Closed gubuntu closed 5 years ago
I have opened up the port manually. I will leave this ticket open so that @dimasciput can implement directly in rancher
@NyakudyaA please specify the exact changes to postgresql.conf and pg_hba.conf to allow WAN access
@dimasciput I changed the following lines.
from postgresql.conf I changed
listen_address= 'localhost'
to listen_address='*'
In pg_hba.conf I added the following line
host all all 10.52.82.20/24 md5
@Vince-Egan is happy with the PostgreSQL connection through QGIS or PgAdmin
In rancher I just need to set ALLOW_RANGE to 0.0.0.0/0
Because now that it works, I'm closing this ticket.
I'm happy from your side @dimasciput but in production we can't allow connections from any IP so @NyakudyaA please apply that WAN IP Range.
I'm assuming these override pg_hba settings.
@dimasciput I why do we not just define the IP range using the ALLOW_RANGE because this overrides the pg_hba settings
'listen addresses' either in postgresql.conf or as an env variable should be set to the IP of the host and not *
Connections should only be allowed from the WAN IP range (10.52.82.20/24) - set in pg_hba or env variable
'listen addresses' either in postgresql.conf or as an env variable should be set to the IP of the host and not *
Connections should only be allowed from the WAN IP range (10.52.82.20/24) - set in pg_hba or env variable
@gubuntu
The env variable ALLOW_RANGE overrides anything you set manually in the pg_hba.conf which I had already done.
So instead of putting the ALLOW_RANGE as 0.0.0.0/0 it should be 10.52.82.20/24
So @dimasciput can you change that variable to be that IP range
I will see if Postgres image has a variable for listen address
@dimasciput Next time we do a release we need to have these settings in the database.
ALLOW_RANGE=10.0.0.0/8
IP_LIST=10.42.160.23 # We can add other IP address we need to restrict the connections to.
@dimasciput have you updated the production instance with the latest Postgres image?
I am closing this as the production instance is working properly now.
5432 appears to be open but pg_hba is not configured to allow connectoins from the WAN.
and probably postgresql.conf is not configured to listen on the right IP.
These configs need to be built into the production Rancher environment.