PostgreSQL只监听unix socket

news/2024/4/17 5:59:06/文章来源:https://blog.csdn.net/dazuiba008/article/details/129245191

同事安装gitlab的时候，发现后端数据库默认使用了只监听unix socket，验证方式使用了map方式，这里记录一下，如果想要监听其他地址，使用TCP/IP方式连接，那么怎么办呢？

很简单，直接修改listen_addresses即可，如果设置为listen_addresses = ‘’,则只监听unix socket,如果设置为0.0.0.0，则监听所有的IPV4地址，::监听所有IPV6地址。*则监听所有的地址，默认值为localhost，只监听本地的回环地址127.0.0.1。

#修改listen_addresses，unix_socket_directories目录为$PGDATA和/tmp两个listen_addresses = ''           # what IP address(es) to listen on;# comma-separated list of addresses;# defaults to 'localhost'; use '*' for all# (change requires restart)
port = 1925                             # (change requires restart)
max_connections = 1000                  # (change requires restart)
superuser_reserved_connections = 13     # (change requires restart)
unix_socket_directories = '.,/tmp'      # comma-separated list of directories
#修改后，重启数据库
pg_ctl restart -D /pg_csvlog/pgdata13/pg_root#查看监听端口netstat -anp | grep 1925
(Not all processes could be identified, non-owned process infowill not be shown, you would have to be root to see it all.)
unix  2      [ ACC ]     STREAM     LISTENING     146639025 1479/postgres        /tmp/.s.PGSQL.1925
unix  2      [ ACC ]     STREAM     LISTENING     146639024 1479/postgres        ./.s.PGSQL.1925#使用unix socket连接，两个目录都有socket文件，所以都可以连接
psql -h /pg_csvlog/pgdata13/pg_root -p 1925
psql (13.6)
Type "help" for help.postgres=# \qpsql -h /tmp -p 1925
psql (13.6)
Type "help" for help.postgres=# \q#修改listen_addresses = '*'，然后重启，可以看到ipv4,ipv6,unix socket都监听了
netstat -anp | grep 1925
(Not all processes could be identified, non-owned process infowill not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:1925            0.0.0.0:*               LISTEN      3782/postgres       
tcp6       0      0 :::1925                 :::*                    LISTEN      3782/postgres       
unix  2      [ ACC ]     STREAM     LISTENING     146645942 3782/postgres        /tmp/.s.PGSQL.1925
unix  2      [ ACC ]     STREAM     LISTENING     146645940 3782/postgres        ./.s.PGSQL.1925

至于验证方式使用的User Name Maps,用户定义在pg_ident.conf 文件中,也可以修改参数ident_file改变其路径。

ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file

pg_ident.conf文件中映射格式如下：

map-name system-username database-username

然后修改pg_hba.conf文件
验证方式指定 map=map-name即可

下面的文章通过三大认证分类详述了验证的一些例子：

PostgreSQL internal authentication
OS-based authentication
External server-based authentication

https://www.percona.com/blog/postgresql-database-security-external-server-based-authentication/

参考：
https://www.postgresql.org/docs/current/runtime-config-connection.html
https://www.postgresql.org/docs/current/auth-username-maps.html
https://github.com/digoal/blog/blob/master/201701/20170111_01.md

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.luyixian.cn/news_show_74982.aspx

如若内容造成侵权/违法违规/事实不符，请联系dt猫网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！