Difference between revisions of "/etc/postgresql/12/main/pg hba.conf"
Jump to navigation
Jump to search
Line 7: | Line 7: | ||
host replication all 127.0.0.1/32 md5 | host replication all 127.0.0.1/32 md5 | ||
host replication all ::1/128 md5 | host replication all ::1/128 md5 | ||
+ | |||
+ | |||
+ | To allow remote communications from all IPs: | ||
+ | /etc/postgresql/12/main/[[pg_hba.conf]] | ||
+ | local all postgres peer | ||
+ | local all all peer | ||
+ | host all all '''0.0.0.0/0''' md5 | ||
+ | host all all '''::/0''' md5 | ||
+ | local replication all peer | ||
+ | host replication all 127.0.0.1/32 md5 | ||
+ | host replication all ::1/128 md5 | ||
+ | |||
Revision as of 11:46, 4 March 2021
cat /etc/postgresql/12/main/pg_hba.conf | grep -v "#" | grep . local all postgres peer local all all peer host all all 127.0.0.1/32 md5 host all all ::1/128 md5 local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
To allow remote communications from all IPs:
/etc/postgresql/12/main/pg_hba.conf local all postgres peer local all all peer host all all 0.0.0.0/0 md5 host all all ::/0 md5 local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
Ubuntu 20.04.2 LTS
cat /etc/postgresql/12/main/pg_hba.conf # PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the "Client Authentication" section in the PostgreSQL # documentation for a complete description of this file. A short # synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTIONS] # host DATABASE USER ADDRESS METHOD [OPTIONS] # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] # hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] # hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a # non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a # GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a # non-GSSAPI socket. # # DATABASE can be "all", "sameuser", "samerole", "replication", a # database name, or a comma-separated list thereof. The "all" # keyword does not match "replication". Access to replication # must be enabled in a separate record (see example below). # # USER can be "all", a user name, a group name prefixed with "+", or a # comma-separated list thereof. In both the DATABASE and USER fields # you can also write a file name prefixed with "@" to include names # from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that # specifies the number of significant bits in the mask. A host name # that starts with a dot (.) matches a suffix of the actual host name. # Alternatively, you can write an IP address and netmask in separate # columns to specify the set of hosts. Instead of a CIDR-address, you # can write "samehost" to match any of the server's own IP addresses, # or "samenet" to match any address in any subnet that the server is # directly connected to. # # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". # Note that "password" sends passwords in clear text; "md5" or # "scram-sha-256" are preferred since they send encrypted passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different # authentication methods -- refer to the "Client Authentication" # section in the documentation for a list of which options are # available for which authentication methods. # # Database and user names containing spaces, commas, quotes and other # special characters must be quoted. Quoting one of the keywords # "all", "sameuser", "samerole" or "replication" makes the name lose # its special character, and just match a database or username with # that name. # # This file is read on server startup and when the server receives a # SIGHUP signal. If you edit the file on a running system, you have to # SIGHUP the server for the changes to take effect, run "pg_ctl reload", # or execute "SELECT pg_reload_conf()". # # Put your actual configuration here # ---------------------------------- # # If you want to allow non-local connections, you need to add more # "host" records. In that case you will also need to make PostgreSQL # listen on a non-local interface via the listen_addresses # configuration parameter, or via the -i or -h command line switches. # DO NOT DISABLE! # If you change this first entry you will need to make sure that the # database superuser can access the database using some other method. # Noninteractive access to all databases is required during automatic # maintenance (custom daily cronjobs, replication, and similar tasks). # # Database administrative login by Unix domain socket local all postgres peer # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
See also
- PostgreSQL:
pg_dump, pg_restore
,pgAdmin, pg_config, psql, pg_ctl, pg_isready, initdb
, Role, Schema, DBeaver, Navicat, DataGrip, OmniDB,Adminer
, docker-compose.xml PostgreSQL, PostgreSQL version, PostgreSQL logs,postgresql.conf
,pg_hba.conf, $HOME/.pg_service.conf
, Create database (PostgreSQL), Create user,createdb
,GRANT
,pg_stat
, PostgreSQL VACUUM, EXPLAIN,pg stat activity
, Autovacuum, ALTER DATABASE, PostgreSQL statistics collector, Shared buffers, EXPLAIN (PostgreSQL),EXPLAIN ANALYZE
, Bitmap scan,EXPLAIN VERBOSE
,EXPLAIN VERBOSE (PostgresSQL)
,WAL
,ALTER USER
,CREATE ROLE, CREATE USER
,\du
,show users
,\l
, The Statistics Collector, pganalyze,cron.schedule
, Master,pg_tables
, PostgreSQL replication,CREATE, SET
, TOAST, PgBouncer, Restore DB, Index, meta-commands, Table, foreign table, Schema, Sequence, Views, materialized view, Table Partitioning, monitoring, PostgreSQL System Administration Functions, PostgreSQL extension, privileges, logging, PGTune, PostgreSQL parameter tunning, PostgreSQL modules, pgbench, PostgreSQL users, catalogs
Advertising: