How Do I Enable remote access to PostgreSQL database server?

Posted on in Categories CentOS, Debian Linux, Gentoo Linux, Howto, Linux, Networking, Postgresql, Ubuntu Linux, UNIX last updated October 9, 2007

By default, PostgreSQL database server remote access disabled for security reasons. However, some time you need to provide the remote access to database server from home computer or from web server.

Step # 1: Login over ssh if server is outside your IDC

Login over ssh to remote PostgreSQL database server:
$ ssh [email protected]

Step # 2: Enable client authentication

Once connected, you need edit the PostgreSQL configuration file, edit the PostgreSQL configuration file /var/lib/pgsql/data/pg_hba.conf (or /etc/postgresql/8.2/main/pg_hba.conf for latest 8.2 version) using a text editor such as vi.

Login as postgres user using su / sudo command, enter:
$ su - postgres
Edit the file:
$ vi /var/lib/pgsql/data/pg_hba.conf
OR
$ vi /etc/postgresql/8.2/main/pg_hba.conf
Append the following configuration lines to give access to 10.10.29.0/24 network:
host all all 10.10.29.0/24 trust
Save and close the file. Make sure you replace 10.10.29.0/24 with actual network IP address range of the clients system in your own network.

Step # 2: Enable networking for PostgreSQL

You need to enable TCP / IP networking. Use either step #3 or #3a as per your PostgreSQL database server version.

Step # 3: Allow TCP/IP socket

If you are using PostgreSQL version 8.x or newer use the following instructions or skip to Step # 3a for older version (7.x or older).

You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf or /etc/postgresql/8.2/main/postgresql.conf.
# vi /etc/postgresql/8.2/main/postgresql.conf
OR
# vi /var/lib/pgsql/data/postgresql.conf
Find configuration line that read as follows:
listen_addresses='localhost'
Next set IP address(es) to listen on; you can use comma-separated list of addresses; defaults to ‘localhost’, and ‘*’ is all ip address:
listen_addresses='*'
Or just bind to 202.54.1.2 and 202.54.1.3 IP address
listen_addresses='202.54.1.2 202.54.1.3'
Save and close the file. Skip to step # 4.

Step #3a – Information for old version 7.x or older

Following configuration only required for PostgreSQL version 7.x or older. Open config file, enter:
# vi /var/lib/pgsql/data/postgresql.conf
Bind and open TCP/IP port by setting tcpip_socket to true. Set / modify tcpip_socket to true:
tcpip_socket = true
Save and close the file.

Step # 4: Restart PostgreSQL Server

Type the following command:
# /etc/init.d/postgresql restart

Step # 5: Iptables firewall rules

Make sure iptables is not blocking communication, open port 5432 (append rules to your iptables scripts or file /etc/sysconfig/iptables):

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 10.10.29.50  --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.10.29.50 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Restart firewall:
# /etc/init.d/iptables restart

Step # 6: Test your setup

Use psql command from client system. Connect to remote server using IP address 10.10.29.50 and login using vivek username and sales database, enter:
$ psql -h 10.10.29.50 -U vivek -d sales

Further readings:

=> man page: pgsql and configuration file

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

46 comment

  1. Just wanted to point out that with PostgreSQL 8.x the option tcpip_socket is no longer valid.

    The correct parameter is,

    listen_address = ‘localhost’

    which needs to be changed to,

    listen_address = ‘*’

    and PostgreSQL daemon restarted.

  2. am working on postgres8.2.4

    iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 10.10.29.50 –dport 5432 -m state –state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -s 10.10.29.50 –sport 5432 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

    these additions gave me error on restarting, asking me to restore the iptables.

    I removed the iptables from the above lines and it worked.

    as am novice in this field, so am not sure if what i did was correct.

  3. “How Do I Enable remote access to PostgreSQL database server? ”

    Still does not answer the question…

    the answer just points on to giving access to a small network, but what if you want to give access to ANY IP not just your network, basically REAL remote access.

    whats the command for that

  4. Xionicfire,
    ‘*’ = ALL, so use

    host all all * md5

    Refer to man page.

    but what if you want to give access to ANY IP not just your network, basically REAL remote access.
    This is a bad idea, giving out access to whole world is really a bad idea. Do you wanna anyone come and try to connect your database server?

  5. I am technical, but database and server admin is mot my area. I am writing a linux desktop application that reads data from postgres DB. I would like this application to able to use a central database (on my server).

    I see vivek (#7 above) recommends not opening up postgres to all the world. What is recommendation for a distributed application? Is there some way for the application to identify itself to postgres? Since each instance of the application will be an a separate network.

    Thanks for the info.

  6. Hello!
    During instalation process I can not log in. What I have to enter in the username and password fields to be able to conect?
    I tried as username: postgres and for password postgrespass and postgresuser, but received a message :”invalid password or username”!?!?!
    Regards,
    Goran

  7. Hi all,

    Now, i m facing problem in log in to postgresql by webmin interface. Problem is that all a long I used to login postgresql DB by webmin interface and able to login smoothly . But last few days ago , i ‘ve changed the root (super user) password and not able to log in at all . I believe password has been wrong for over 3 times and IP address has been blocked .
    Hence , I ‘ve tried to login from different IP address and also the same thing encountering.
    I ‘m using Postgresql very 7 + . Kindly pls help me to solve my problem by how to enable such thing back to normal . There is no IP talbes restrictions .

    Looking forward to your solutions..

  8. Hi all,

    Now, when i tried to log in , below is the error for yours references :

    12204 SSL port specified is not allowed.

    An error occurred while trying to retrieve your URL.
    This error could have been caused by:

    Bad / misspelled URL
    Your access permissions
    Your network connection and/or transient conditions on the Internet
    An error on the source web server

    ——————————————————————————–

    Microsoft Proxy Server v2.0

    And also , this postgresql is running on Linux Debian , port number 10000 for it.

    Thanks

  9. Hi all ,

    Here is the error message for my issue,

    12204 SSL port specified is not allowed.
    An error occurred while trying to retrieve your URL.
    This error could have been caused by:
    Bad / misspelled URL
    Your access permissions
    Your network connection and/or transient conditions on the Internet
    An error on the source web server

    Hence, its running on Linux Debian and port 10000 ,
    Thaxs

  10. Okay, that’s great for remote access via ssh. My problem is that there is a PostgreSQL Server in one datacenter, and a php based website in another data center. I’m told that you can’t enable PostgreSQL support in PHP w/o actually installing PostgreSQL Server on that machine, but I don’t want PostgreSQL on the webserver, and I have a customer that want’s to use it via his website w/PHP.

    This is what I’ve gotten so far from php.net:

    In order to enable PostgreSQL support, –with-pgsql[=DIR] is required when you compile PHP. DIR is the PostgreSQL base install directory, defaults to /usr/local/pgsql. If shared object module is available, PostgreSQL module may be loaded using extension directive in php.ini or dl() function.

    and from http://us3.php.net/manual/en/pgsql.requirements.php I get:

    To use PostgreSQL support, you need PostgreSQL 6.5 or later, PostgreSQL 8.0 or later to enable all PostgreSQL module features.

    So my question is, can I, or how can I enable PostgreSQL support in PHP w/o installing the actual database server on that particular machine?

    Thanks,

    Bradley

    1. No Need to install PostgreSQL on same server. To connect via php, simply specifiy server IP, username and password. You also need to open port using iptables. Also, remote connection between two servers in the same data center is recommended. If you have a two different data center consider security (which can be overcome using SSL connection between db server and php app server) and latency.

      HTH

  11. I am still having problems connecting. my pg_hba.conf file is thus
    # “local” is for Unix domain socket connections only
    local all all * trust
    IPv4 local connections:
    host all all * trust
    # IPv6 local connections:
    host all all ::1/128 ident sameuser

    my error message is this
    psql -h 127.0.0.1 -d template1
    psql: FATAL: missing or erroneous pg_hba.conf file
    HINT: See server log for details.

    what am I doing wrong cause it was working before..

  12. Hello,

    In CentOS 2.6.9-89.0.16.plus.c4smp :

    Verify /var/lib/pgsql/data/postgresql.conf :

    Not only change:

    from:
    #tcpip_socket = false

    to:
    tcpip_socket = true

    But too:

    from:
    #port = 5432

    to:
    port = 5432

    In /var/lib/pgsql/data/pg_hba.conf add:

    host name_base name_user 0.0.0.0/0 md5

    or

    host name_base name_user fixed_ip md5

    🙂

  13. Hello All,

    I have postgre installed via ports and the only config file I have is :
    /usr/ports/databases/postgresql82-server/files/patch-src:backend:utils:misc:postgresql.conf.sample

    Any idea of what could it be ?

  14. Hi
    i unable to access data base form client said computer.2 days before i can access data base in my client computer(Windows xp) but now not able , because i reinstall postgres in my data base server machine(SUSE Linux) . regularly i give host ip address in my client computer but now i give mean not access .
    Please tell me solution to access data base from server machine (Linux) to client computer (Win xp)

    Regards
    Bandhalaraja

      1. Hi..Change the pg_hba.conf file as follow
        —————————————
        host all all samenet trust
        —————————————

        Restart the Services.

  15. I am trying to access postgresql from a C program running on Win XP. The database server is Linux and I can connect with it using SSH and psql but I have had not success connecting using PQconnectdb. I get the following error:
    libintl-8.dll was not found. I’m using Microsoft Visual C++ .NET 2003. That .dll is not on the computer and I don’t know how to get one.
    Thanks,

    Dave

  16. Just wanted to point out that please remember that the iptables-rule mentioned here is opening up your postgres-server to the whole world!!

    Please update it to acceppt connections from only known servers:

    iptables -A INPUT -s 192.168.1.1 -m state –state NEW,ESTABLISHED -p tcp –dport 5432 -j ACCEPT

  17. Nice, thanks!
    Worked like a charm, also I didn’t have to mess with firewall.
    Only difference at mine setup is that all mentioned pg files were in “/usr/local/var/postgres/”

  18. Really crisp steps. It solved my problem.
    – I didn’t change anything in /u01/AlfrescoDMS/alf_data/postgresql/pg_hba.conf
    – I changed file /u01/AlfrescoDMS/alf_data/postgresql/postgresql.conf
    – Added listen_addresses=’*’
    – In the conf file this line (tcpip_socket = true) was not present, so i didn;t add this line.

    It worked like a charm..
    Thanks,
    Vikrant Korde.

Leave a Comment