Postgres 无法侦听特定 IP 地址 [英] Postgres can't listen to a specific IP address

问题描述

我试图阻止对我的 PostgreSQL 的访问，并只允许访问本地主机和我的机器外部 IP，例如:172.211.xx.xx".此 IP 由我的 ISP(互联网服务提供商)提供.

I'm trying to block access to my PostgreSQL and allow access only to Localhost and my machine external IP, something like: "172.211.xx.xx". This IP is provided by my ISP (Internet Service Provider).

在 postgresql.conf 中，我设置了以下行:

In postgresql.conf I set the following line:

listen_addresses = '179.211.xx.xx'

但是我无法从我的机器连接到数据库.我得到服务器不听".如果我改为:

But I can't connect to the database from my machine. I get "Server don't listen". If I change to:

 listen_addresses = '*'

一切正常，但我做不到.我只需要启用对这个 IP 的访问.这是我项目的安全要求.

everything works, but I can't do it. I need to enable access only to this IP. This is a security requirement of my project.

我的pg_hba.conf:

host    all             all             0.0.0.0/0            md5

推荐答案

postgresql.conf 中的参数 listen_addresses 控制服务器将响应的 IP 地址，不是服务器将允许连接进行身份验证的那些.在我看来，将 listen_addresses 设置为 * 并将其余部分限制在 pg_hba.conf 中就可以了.换句话说:在 pg_hba.conf 中进行微调就可以了.

The parameter listen_addresses at postgresql.conf sort of controls which ip addresses the server will answer on, not which ones the server will permit connections to authenticate. In my eyes, it's alright to set the listen_addresses to * and constrain the rest in the pg_hba.conf. In other words: doing the fine tuning at the pg_hba.conf is just fine.

所以..

 listen_addresses = '*'

.. 和..

host all all 179.211.198.0/24

...应该这样做.这意味着所有用户都可以访问此 ip 范围内的所有数据库.您可以进一步限制特定用户对某些数据库的访问:

.. should do. Which means that all users have access to all databases from this ip range. You can go further limiting access for specific users to certain databases:

host my_db my_user 179.211.198.0/24

这篇关于Postgres 无法侦听特定 IP 地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！