How to Configure Postgres to Allow Remote Connections

  • Document ID:7023549
  • Creation Date:29-Nov-2018
  • Modified Date:30-Nov-2018
    • Micro Focus Products:
      GWAVA (Secure Messaging Gateway)

Environment

GWAVA (Secure Messaging Gateway) 7

Situation

If the Secure Messaging Gateway server is being deployed into an existing GWAVA or Secure Messaging Gateway network, there are a few settings which need to be configured. The Secure Messaging Gateway Network shares the databases to keep the configuration, quarantine, and statistics up to date and common across the whole system. A Secure Messaging Gateway Network is utilized when multiple servers are required to handle the load or must be separated due to the host network and design where multiple Secure Messaging Gateway appliances at multiple locations are required.


Resolution

In order for the databases to be accessible to all Secure Messaging Gateway servers, Postgres must be configured to allow remote connections.

  1. Configure Postgres to allow remote connections.

    To configure Postgres to allow remote connections a file must be modified.

    NOTE:The file must be modified as root user.

    The file which must be modified is: (replace the 9.x directory with the running version of Postgres. Likely 9.5)

    /etc/postgresql/9.x/main/pg_hba.conf

    As the root user, open the pg_hba.conf file with the preferred editor and locate the line: # IPv4 local connections:

    host all all 127.0.0.1/32 md5

    This line only specifies connections from the localhost. Add new connection addresses to this line to allow for multiple and remote connections.

    Modify the line to make it look similar to this:

    # IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 10.1.29.0/24 md5

  2. Determine and set allowed connection addresses.

    Modifying the pg_hba_conf file correctly requires that the IP addresses of the remaining Secure Messaging Gateway servers are known. The addresses may be specified individually or they may be specified in a range.

    For example, the above specified address setting of “10.1.29.0/24” will allow connections from any address of 10.1.29.x.

    If a subnet of addresses is desired, it may also be specified as such:

    10.0.0.0/8 Will allow any connection from addresses 10.x.x.x

    172.16.0.0/16 Will allow any connection from addresses 172.16.x.x

    192.168.1.0/24 Will allow any connection from addresses 192.168.1.x

    Or if a specific IP is to be specified: 192.168.1.20/32

    Once the file has been modified to allow connections from the desired addresses, save the file.

  3. Restart Postgres.

    Postgres must be restarted to load the new configuration. Once Postgres has been restarted, the rest of the Secure Messaging Gateway servers may be deployed and initialized. 

    /etc/init.d/postgresql restart

    With Postgres now configured to allow multiple connections, the initialization of the rest of the Secure Messaging Gateway servers may be completed. Make sure that the address for the newly configured Postgres server is used for configuring the remaining servers