Difference between revisions of "/etc/postgresql/12/main/pg hba.conf"
Jump to navigation
Jump to search
↑ https://stackoverflow.com/questions/18580066/how-to-allow-remote-access-to-postgresql-database
(Created page with " cat /etc/postgresql/12/main/pg_hba.conf | grep -v "#" | grep . local all postgres peer local all all...") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | cat /etc/postgresql/12/main/pg_hba.conf | grep -v "#" | grep . | + | cat [[/etc/postgresql/]]12/main/[[pg_hba.conf]] | grep -v "#" | grep . |
local all postgres peer | local all postgres peer | ||
local all all peer | local all all peer | ||
| Line 9: | Line 9: | ||
| + | To allow remote communications from all [[IP]]s <ref>https://stackoverflow.com/questions/18580066/how-to-allow-remote-access-to-postgresql-database</ref>: | ||
| + | /etc/postgresql/12/main/[[pg_hba.conf]] | ||
| + | local all postgres peer | ||
| + | local all all peer | ||
| + | host all all '''0.0.0.0/0''' md5 | ||
| + | host all all '''::/0''' md5 | ||
| + | local replication all peer | ||
| + | host replication all 127.0.0.1/32 md5 | ||
| + | host replication all ::1/128 md5 | ||
| + | |||
| + | |||
| + | |||
| + | == [[Ubuntu 20.04.2 LTS]] == | ||
| + | <pre> | ||
| + | cat /etc/postgresql/12/main/pg_hba.conf | ||
| + | # PostgreSQL Client Authentication Configuration File | ||
| + | # =================================================== | ||
| + | # | ||
| + | # Refer to the "Client Authentication" section in the PostgreSQL | ||
| + | # documentation for a complete description of this file. A short | ||
| + | # synopsis follows. | ||
| + | # | ||
| + | # This file controls: which hosts are allowed to connect, how clients | ||
| + | # are authenticated, which PostgreSQL user names they can use, which | ||
| + | # databases they can access. Records take one of these forms: | ||
| + | # | ||
| + | # local DATABASE USER METHOD [OPTIONS] | ||
| + | # host DATABASE USER ADDRESS METHOD [OPTIONS] | ||
| + | # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] | ||
| + | # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] | ||
| + | # hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] | ||
| + | # hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] | ||
| + | # | ||
| + | # (The uppercase items must be replaced by actual values.) | ||
| + | # | ||
| + | # The first field is the connection type: "local" is a Unix-domain | ||
| + | # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, | ||
| + | # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a | ||
| + | # non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a | ||
| + | # GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a | ||
| + | # non-GSSAPI socket. | ||
| + | # | ||
| + | # DATABASE can be "all", "sameuser", "samerole", "replication", a | ||
| + | # database name, or a comma-separated list thereof. The "all" | ||
| + | # keyword does not match "replication". Access to replication | ||
| + | # must be enabled in a separate record (see example below). | ||
| + | # | ||
| + | # USER can be "all", a user name, a group name prefixed with "+", or a | ||
| + | # comma-separated list thereof. In both the DATABASE and USER fields | ||
| + | # you can also write a file name prefixed with "@" to include names | ||
| + | # from a separate file. | ||
| + | # | ||
| + | # ADDRESS specifies the set of hosts the record matches. It can be a | ||
| + | # host name, or it is made up of an IP address and a CIDR mask that is | ||
| + | # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that | ||
| + | # specifies the number of significant bits in the mask. A host name | ||
| + | # that starts with a dot (.) matches a suffix of the actual host name. | ||
| + | # Alternatively, you can write an IP address and netmask in separate | ||
| + | # columns to specify the set of hosts. Instead of a CIDR-address, you | ||
| + | # can write "samehost" to match any of the server's own IP addresses, | ||
| + | # or "samenet" to match any address in any subnet that the server is | ||
| + | # directly connected to. | ||
| + | # | ||
| + | # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", | ||
| + | # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". | ||
| + | # Note that "password" sends passwords in clear text; "md5" or | ||
| + | # "scram-sha-256" are preferred since they send encrypted passwords. | ||
| + | # | ||
| + | # OPTIONS are a set of options for the authentication in the format | ||
| + | # NAME=VALUE. The available options depend on the different | ||
| + | # authentication methods -- refer to the "Client Authentication" | ||
| + | # section in the documentation for a list of which options are | ||
| + | # available for which authentication methods. | ||
| + | # | ||
| + | # Database and user names containing spaces, commas, quotes and other | ||
| + | # special characters must be quoted. Quoting one of the keywords | ||
| + | # "all", "sameuser", "samerole" or "replication" makes the name lose | ||
| + | # its special character, and just match a database or username with | ||
| + | # that name. | ||
| + | # | ||
| + | # This file is read on server startup and when the server receives a | ||
| + | # SIGHUP signal. If you edit the file on a running system, you have to | ||
| + | # SIGHUP the server for the changes to take effect, run "pg_ctl reload", | ||
| + | # or execute "SELECT pg_reload_conf()". | ||
| + | # | ||
| + | # Put your actual configuration here | ||
| + | # ---------------------------------- | ||
| + | # | ||
| + | # If you want to allow non-local connections, you need to add more | ||
| + | # "host" records. In that case you will also need to make PostgreSQL | ||
| + | # listen on a non-local interface via the listen_addresses | ||
| + | # configuration parameter, or via the -i or -h command line switches. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | # DO NOT DISABLE! | ||
| + | # If you change this first entry you will need to make sure that the | ||
| + | # database superuser can access the database using some other method. | ||
| + | # Noninteractive access to all databases is required during automatic | ||
| + | # maintenance (custom daily cronjobs, replication, and similar tasks). | ||
| + | # | ||
| + | # Database administrative login by Unix domain socket | ||
| + | local all postgres peer | ||
| + | |||
| + | # TYPE DATABASE USER ADDRESS METHOD | ||
| + | |||
| + | # "local" is for Unix domain socket connections only | ||
| + | local all all peer | ||
| + | # IPv4 local connections: | ||
| + | host all all 127.0.0.1/32 md5 | ||
| + | # IPv6 local connections: | ||
| + | host all all ::1/128 md5 | ||
| + | # Allow replication connections from localhost, by a user with the | ||
| + | # replication privilege. | ||
| + | local replication all peer | ||
| + | host replication all 127.0.0.1/32 md5 | ||
| + | host replication all ::1/128 md5 | ||
| + | </pre> | ||
== See also == | == See also == | ||
Latest revision as of 23:12, 27 September 2022
cat /etc/postgresql/12/main/pg_hba.conf | grep -v "#" | grep . local all postgres peer local all all peer host all all 127.0.0.1/32 md5 host all all ::1/128 md5 local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
To allow remote communications from all IPs [1]:
/etc/postgresql/12/main/pg_hba.conf local all postgres peer local all all peer host all all 0.0.0.0/0 md5 host all all ::/0 md5 local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
Ubuntu 20.04.2 LTS[edit]
cat /etc/postgresql/12/main/pg_hba.conf # PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the "Client Authentication" section in the PostgreSQL # documentation for a complete description of this file. A short # synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTIONS] # host DATABASE USER ADDRESS METHOD [OPTIONS] # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] # hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] # hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a # non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a # GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a # non-GSSAPI socket. # # DATABASE can be "all", "sameuser", "samerole", "replication", a # database name, or a comma-separated list thereof. The "all" # keyword does not match "replication". Access to replication # must be enabled in a separate record (see example below). # # USER can be "all", a user name, a group name prefixed with "+", or a # comma-separated list thereof. In both the DATABASE and USER fields # you can also write a file name prefixed with "@" to include names # from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that # specifies the number of significant bits in the mask. A host name # that starts with a dot (.) matches a suffix of the actual host name. # Alternatively, you can write an IP address and netmask in separate # columns to specify the set of hosts. Instead of a CIDR-address, you # can write "samehost" to match any of the server's own IP addresses, # or "samenet" to match any address in any subnet that the server is # directly connected to. # # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". # Note that "password" sends passwords in clear text; "md5" or # "scram-sha-256" are preferred since they send encrypted passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different # authentication methods -- refer to the "Client Authentication" # section in the documentation for a list of which options are # available for which authentication methods. # # Database and user names containing spaces, commas, quotes and other # special characters must be quoted. Quoting one of the keywords # "all", "sameuser", "samerole" or "replication" makes the name lose # its special character, and just match a database or username with # that name. # # This file is read on server startup and when the server receives a # SIGHUP signal. If you edit the file on a running system, you have to # SIGHUP the server for the changes to take effect, run "pg_ctl reload", # or execute "SELECT pg_reload_conf()". # # Put your actual configuration here # ---------------------------------- # # If you want to allow non-local connections, you need to add more # "host" records. In that case you will also need to make PostgreSQL # listen on a non-local interface via the listen_addresses # configuration parameter, or via the -i or -h command line switches. # DO NOT DISABLE! # If you change this first entry you will need to make sure that the # database superuser can access the database using some other method. # Noninteractive access to all databases is required during automatic # maintenance (custom daily cronjobs, replication, and similar tasks). # # Database administrative login by Unix domain socket local all postgres peer # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
See also[edit]
- PostgreSQL:
pg_dump, pg_restore,pgAdmin, pg_config, psql, pg_ctl, pg_isready, initdb, Role, Schema, DBeaver, Navicat, DataGrip, OmniDB,Adminer, docker-compose.xml PostgreSQL, PostgreSQL version, PostgreSQL logs,postgresql.conf,pg_hba.conf, $HOME/.pg_service.conf, Create database (PostgreSQL), Create user,createdb,GRANT,pg_stat, PostgreSQL VACUUM, EXPLAIN,pg stat activity, Autovacuum, ALTER DATABASE, PostgreSQL statistics collector, Shared buffers, EXPLAIN (PostgreSQL),EXPLAIN ANALYZE, Bitmap scan,EXPLAIN VERBOSE,EXPLAIN VERBOSE (PostgresSQL),WAL,ALTER USER,CREATE ROLE, CREATE USER,\du,show users,\l, The Statistics Collector, pganalyze,cron.schedule, Master,pg_tables, PostgreSQL replication,CREATE, SET, TOAST, PgBouncer, Restore DB, Index, meta-commands, Table, foreign table, Schema, Sequence, Views, materialized view, Table Partitioning, monitoring, PostgreSQL System Administration Functions, PostgreSQL extension, privileges, logging, PGTune, PostgreSQL parameter tunning, PostgreSQL modules, pgbench, PostgreSQL users, catalogs
Advertising:
