database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Replace the virtual_host and tcpip_socket parameters with a unified

Browse Source 
listen_addresses parameter, as per recent discussion.  The default behavior
is now to listen on localhost, which eliminates the need for the -i
postmaster switch in many scenarios.

Andrew Dunstan
This commit is contained in:
Tom Lane
2004-03-23 01:23:48 +00:00
parent 0d88dd1e50
commit 2e45c143ef
9 changed files with 147 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
doc/src/sgml/client-auth.sgml
View File

@ -1,5 +1,5 @@
<!--
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.64 2004/03/09 16:57:46 neilc Exp $
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.65 2004/03/23 01:23:48 tgl Exp $
-->
<chapter id="client-authentication">
@ -112,13 +112,19 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
<listitem>
<para>
This record matches connection attempts made using TCP/IP.
Note that TCP/IP connections are disabled unless the server is
started with the <option>-i</option> option or the <xref
linkend="guc-tcpip-socket"> configuration parameter is
enabled. <literal>host</literal> records match either
<literal>host</literal> records match either
<acronym>SSL</acronym> or non-<acronym>SSL</acronym> connection
attempts.
</para>
<note>
<para>
Remote TCP/IP connections will not be possible unless
the server is started with an appropriate value for the
<xref linkend="guc-listen-addresses"> configuration parameter,
since the default behavior is to listen for TCP/IP connections
only on the local loopback address <literal>localhost</>.
</para>
</note>
</listitem>
</varlistentry>
@ -126,17 +132,17 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
<term><literal>hostssl</literal></term>
<listitem>
<para>
This record matches connection attempts made using TCP/IP. In
addition, this record requires that the connection is made with
<acronym>SSL</acronym>.
This record matches connection attempts made using TCP/IP,
but only when the connection is made with <acronym>SSL</acronym>
encryption.
</para>
<para>
To make use of this option the server must be built with
<acronym>SSL</acronym> support enabled. Furthermore,
<acronym>SSL</acronym> must be enabled by setting the <xref
linkend="guc-ssl"> configuration parameter (see <xref
linkend="ssl-tcp"> for more information).
<acronym>SSL</acronym> support. Furthermore,
<acronym>SSL</acronym> must be enabled at server start time
by setting the <xref linkend="guc-ssl"> configuration parameter (see
<xref linkend="ssl-tcp"> for more information).
</para>
</listitem>
</varlistentry>
@ -146,8 +152,8 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
<listitem>
<para>
This record is similar to <literal>hostssl</> but with the
opposite logic: it only matches connection attempts made over
TCP/IP that do not use <acronym>SSL</acronym>.
opposite logic: it only matches connection attempts made over
TCP/IP that do not use <acronym>SSL</acronym>.
</para>
</listitem>
</varlistentry>

35
doc/src/sgml/ref/postmaster.sgml
View File

@ -1,5 +1,5 @@
<!--
$PostgreSQL: pgsql/doc/src/sgml/ref/postmaster.sgml,v 1.46 2004/03/09 16:57:47 neilc Exp $
$PostgreSQL: pgsql/doc/src/sgml/ref/postmaster.sgml,v 1.47 2004/03/23 01:23:48 tgl Exp $
PostgreSQL documentation
-->
@ -165,11 +165,17 @@ PostgreSQL documentation
<term><option>-h <replaceable class="parameter">hostname</replaceable></option></term>
<listitem>
<para>
Specifies the IP host name or address on which the
<command>postmaster</command> is to listen for
connections from client applications. Defaults to
listening on all configured addresses (including
<systemitem class="systemname">localhost</systemitem>).
Specifies the IP host name or address on which the
<command>postmaster</command> is to listen for TCP/IP
connections from client applications. The value can also be
a space-separated list of addresses, or <literal>*</> to specify
listening on all available interfaces. An empty value specifies
not listening on any IP addresses, in which case only Unix-domain
sockets can be used to connect to the <command>postmaster</command>.
Defaults to listening only
on <systemitem class="systemname">localhost</systemitem>.
This option is equivalent to setting <literal>listen_addresses</> in
<filename>postgresql.conf</>.
</para>
</listitem>
</varlistentry>
@ -178,14 +184,16 @@ PostgreSQL documentation
<term><option>-i</option></term>
<listitem>
<para>
Allows clients to connect via TCP/IP (Internet domain)
connections. Without this option, only local Unix domain
socket connections are accepted. This option corresponds
to setting <literal>tcpip_socket=true</> in <filename>postgresql.conf</>.
Allows remote clients to connect via TCP/IP (Internet domain)
connections. Without this option, only local connections are
accepted. This option is equivalent to setting
<literal>listen_addresses</> to <literal>*</> in
<filename>postgresql.conf</> or via <option>-h</>.
</para>
<para>
<option>--tcpip-socket=false</option> has the opposite
effect of this option.
This option is deprecated since it does not allow access to the
full functionality of <literal>listen_addresses</>. It's usually
better to set <literal>listen_addresses</> directly.
</para>
</listitem>
</varlistentry>
@ -206,8 +214,7 @@ PostgreSQL documentation
<term><option>-l</option></term>
<listitem>
<para>
Enables secure connections using SSL. The <option>-i</option>
option is also required. You must have compiled with SSL
Enables secure connections using SSL. You must have compiled with SSL
enabled to use this option.
</para>
</listitem>

79
doc/src/sgml/runtime.sgml
View File

@ -1,5 +1,5 @@
<!--
$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.251 2004/03/15 17:57:51 momjian Exp $
$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.252 2004/03/23 01:23:48 tgl Exp $
-->
<Chapter Id="runtime">
@ -186,11 +186,7 @@ $ <userinput>postmaster -D /usr/local/pgsql/data &gt;logfile 2&gt;&amp;1 &amp;</
<para>
The <command>postmaster</command> also takes a number of other
command line options. For more information, see the reference page
and <xref linkend="runtime-config"> below. In particular, in order
for the server to accept
TCP/IP<indexterm><primary>TCP/IP</primary></indexterm> connections
(rather than just Unix-domain socket ones), you must specify the
<option>-i</option> option.
and <xref linkend="runtime-config"> below.
</para>
<para>
@ -333,7 +329,7 @@ FATAL: could not create TCP/IP listen socket
be a different problem. For example, trying to start a <command>postmaster</command>
on a reserved port number may draw something like:
<screen>
$ <userinput>postmaster -i -p 666</userinput>
$ <userinput>postmaster -p 666</userinput>
LOG: could not bind IPv4 socket: Permission denied
HINT: Is another postmaster already running on port 666? If not, wait a few seconds and retry.
FATAL: could not create TCP/IP listen socket
@ -570,19 +566,38 @@ SET ENABLE_SEQSCAN TO OFF;
<title>Connection Settings</title>
<variablelist>
<varlistentry id="guc-tcpip-socket" xreflabel="tcpip_socket">
<term><varname>tcpip_socket</varname> (<type>boolean</type>)</term>
<varlistentry id="guc-listen-addresses" xreflabel="listen_addresses">
<term><varname>listen_addresses</varname> (<type>string</type>)</term>
<listitem>
<para>
If this is true, then the server will accept TCP/IP connections.<indexterm><primary>TCP/IP</></>
Otherwise only local Unix domain socket connections are
accepted. It is off by default. This option can only be set at
server start.
Specifies the TCP/IP address(es) on which the server is
to listen for connections from client applications.
The value takes the form of a space-separated list of host names
and/or numeric IP addresses. The special entry <literal>*</>
corresponds to all available IP interfaces.
If the list is empty, the server does not listen on any IP interface
at all, in which case only Unix-domain sockets can be used to connect
to it.
The default value is <systemitem class="systemname">localhost</>,
which allows only local <quote>loopback</> connections to be made.
This parameter can only be set at server start.
</para>
</listitem>
</varlistentry>
<varlistentry id="guc-port" xreflabel="port">
<term><varname>port</varname> (<type>integer</type>)</term>
<indexterm><primary>port</></>
<listitem>
<para>
The TCP port the server listens on; 5432 by default. Note that the
same port number is used for all IP addresses the server listens on.
This parameter can only be set at server start.
</para>
</listitem>
</varlistentry>
<varlistentry id="guc-max-connections" xreflabel="max_connections">
<term><varname>max_connections</varname> (<type>integer</type>)</term>
<listitem>
@ -628,17 +643,6 @@ SET ENABLE_SEQSCAN TO OFF;
</listitem>
</varlistentry>
<varlistentry id="guc-port" xreflabel="port">
<term><varname>port</varname> (<type>integer</type>)</term>
<indexterm><primary>port</></>
<listitem>
<para>
The TCP port the server listens on; 5432 by default. This
option can only be set at server start.
</para>
</listitem>
</varlistentry>
<varlistentry id="guc-unix-socket-directory" xreflabel="unix_socket_directory">
<term><varname>unix_socket_directory</varname> (<type>string</type>)</term>
@ -648,6 +652,7 @@ SET ENABLE_SEQSCAN TO OFF;
server is to listen for
connections from client applications. The default is normally
<filename>/tmp</filename>, but can be changed at build time.
This parameter can only be set at server start.
</para>
</listitem>
</varlistentry>
@ -701,27 +706,15 @@ SET ENABLE_SEQSCAN TO OFF;
</para>
</listitem>
</varlistentry>
<varlistentry id="guc-virtual-host" xreflabel="virtual_host">
<term><varname>virtual_host</varname> (<type>string</type>)</term>
<listitem>
<para>
Specifies the IP address(es) on which the server is
to listen for connections from client applications. If specified,
it takes the form of a space-separated list of host names and/or
numeric IP addresses. If the list is empty, the server listens
on all available addresses (including
<systemitem class="systemname">localhost</>).
</para>
</listitem>
</varlistentry>
<varlistentry id="guc-rendezvous-name" xreflabel="rendezvous_name">
<term><varname>rendezvous_name</varname> (<type>string</type>)</term>
<listitem>
<para>
Specifies the Rendezvous broadcast name. By default, the
computer name is used, specified as ''.
computer name is used, specified as an empty string ''.
This option is only meaningful on platforms that support Rendezvous.
This option can only be set at server start.
</para>
</listitem>
</varlistentry>
@ -3009,11 +3002,11 @@ dynamic_library_path = '/usr/local/lib/postgresql:/home/my_project/lib:$libdir'
</row>
<row>
<entry><option>-h <replaceable>x</replaceable></option></entry>
<entry><literal>virtual_host = <replaceable>x</replaceable></></entry>
<entry><literal>listen_addresses = <replaceable>x</replaceable></></entry>
</row>
<row>
<entry><option>-i</option></entry>
<entry><literal>tcpip_socket = on</></entry>
<entry><literal>listen_addresses = '*'</></entry>
</row>
<row>
<entry><option>-k <replaceable>x</replaceable></option></entry>