Postgresql 需要更新以下配置文件:
Postgresql 需要更新以下配置文件:,postgresql,google-compute-engine,Postgresql,Google Compute Engine,postgresql.conf,以及 pg_hba.conf 3.1查找上述配置文件 可以从PostgreSQL本身查询这两个文件的位置(技巧来自: $sudo-u postgres psql-c“显示hba_文件”-c“显示配置_文件” 3.2postgresql.conf 配置文件附带了一些有用的提示,以使其正常工作: listen_addresses = 'localhost' # what IP address(es) to listen on;
postgresql.conf
,以及
pg_hba.conf
$sudo-u postgres psql-c“显示hba_文件”-c“显示配置_文件”
3.2postgresql.conf
配置文件附带了一些有用的提示,以使其正常工作:
listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
要快速解决问题,只需将其更改为
listen_addresses = '*'
重新启动服务器(请参阅如何)。一旦PostgreSQL重新启动,它将开始侦听所有IP地址(请参见netstat-tuplen
)
要重新启动PostgreSQL,请执行以下操作:
$ sudo systemctl restart postgresql@11-main
# or
$ pg_ctl restart
文档中说它“指定了服务器侦听来自客户端应用程序的连接的TCP/IP地址”,但仅此而已。它指定从哪些套接字接收数据包,但如果传入连接未经过身份验证(通过pg_hba.conf
配置),则数据包将被拒绝(丢弃?)
3.3pg_hba.conf
From:“客户端身份验证由一个配置文件控制,该配置文件通常命名为pg_hba.conf
,并存储在数据库群集的数据目录中。(hba代表基于主机的身份验证。)
这是一个复杂的主题,因此阅读文档非常重要,但这足以在可信网络上进行开发:
host all all 0.0.0.0/0 trust
host all all ::/0 trust
此时需要重新启动。您在什么位置安装了postgres服务器?云SQL?一个计算实例?在Kubernetes集群中?@DriesDeRydt我遵循了本教程,我完全按照这里提到的做了:!看起来像是白名单问题。你确定你更新了pg_hba.conf并重新启动了服务吗?@DriesDeRydt是的,我可以把我的pg_hba.cong放在这里吗?不确定。在我看来,可能是hba_conf中的ip错误,或者防火墙规则位于错误的ip上。如果不是这样,恐怕我也不知道。非常感谢,我很快会调查的。非常感谢,我希望这对我有帮助!
-t | --tcp
-u | --udp
-p, --program
Show the PID and name of the program to which each socket belongs.
-l, --listening
Show only listening sockets. (These are omitted by default.)
-e, --extend
Display additional information. Use this option twice for maximum
detail.
--numeric, -n
Show numerical addresses instead of trying to determine symbolic host,
port or user names.
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 1001 238400 30826/postgres
tcp6 0 0 :::5432 :::* LISTEN 1001 238401 30826/postgres
$ sudo lsof -i -P -n | grep LISTEN
systemd-r 457 systemd-resolve 13u IPv4 14870 0t0 TCP 127.0.0.53:53 (LISTEN)
sshd 733 root 3u IPv4 19233 0t0 TCP *:22 (LISTEN)
sshd 733 root 4u IPv6 19244 0t0 TCP *:22 (LISTEN)
postgres 2733 postgres 3u IPv4 23655 0t0 TCP 127.0.0.1:5432 (LISTEN)
python3 26083 a_user 4u IPv4 392307 0t0 TCP *:8000 (LISTEN)
$ dig +short myip.opendns.com @resolver1.opendns.com
4.3.2.1
$ gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
access-news us-east1-d n1-standard-2 10.142.0.5 34.73.156.19 RUNNING
lynx-dev us-east1-d n1-standard-1 10.142.0.2 35.231.66.229 RUNNING
tr2 us-east1-d n1-standard-1 10.142.0.3 35.196.195.199 RUNNING
$ gcloud compute instances list --format='table(name,status,tags.list())'
NAME STATUS TAGS
access-news RUNNING fingerprint=mdTPd8rXoQM=,items=[u'access-news', u'http-server', u'https-server']
lynx-dev RUNNING fingerprint=CpSmrCTD0LE=,items=[u'http-server', u'https-server', u'lynx-dev']
tr2 RUNNING fingerprint=84JxACwWD7U=,items=[u'http-server', u'https-server', u'tr2']
$ gcloud compute firewall-rules list
NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED
default-allow-http default INGRESS 1000 tcp:80 False
default-allow-https default INGRESS 1000 tcp:443 False
default-allow-icmp default INGRESS 65534 icmp False
default-allow-internal default INGRESS 65534 tcp:0-65535,udp:0-65535,icmp False
default-allow-rdp default INGRESS 65534 tcp:3389 False
default-allow-ssh default INGRESS 65534 tcp:22 False
pg-from-tag1-to-tag2 default INGRESS 1000 tcp:5432 False
To show all fields of the firewall, please show in JSON format: --format=json
To show all fields in table format, please see the examples in --help.
$ gcloud compute firewall-rules list --format="table( \
name, \
network, \
direction, \
priority, \
sourceRanges.list():label=SRC_RANGES, \
destinationRanges.list():label=DEST_RANGES, \
allowed[].map().firewall_rule().list():label=ALLOW, \
denied[].map().firewall_rule().list():label=DENY, \
sourceTags.list():label=SRC_TAGS, \
sourceServiceAccounts.list():label=SRC_SVC_ACCT, \
targetTags.list():label=TARGET_TAGS, \
targetServiceAccounts.list():label=TARGET_SVC_ACCT, \
disabled \
)"
NAME NETWORK DIRECTION PRIORITY SRC_RANGES DEST_RANGES ALLOW DENY SRC_TAGS SRC_SVC_ACCT TARGET_TAGS TARGET_SVC_ACCT DISABLED
default-allow-http default INGRESS 1000 0.0.0.0/0 tcp:80 http-server False
default-allow-https default INGRESS 1000 0.0.0.0/0 tcp:443 https-server False
default-allow-icmp default INGRESS 65534 0.0.0.0/0 icmp False
default-allow-internal default INGRESS 65534 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp False
default-allow-rdp default INGRESS 65534 0.0.0.0/0 tcp:3389 False
default-allow-ssh default INGRESS 65534 0.0.0.0/0 tcp:22 False
pg-from-tag1-to-tag2 default INGRESS 1000 4.3.2.1 tcp:5432 tag1 tag2 False
$ gcloud compute firewall-rules create \
postgres-all \
--network default \
--priority 1000 \
--direction ingress \
--action allow \
--rules tcp:5432 \
$ gcloud compute firewall-rules create \
postgres-from-you-to-instance \
--network default \
--priority 1000 \
--direction ingress \
--action allow \
--rules tcp:5432 \
--destination-ranges INSTANCES_IP \
--source-ranges YOUR_IP \
listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
listen_addresses = '*'
$ sudo systemctl restart postgresql@11-main
# or
$ pg_ctl restart
host all all 0.0.0.0/0 trust
host all all ::/0 trust