Setting Up Remote PostgreSQL Access on VPS

Step 4: Verify Connectivity

Test the connection from a remote machine using a PostgreSQL client. Ensure the firewall and network rules also allow the connection..

Editing the PostgreSQL Configuration Files for Remote Access

To enable remote access to PostgreSQL, you need to modify two key configuration files: postgresql.conf and pg_hba.conf. These files control how PostgreSQL listens for incoming connections and authenticates clients.

Step 1: Locate the Configuration Files

The configuration files are usually located in the PostgreSQL data directory. Use the following command to find them:

sudo find / -name "postgresql.conf"
sudo find / -name "pg_hba.conf"

Step 2: Edit the postgresql.conf File

Open the postgresql.conf file with a text editor:

sudo nano /path/to/postgresql.conf

Look for the listen_addresses parameter. By default, it is set to localhost. Change it to the IP address you want PostgreSQL to listen on or use '*' to allow all addresses:

listen_addresses = '*'

Save the file and exit.

Step 3: Edit the pg_hba.conf File

Open the pg_hba.conf file with a text editor:

sudo nano /path/to/pg_hba.conf

Add an entry to allow connections from specific IPs or subnets. For example, to allow connections from the 192.168.1.0/24 subnet:

host    all    all    192.168.1.0/24    md5

Save the file and exit.

Step 4: Restart PostgreSQL

After editing the files, restart PostgreSQL to apply the changes:

sudo systemctl restart postgresql

Setting Up User Roles for Remote Access

To enable secure and efficient remote access in PostgreSQL, you must create and configure user roles with appropriate privileges. Follow these steps to set up user roles for remote access:

Connect to PostgreSQL

Log in to your PostgreSQL instance as a superuser, such as postgres:

sudo -i -u postgres
psql

Create a New Role

Use the CREATE ROLE command to create a new user role. Replace username and password with your desired values:

CREATE ROLE username WITH LOGIN PASSWORD 'password';

Grant Privileges

Assign specific privileges to the role depending on the level of access required. For example, to allow database connection and creation:

GRANT CONNECT ON DATABASE your_database TO username;
GRANT CREATE ON DATABASE your_database TO username;

Configure Remote Access for the Role

Edit the pg_hba.conf file to permit remote access for this role. Add a line specifying the IP address range and authentication method:

host    all    username    192.168.1.0/24    md5

Restart PostgreSQL to apply the changes:

sudo systemctl restart postgresql

Verify Role Access

Test the role’s connectivity from a remote client using a PostgreSQL client tool:

psql -h your_vps_ip -U username -d your_database

Configuring the VPS Firewall for PostgreSQL Connections

To allow remote PostgreSQL connections, you need to configure the VPS firewall to accept traffic on PostgreSQL’s default port, 5432. This process ensures secure and controlled access to the database server.

Check the Current Firewall Status

Ensure the firewall is active and managing the traffic. Use the following command:

sudo ufw status

If ufw is inactive, enable it:

sudo ufw enable

Allow PostgreSQL Port

Permit traffic on port 5432 for specific IP ranges or all addresses if required. For a specific IP (e.g., 192.168.1.100):

sudo ufw allow from 192.168.1.100 to any port 5432

To allow traffic from an entire subnet (e.g., 192.168.1.0/24):

sudo ufw allow from 192.168.1.0/24 to any port 5432

For unrestricted access (not recommended), allow connections from all addresses:

sudo ufw allow 5432

Reload the Firewall Rules

After adding the rules, reload ufw to apply the changes:

sudo ufw reload

Verify the Configuration

Check the updated rules to ensure the port is open:

sudo ufw status

Look for rules allowing traffic on port 5432.

Test the Connection

From a remote client, attempt to connect to the PostgreSQL server:

psql -h your_vps_ip -U username -d your_database