Re: [GENERAL] Unable to connect to Postgresql
| От | Adrian Klaver |
|---|---|
| Тема | Re: [GENERAL] Unable to connect to Postgresql |
| Дата | |
| Msg-id | 77ec5cec-626a-b118-6572-edf54a63dcde@aklaver.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] Unable to connect to Postgresql (John Iliffe <john.iliffe@iliffe.ca>) |
| Ответы |
Re: [GENERAL] Unable to connect to Postgresql
|
| Список | pgsql-general |
On 04/08/2017 06:26 AM, John Iliffe wrote: > On Saturday 08 April 2017 00:10:14 Adrian Klaver wrote: >> On 04/07/2017 07:45 PM, Joe Conway wrote: >>> On 04/07/2017 05:35 PM, Adrian Klaver wrote: >>>> On 04/07/2017 05:03 PM, John Iliffe wrote: >>>>>>> Running on Fedora 25 with SELinux in PERMISSIVE mode. The audit >>>>>>> log shows no hits on Postgresql. >>>>> >>>>> My going in position was/still is, that this is a SELinux security >>>>> problem >>>>> but I am finding SELinux to be the most opaque and badly documented >>>>> software >>>>> that I have ever had to deal with, which is why it is running in >>>>> permissive >>>>> mode at the moment. >>>> >>>> Well what I know about SELinux would fit in the navel of a flea(tip >>>> of the hat to David Niven), so I can not be of much help there. The >>>> reason I am returned this thread to the list, there are folks that >>>> do understand it. >>> >>> If SELinux is running in permissive I don't see how it could be at >>> fault for your issue. Did you verify that (getenforce)? >>> >>>>> -------------------------- >>>>> [Fri Apr 07 17:03:28.597101 2017] [php7:warn] [pid 1797:tid >>>>> 140599445419776] [client 192.168.1.10:45127] PHP Warning: >>>>> pg_connect(): Unable to connect to PostgreSQL server: could not >>>>> connect to server: No such file or directory\n\tIs the server >>>>> running locally and >>>>> accepting\n\tconnections on Unix domain socket >>>>> "/tmp/.s.PGSQL.5432"? in /httpd/iliffe/testfcgi.php on >>>>> line 121 ---------------------------- >>> >>> This might be a silly question, but is PHP running on the same server >>> as Postgres? >> >> To add to this, previously you mentioned: >> >> "Also, using the on board firewall (firewalld) to provide a secondary >> domain where the actual business processes run. " >> >> What exactly does that mean? > I'm trying/planning to use firewalld to keep certain remote addresses from > connecting to the mail server. Since I have it anyway, I want to > strengthen the security by moving non-Internet connections internal of that > firewall so only Apache is exposed to the Internet and the databases, etc, > are internal. > > This is a Unix domain socket connection so I don't think the firewall should > get involved. So what if you change the connection to use -h localhost? > > Since you raised the question, I added port 5432 to the open list in > firewalld but it didn't make any difference, still not connecting. >> >>> HTH, >>> >>> Joe > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: