cannot connect to PostGIS

kartoza / LEDET_BIMS

Limpopo Biodiversity Information Management System

GNU General Public License v3.0

1 stars 9 forks source link

cannot connect to PostGIS #299

Closed gubuntu closed 5 years ago

gubuntu commented 5 years ago

5432 appears to be open but pg_hba is not configured to allow connectoins from the WAN.

and probably postgresql.conf is not configured to listen on the right IP.

These configs need to be built into the production Rancher environment.

NyakudyaA commented 5 years ago

I have opened up the port manually. I will leave this ticket open so that @dimasciput can implement directly in rancher screenshot 2018-10-15 at 11 36 56

gubuntu commented 5 years ago

@NyakudyaA please specify the exact changes to postgresql.conf and pg_hba.conf to allow WAN access

NyakudyaA commented 5 years ago

@dimasciput I changed the following lines.

from postgresql.conf I changed listen_address= 'localhost' to listen_address='*'

In pg_hba.conf I added the following line

host all all 10.52.82.20/24 md5

NyakudyaA commented 5 years ago

@Vince-Egan is happy with the PostgreSQL connection through QGIS or PgAdmin

dimasciput commented 5 years ago

In rancher I just need to set ALLOW_RANGE to 0.0.0.0/0 screen shot 2018-10-26 at 10 07 46 am

Because now that it works, I'm closing this ticket.

gubuntu commented 5 years ago

I'm happy from your side @dimasciput but in production we can't allow connections from any IP so @NyakudyaA please apply that WAN IP Range.

I'm assuming these override pg_hba settings.

NyakudyaA commented 5 years ago

@dimasciput I why do we not just define the IP range using the ALLOW_RANGE because this overrides the pg_hba settings

gubuntu commented 5 years ago

'listen addresses' either in postgresql.conf or as an env variable should be set to the IP of the host and not *

Connections should only be allowed from the WAN IP range (10.52.82.20/24) - set in pg_hba or env variable

NyakudyaA commented 5 years ago

'listen addresses' either in postgresql.conf or as an env variable should be set to the IP of the host and not *

Connections should only be allowed from the WAN IP range (10.52.82.20/24) - set in pg_hba or env variable

@gubuntu The env variable ALLOW_RANGE overrides anything you set manually in the pg_hba.conf which I had already done. So instead of putting the ALLOW_RANGE as 0.0.0.0/0 it should be 10.52.82.20/24

So @dimasciput can you change that variable to be that IP range

I will see if Postgres image has a variable for listen address

NyakudyaA commented 5 years ago

@dimasciput Next time we do a release we need to have these settings in the database.

ALLOW_RANGE=10.0.0.0/8
IP_LIST=10.42.160.23 # We can add other IP address we need to restrict the connections to.

NyakudyaA commented 5 years ago

@dimasciput have you updated the production instance with the latest Postgres image?

NyakudyaA commented 5 years ago

I am closing this as the production instance is working properly now. screenshot 2019-01-18 at 17 23 39