Changes between Version 14 and Version 15 of sysadminPostgreSQLConfiguration


Ignore:
Timestamp:
Jun 23, 2009, 7:19:29 PM (13 years ago)
Author:
risard
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • sysadminPostgreSQLConfiguration

    v14 v15  
    291291For a complete discussion of iptables see [wiki:sysadminiptables iptables and network configuration].  For the specific ports needed by the postgres server see [wiki:sysadminiptables#NecessaryPorts-DatabaseServer Necessary Ports - Database Server].
    292292 
    293 
     293However, with postgres, you also need to specifically allow remote hosts to access the server.
     294
     295To begin with, you need to tell postgres to listen for connections from other hosts rather then just the localhost (the default).
     296
     297As the postgres user, edit postgresql.conf:
     298
     299{{{
     300    sudo vim /etc/postgresql/8.3/main/postgresql.conf
     301}}}
     302
     303Change:
     304
     305{{{
     306    #listen_addresses = ‘localhost’
     307}}}
     308
     309to:
     310
     311{{{
     312    listen_addresses = ‘<ip address of oils server>’
     313}}}
     314
     315Next, edit pg_hba.conf:
     316
     317{{{
     318    sudo vim /etc/postgresql/8.3/main/pg_hba.conf
     319}}}
     320
     321and in the area marked "Put your actual configuration here," enter the following:
     322
     323{{{
     324    # Put your actual configuration here
     325    # ----------------------------------
     326    #
     327    # If you want to allow non-local connections, you need to add more
     328    # "host" records. In that case you will also need to make PostgreSQL listen
     329    # on a non-local interface via the listen_addresses configuration parameter,
     330    # or via the -i or -h command line switches.
     331    #
     332
     333    host    evergreen       evergreen       10.104.10.168/32      md5
     334}}}
     335
     336  ||connection type|| in this example, host is used.  This means postgres should be looking for a TCP connection (rather then a Unix socket connection for example)||
     337  ||database||the name evergreen is being used in this example||
     338  ||user||again, in our hypothetical example, evergreen is the username||
     339  ||address||the ip address or host name of the machine that's allowed to make a connection.  In real life, this would be the oils server address||
     340  ||authentication options||in this case md5 is used, meaning the password is encrypted||