Do you wanna anyone come and try to connect your database server?

Reply

8 Olmec Sinclair September 9, 2008 at 12:08 am

I am technical, but database and server admin is mot my area. I am writing a linux desktop application that reads data from postgres DB. I would like this application to able to use a central database (on my server).

I see vivek (#7 above) recommends not opening up postgres to all the world. What is recommendation for a distributed application? Is there some way for the application to identify itself to postgres? Since each instance of the application will be an a separate network.

Thanks for the info.

Reply

9 Goran September 27, 2008 at 7:08 pm

Hello!
During instalation process I can not log in. What I have to enter in the username and password fields to be able to conect?
I tried as username: postgres and for password postgrespass and postgresuser, but received a message :”invalid password or username”!?!?!
Regards,
Goran

Reply

10 Ankit June 5, 2014 at 2:19 pm

Username= postgres
password which did you write during of installation

Reply

11 niraj February 19, 2009 at 1:09 pm

very helpfull for newbie

Reply

12 frankpeng March 15, 2009 at 12:50 am

How is this:
1, Listen to the world *
2, Use md5
3, only those database allowed
4, only specific user.
I will try this.

Reply

13 Louis April 3, 2009 at 9:09 am

Hi all,

Now, i m facing problem in log in to postgresql by webmin interface. Problem is that all a long I used to login postgresql DB by webmin interface and able to login smoothly . But last few days ago , i ‘ve changed the root (super user) password and not able to log in at all . I believe password has been wrong for over 3 times and IP address has been blocked .
Hence , I ‘ve tried to login from different IP address and also the same thing encountering.
I ‘m using Postgresql very 7 + . Kindly pls help me to solve my problem by how to enable such thing back to normal . There is no IP talbes restrictions .

Looking forward to your solutions..

Reply

14 Louis April 3, 2009 at 9:11 am

Hi all,

Now, when i tried to log in , below is the error for yours references :

12204 SSL port specified is not allowed.

An error occurred while trying to retrieve your URL.
This error could have been caused by:

Bad / misspelled URL
Your access permissions
Your network connection and/or transient conditions on the Internet
An error on the source web server

——————————————————————————–

Microsoft Proxy Server v2.0

And also , this postgresql is running on Linux Debian , port number 10000 for it.

Thanks

Reply

15 Louis April 3, 2009 at 9:15 am

Hi all ,

Here is the error message for my issue,

12204 SSL port specified is not allowed.
An error occurred while trying to retrieve your URL.
This error could have been caused by:
Bad / misspelled URL
Your access permissions
Your network connection and/or transient conditions on the Internet
An error on the source web server

Hence, its running on Linux Debian and port 10000 ,
Thaxs

Reply

16 Bradley D. Thornton April 4, 2009 at 11:42 pm

Okay, that’s great for remote access via ssh. My problem is that there is a PostgreSQL Server in one datacenter, and a php based website in another data center. I’m told that you can’t enable PostgreSQL support in PHP w/o actually installing PostgreSQL Server on that machine, but I don’t want PostgreSQL on the webserver, and I have a customer that want’s to use it via his website w/PHP.

This is what I’ve gotten so far from php.net:

In order to enable PostgreSQL support, –with-pgsql[=DIR] is required when you compile PHP. DIR is the PostgreSQL base install directory, defaults to /usr/local/pgsql. If shared object module is available, PostgreSQL module may be loaded using extension directive in php.ini or dl() function.

and from http://us3.php.net/manual/en/pgsql.requirements.php I get:

To use PostgreSQL support, you need PostgreSQL 6.5 or later, PostgreSQL 8.0 or later to enable all PostgreSQL module features.

So my question is, can I, or how can I enable PostgreSQL support in PHP w/o installing the actual database server on that particular machine?

Thanks,

Bradley

Reply

17 nixCraft April 5, 2009 at 2:25 am

No Need to install PostgreSQL on same server. To connect via php, simply specifiy server IP, username and password. You also need to open port using iptables. Also, remote connection between two servers in the same data center is recommended. If you have a two different data center consider security (which can be overcome using SSL connection between db server and php app server) and latency.

HTH

Reply

18 eddie April 29, 2009 at 10:26 am

I am still having problems connecting. my pg_hba.conf file is thus
# “local” is for Unix domain socket connections only
local all all * trust
IPv4 local connections:
host all all * trust
# IPv6 local connections:
host all all ::1/128 ident sameuser

my error message is this
psql -h 127.0.0.1 -d template1
psql: FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.

what am I doing wrong cause it was working before..

Reply

19 eddie April 29, 2009 at 11:27 am
20 Thiago Lopes February 2, 2010 at 8:01 pm

Hello,

In CentOS 2.6.9-89.0.16.plus.c4smp :

Verify /var/lib/pgsql/data/postgresql.conf :

Not only change:

from:
#tcpip_socket = false

to:
tcpip_socket = true

But too:

from:
#port = 5432

to:
port = 5432

In /var/lib/pgsql/data/pg_hba.conf add:

host name_base name_user 0.0.0.0/0 md5

or

host name_base name_user fixed_ip md5

:)

Reply

21 SimeON February 24, 2010 at 1:58 pm

Hello All,

I have postgre installed via ports and the only config file I have is :
/usr/ports/databases/postgresql82-server/files/patch-src:backend:utils:misc:postgresql.conf.sample

Any idea of what could it be ?

Reply

22 srikanth July 1, 2010 at 3:58 pm

thanks dude…

Reply

23 Mike October 19, 2010 at 7:16 pm

Thanks for the doc: it resolved my issue.

There is a small syntax error in your listen_addresses field (step #3): the list should be comma (NOT space) separated.

Reply

24 mark October 22, 2010 at 8:22 am

these instructions should be in the postgres documentation! great job, thanks

Reply

25 Joris November 11, 2010 at 8:48 pm

No more need to use IPTABLES, just type some: « sudo ufw allow 5432 » and you’re done ;)
Many thanks!

Reply

26 Jonathan Martell November 27, 2010 at 10:46 pm

Great tip!

Reply

27 Joe December 9, 2010 at 9:39 pm

Works like a charm! Thank you!

Reply

28 Jared December 29, 2010 at 4:33 pm

Thanks!

Reply

29 Marcio Wesley Borges February 14, 2011 at 7:58 pm

Nice article.
Note that the listen_addresses must be comma separated as:
listen_addresses=’202.54.1.2, 202.54.1.3′

Reply

30 Bandhalaraja November 24, 2011 at 11:54 am

Hi
i unable to access data base form client said computer.2 days before i can access data base in my client computer(Windows xp) but now not able , because i reinstall postgres in my data base server machine(SUSE Linux) . regularly i give host ip address in my client computer but now i give mean not access .
Please tell me solution to access data base from server machine (Linux) to client computer (Win xp)

Regards
Bandhalaraja

Reply

31 Arjunan February 22, 2012 at 10:40 am

Hi..Change the postgresql.conf. file as follow
—————————————
host all all samenet trust
—————————————

Restart the Services.

Reply

32 Arjunan February 22, 2012 at 10:42 am

Hi..Change the pg_hba.conf file as follow
—————————————
host all all samenet trust
—————————————

Restart the Services.

Reply

33 Dave Neathery January 9, 2012 at 3:26 pm

I am trying to access postgresql from a C program running on Win XP. The database server is Linux and I can connect with it using SSH and psql but I have had not success connecting using PQconnectdb. I get the following error:
libintl-8.dll was not found. I’m using Microsoft Visual C++ .NET 2003. That .dll is not on the computer and I don’t know how to get one.
Thanks,

Dave

Reply

34 parag May 24, 2012 at 7:09 am

Thanzx it really helped me …

Reply

35 hangover June 26, 2012 at 8:25 am

On step 3, in

listen_addresses

directive, IPs must be comma separated.

Reply

36 Foo Bar August 3, 2012 at 9:48 am

Just wanted to point out that please remember that the iptables-rule mentioned here is opening up your postgres-server to the whole world!!

Please update it to acceppt connections from only known servers:

iptables -A INPUT -s 192.168.1.1 -m state –state NEW,ESTABLISHED -p tcp –dport 5432 -j ACCEPT

Reply

37 ingdestino July 15, 2013 at 9:05 pm

Clear and useful explanation: thanks a lot!

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , ,

Previous post:

Next post: