Changes between Version 14 and Version 15 of sysadminPostgreSQLConfiguration

Jun 23, 2009, 7:19:29 PM (13 years ago)



  • sysadminPostgreSQLConfiguration

    v14 v15  
    291291For a complete discussion of iptables see [wiki:sysadminiptables iptables and network configuration].  For the specific ports needed by the postgres server see [wiki:sysadminiptables#NecessaryPorts-DatabaseServer Necessary Ports - Database Server].
     293However, with postgres, you also need to specifically allow remote hosts to access the server.
     295To begin with, you need to tell postgres to listen for connections from other hosts rather then just the localhost (the default).
     297As the postgres user, edit postgresql.conf:
     300    sudo vim /etc/postgresql/8.3/main/postgresql.conf
     306    #listen_addresses = ‘localhost’
     312    listen_addresses = ‘<ip address of oils server>’
     315Next, edit pg_hba.conf:
     318    sudo vim /etc/postgresql/8.3/main/pg_hba.conf
     321and in the area marked "Put your actual configuration here," enter the following:
     324    # Put your actual configuration here
     325    # ----------------------------------
     326    #
     327    # If you want to allow non-local connections, you need to add more
     328    # "host" records. In that case you will also need to make PostgreSQL listen
     329    # on a non-local interface via the listen_addresses configuration parameter,
     330    # or via the -i or -h command line switches.
     331    #
     333    host    evergreen       evergreen      md5
     336  ||connection type|| in this example, host is used.  This means postgres should be looking for a TCP connection (rather then a Unix socket connection for example)||
     337  ||database||the name evergreen is being used in this example||
     338  ||user||again, in our hypothetical example, evergreen is the username||
     339  ||address||the ip address or host name of the machine that's allowed to make a connection.  In real life, this would be the oils server address||
     340  ||authentication options||in this case md5 is used, meaning the password is encrypted||