psql服务器不侦听端口5432,尽管它';s在postgresql.conf中
未应用SSL配置时: pg_hba.conf 主机数据库用户0.0.0.0/0 scram-sha-256psql服务器不侦听端口5432,尽管它';s在postgresql.conf中,postgresql,connection,port,Postgresql,Connection,Port,未应用SSL配置时: pg_hba.conf 主机数据库用户0.0.0.0/0 scram-sha-256 postgresql.conf listen_addresses = ‘*’ port = 5432 ssl = on ssl_cert_file = ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’ ssl_key_file = ‘/wtc/ssl/private/ssl-cert-snakeoil.key’ 我得到:netstat-nl
postgresql.conf
listen_addresses = ‘*’
port = 5432
ssl = on
ssl_cert_file = ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’
ssl_key_file = ‘/wtc/ssl/private/ssl-cert-snakeoil.key’
我得到:netstat-nltp
smadmin@studymatepro:~$ sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 970/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1405/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1079/cupsd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 3780/postgres
tcp6 0 0 :::22 :::* LISTEN 1405/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1079/cupsd
tcp6 0 0 :::5432 :::* LISTEN 3780/postgres
smadmin@studymatepro:~$
您可以在端口5432上看到远程tcp/ip;并且可以获得SSL连接(仅限服务器端身份验证)
现在,当我配置SSL并将client.crt、client.key和root.crt添加到客户端计算机时:
pg_hba.conf
hostssl database user 0.0.0.0/0 scram-sha-256 clientcert=1
postgresql.conf
listen_addresses = ‘*’
port = 5432
ssl = on
ssl_cert_file = ‘/etc/ssl/certs/server.crt’ // my self signed crt
ssl_key_file = ‘/etc/ssl/private/server.key’
ssl_ca_file = ‘/etc/ssl/certs/rootCert.crt’
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
ssl_prefer_server_ciphers = on
ssl_ecdh_curve = 'prime256v1'
password_encryption = scram-sha-256
和do:netstat-nltp;我明白了
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 970/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1405/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1079/cupsd
tcp6 0 0 :::22 :::* LISTEN 1405/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1079/cupsd
端口5432上的远程TCP/IP已丢失!!!这就是为什么我的连接被拒绝,因为远程端口5432不再处于活动状态。
问题是为什么会发生这种情况……我做错了什么?如果
netstat
是在服务器机器上运行的,我会认为这表明PostgreSQL服务器没有启动。@Laurenz Alba…实际上我在几乎所有步骤中都会执行“systemctl restart PostgreSQL.service”。是的,但是你怎么知道服务器确实启动了?@Laurenz Alba。。。我一直在测试有SSL配置和没有SSL配置的连接,并注意到上面的结果..我在问题区域中提到..这就像修改了问题的完整堆栈。查看PostgreSQL日志文件。