| From: | John Iliffe <john(dot)iliffe(at)iliffe(dot)ca> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, Joe Conway <mail(at)joeconway(dot)com> |
| Subject: | Re: Unable to connect to Postgresql |
| Date: | 2017-04-08 20:23:50 |
| Message-ID: | 201704081623.50835.john.iliffe@iliffe.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Saturday 08 April 2017 09:38:07 Adrian Klaver wrote:
> On 04/08/2017 06:26 AM, John Iliffe wrote:
> > On Saturday 08 April 2017 00:10:14 Adrian Klaver wrote:
> >> On 04/07/2017 07:45 PM, Joe Conway wrote:
> >>> On 04/07/2017 05:35 PM, Adrian Klaver wrote:
> >>>> On 04/07/2017 05:03 PM, John Iliffe wrote:
> >>>>>>> Running on Fedora 25 with SELinux in PERMISSIVE mode. The audit
> >>>>>>> log shows no hits on Postgresql.
> >>>>>
> >>>>> My going in position was/still is, that this is a SELinux security
> >>>>> problem
> >>>>> but I am finding SELinux to be the most opaque and badly
> >>>>> documented software
> >>>>> that I have ever had to deal with, which is why it is running in
> >>>>> permissive
> >>>>> mode at the moment.
> >>>>
> >>>> Well what I know about SELinux would fit in the navel of a flea(tip
> >>>> of the hat to David Niven), so I can not be of much help there. The
> >>>> reason I am returned this thread to the list, there are folks that
> >>>> do understand it.
> >>>
> >>> If SELinux is running in permissive I don't see how it could be at
> >>> fault for your issue. Did you verify that (getenforce)?
> >>>
> >>>>> --------------------------
> >>>>> [Fri Apr 07 17:03:28.597101 2017] [php7:warn] [pid 1797:tid
> >>>>> 140599445419776] [client 192.168.1.10:45127] PHP Warning:
> >>>>> pg_connect(): Unable to connect to PostgreSQL server: could not
> >>>>> connect to server: No such file or directory\n\tIs the server
> >>>>> running locally and
> >>>>> accepting\n\tconnections on Unix domain socket
> >>>>> "/tmp/.s.PGSQL.5432"? in /httpd/iliffe/testfcgi.php on
> >>>>> line 121 ----------------------------
> >>>
> >>> This might be a silly question, but is PHP running on the same
> >>> server as Postgres?
> >>
> >> To add to this, previously you mentioned:
> >>
> >> "Also, using the on board firewall (firewalld) to provide a secondary
> >> domain where the actual business processes run. "
> >>
> >> What exactly does that mean?
> >
> > I'm trying/planning to use firewalld to keep certain remote addresses
> > from connecting to the mail server. Since I have it anyway, I want
> > to strengthen the security by moving non-Internet connections
> > internal of that firewall so only Apache is exposed to the Internet
> > and the databases, etc, are internal.
> >
> > This is a Unix domain socket connection so I don't think the firewall
> > should get involved.
>
> So what if you change the connection to use -h localhost?
Can you please expand on that request? I'm not sure where you want me to
put that directive. I'm using the mod_php module in Apache.
>
> > Since you raised the question, I added port 5432 to the open list in
> > firewalld but it didn't make any difference, still not connecting.
> >
> >>> HTH,
> >>>
> >>> Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2017-04-08 22:10:35 | Re: Unable to connect to Postgresql |
| Previous Message | John Iliffe | 2017-04-08 20:19:18 | Re: Unable to connect to Postgresql |