在我的带有 postgreSQL-11 的 Ubuntu 18.04.02 服务器版本中,我想添加 postgreSQL 服务器和客户端之间进行 SSL 通信的可能性。
我在 postgresql.conf 中打开了 ssl:
sudo nano /etc/postgresql/11/main/postgresql.conf
ssl = on
在 pg_hba.conf 中我为 ssl 添加了一行:
sudo nano /etc/postgresql/11/main/pg_hba.conf
local all postgres peer
# TYPE DATABASE USER ADDRESS
METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 192.168.1.1/24 md5
# Only for SSL connections :
hostssl all all cert
但是当重新加载新配置并重新启动 postgreSQL 时:
(base) marco@pc:~$ sudo /etc/init.d/postgresql reload
[ ok ] Reloading postgresql configuration (via systemctl):
postgresql.service.
(base) marco@pc:~$ sudo service postgresql restart
(base) marco@pc:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled;
vendor preset: enabled)
Active: active (exited) since Mon 2019-09-16 18:48:13 CEST; 6s
ago
Process: 3349 ExecReload=/bin/true (code=exited, status=0/SUCCESS)
Process: 3399 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3399 (code=exited, status=0/SUCCESS)
Sep 16 18:48:13 pc systemd[1]: Starting PostgreSQL RDBMS...
Sep 16 18:48:13 pc systemd[1]: Started PostgreSQL RDBMS.
我收到此错误:
(基础) marco@pc:~$ sudo su -l postgres postgres@pc:~$ psql psql:无法连接到服务器:没有此文件或目录 服务器是否在本地运行并接受 Unix 域套接字“/var/run/postgresql/.s.PGSQL.5432”上的连接?
我已经尝试过这里找到的建议:无法连接到端口 5432 上的 postgresql 没有任何成功
在注释 pg_hba.conf 中的 hostssl 行时:
# Only for SSL connections :
#hostssl all all cert
错误消失:
(base) marco@pc:~$ sudo /etc/init.d/postgresql reload
[ ok ] Reloading postgresql configuration (via systemctl):
postgresql.service.
(base) marco@pc:~$ sudo service postgresql restart
(base) marco@pc:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled;
vendor preset: enabled)
Active: active (exited) since Mon 2019-09-16 18:52:37 CEST; 3s
ago
Process: 3455 ExecReload=/bin/true (code=exited, status=0/SUCCESS)
Process: 3511 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3511 (code=exited, status=0/SUCCESS)
Sep 16 18:52:37 pc systemd[1]: Starting PostgreSQL RDBMS...
Sep 16 18:52:37 pc systemd[1]: Started PostgreSQL RDBMS.
(base) marco@pc:~$ sudo su -l postgres
postgres@pc:~$ psql
psql (11.5 (Ubuntu 11.5-1.pgdg18.04+1))
Type "help" for help.
postgres=# help
You are using psql, the command-line interface to PostgreSQL.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=#
所以,我的问题是:如何在 /etc/postgresql/11/main/pg_hba.conf 中正确设置 ssl?
已解决:在 pg_hba.conf 中添加 IP 地址范围:
hostssl all all 192.168.1.0/24 cert