I am using a remote PostgreSQL on another server and want to deploy Rails app to AWS. I want the AWS to communicate with that remote PostgreSQL database server.
I'm getting the error:
FATAL: Peer authentication failed for user "postgres"
Although I've whitelisted the IP in pg_hba.conf
How I've whitelisted?
I've seen the Public IP in AWS Console and added that. I've pinged my AWS site and added that IP.
Peer authentication in the error means you're not trying to connect remotely, but locally. You must review the settings in database.yml. See
PG Peer authentication failed for a related question.
Once you're ready to connect to the real remote server, that'll probably still won't work with the pg_hba.conf linked to in the comments because of:
host all all * md5
host all all [AWS-PINGED-IP] md5
host all all [AWS-SPECIFIED-PUBLIC-IP] md5
* is not accepted as an IP address mask, shell wildcards syntax is not welcome here. Use 0.0.0.0/0 in CIDR notation to mean "any IPv4 address".
Or remove entirely this line if you didn't mean to accept connections from any address, which seems to be the case given the two lines after.
Note that rules interpretation stops at the first match in order of declaration, so it doesn't make sense to have an "accept-all" rule followed by a much more restrictive rule, as the latter will always be ignored.
Related
I have Docker containers which use a bridge network with subnet 172.16.238.0/24 and I'm connecting to external databases. (Successfully.)
What I'd like to know, though, is: what IP address does the remote database see the connection as coming from? Does it see an address in the subnet address range on any of the packets that it receives?
If it is a remote server, it will see the public IP of the host, which is running the docker container/docker service.
Okay, thank you Husein ... I'll call it "answered."
The reason for my question is that I'm getting an unexpected security-error from an AS/400 DB2 database when I think I'm giving it the right password. I just wanted to make sure that a 172.16.238.xxx IP-address wasn't showing up in any of the internal fields of the packet that the remote database might be examining. (Naturally, this database is well-protected.) I'll follow up with the friendly DBA's now ... and if they say anything interesting I'll add it to this or another ticket.
I believe the way to creating a remote connection is by changing this line in conf/neo4j-server.properties, specifically by removing the comment and restarting the server.
org.neo4j.server.webserver.address=0.0.0.0
My URL is https://0.0.0.0:7473/browser/ and works on the local machine, but when I test the URL in Safari on iPhone over 3G, it cannot connect.
What do I set the address to in the properties file?
I thought it was the IP address of my computer, but after trying the remote address which I got from Googling “ip address mac” that didn’t work, nor did (obviously) the local IP address of my machine, 192.168.0.14
I should point out that setting it to the IP address from Google throws an error and the log reads:
2015-01-29 17:10:08.888+0000 INFO [API] Failed to start Neo Server on port [7474], reason [MultiException[java.net.BindException: Can't assign requested address, java.net.BindException: Can't assign requested address]]
With default configuration Neo4j only accepts local connections
In neo4j-community-3.1.0 edit conf/neo4j.conf file and uncomment the following to accept non-local connections
dbms.connectors.default_listen_address=0.0.0.0
By setting
org.neo4j.server.webserver.address=0.0.0.0
enables Neo4j on all network interfaces.
The remainder of that reply is not Neo4j related at all - it's regular networking. Double check if port 7473 (and/or 7474) are not blocked neither be a locally running firewall nor by your router. You local IP 192.168.0.14 indicates you're behind a router doing NAT. Therefore you have to setup a port forwarding in your router for the ports mentioned above.
Please be aware that this is potentially dangerous since everyone knowing your external IP can access your Neo4j instance. Consider using either https://github.com/neo4j-contrib/authentication-extension or use a VPN in favour of port forwarding.
in 3.0:
##### To have HTTP accept non-local connections, uncomment this line
dbms.connector.http.address=0.0.0.0:7474
Confused myself with the setting. Anyone who has the same problem, 0.0.0.0 just means “this server isn’t local any more” and so to access it you use the public IP address of the computer that’s hosting the Neo4j server.
Just make sure that the ports you set in the server properties (default are 7474 and 7473) are open for incoming connections on your router/firewall etc.
I think there's some confusion here. That configuration property org.neo4j.server.webserver.address is about which IP address the server you're starting listens on for external connections. Relevant documentation is here.
It seems you're asking how to configure your database to talk to a remote database. I don't think you can do that. Rather, by editing that file you're planning on running a database on the host where that file is. Your local database on that host will write files to wherever the org.neo4j.server.database.location configuration parameter points.
A remote connection is something that the neo4j shell might establish, or that you browser might make to a foreign server running neo4j; but you don't establish that sort of remote connection by editing that file. Hopefully this helps.
Also if you have ssh access to remote server with neo4j you can setup ssh tunnel to access it via localhost:
ssh -NfL localhost:7474:localhost:7474 -L localhost:7687:localhost:7687 yourname#yourhost
then type in browser:
localhost:7474
Depends on the version.
Look for the phrase 'non-local connections' in the conf file.(In my case, $NEO4J_HOME/conf/neo4j.conf)
Then follow the instructions in the comments.
In my case,
# With default configuration Neo4j only accepts local connections.
# To accept non-local connections, uncomment this line:
server.default_listen_address=0.0.0.0
I'm creating an iOS app that uses a Rails API backend on Heroku. Periodically (one every 20 API calls), heroku cannot be found. The following NSError is returned:
Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo=0x755ce00 {NSErrorFailingURLStringKey=https://xxx.herokuapp.com/api/v1/matchups, NSErrorFailingURLKey=https://xxx.herokuapp.com/api/v1/matchups, NSLocalizedDescription=A server with the specified hostname could not be found., NSUnderlyingError=0x71ca730 "A server with the specified hostname could not be found."
Seems like a DNS issue on the network to which your iPhone/iPad is connected. To be sure, try any of the following:
1) Change your host name to an IP address instead of a string hostname, and add a Host: header to the HTTP request.
2) If (1) is hard, set your iPhone's DNS to a PC on your LAN, and install a DNS server on that PC, and serve at least that specific address directly from the PC (don't recurse for that domain).
It looks like you are being hit by a Dyno sleep behaviour. Please check this documentation, specially the section Dyno sleeping and make sure you understand it.
Also there are several ways to keep the app on, like pinging the site regularly.
Another option is DNS, create an Ad-Hoc network on your computer and connect your iphone to that network. Use wireshark to make a network capture and analyse the DNS and HTTP responses.
Your url = https://xxx.herokuapp.com/api/v1/matchups
Did you explicitly specify your subdomain xxx with your domain provider to direct to your server IP?
If not, try add a new A record with your subdomain xxx point to your server IP.
Hope that helps.
Is it possible to make requests for example with Savon through something like ssh-tunnel. I can run this stuff from my stage server whose IP is whitelisted in the service I'm sending requests to. But of course I want to do the development on my computer :P so is there any option to do that? I've already tried savon's proxy: option in many combinations such as
proxy: "http://name:password#my_stage_server.com"
etc. I'm using Ruby on Rails.
SSH tunnels are the way to go. They are easy to set up, use this in one terminal session:
ssh -L 8080:servicehost:80 myuser#stagingserver
Once established, leave it open. It'll open port 8080 on your localhost as a tunnel to the TCP service at host:443. Point savon to http://localhost:8080/some/url/to/service to access the service running on http://servicehost/some/url/to/service.
If you need this frequently, it's convenient to add it to your ssh config file, which is located at ~/.ssh/config. It's a plain text file, the example above would look like this:
Host staging
HostName hostname.domain
LocalForward 8080 servicehost:80
User myuser
With this configuration you can open the tunnel by simply issuing ssh staging. There are more options you could set, please refer to the MAN page for details.
Hostname resolution
Keep in mind that the hostname servicehost must be resolvable from your staging server, not your development machine. You can use IP addresses, too.
Getting:
An error has occurred:
Error connecting to the server: fe_sendauth: no password supplied
Settings in database.yml are the same as the app setup on other machines.
How can I set things up so that I don't need a password hardcoded?
I can view the db ok using PgAdmin-III.
I'd rather not have the password in database.yml as other machines using this app don't have/need it, so it seems likely to be something about my Pg install.
You need to change your change your pg_hba.conf. Here's an example of mine:
pg_hba.conf:
TYPE DATABASE USER ADDRESS METHOD
host all all 127.0.0.1/32 trust
host all PC 127.0.0.1/32 trust
host all all ::1/128 trust
Note that trust means that anyone on address (in this case localhost) can connect as the listed user (or in this case any user of their choice). This is really only suitable for development configurations with unimportant data. Do not use this in production.
#rodrigo-zurek was spot on; you have to change the pg_hba.conf. Just want to add this answer for the OSX users because the pg_hba.conf is located in a different place by default.
sudo su - postgres
vim /Library/PostgreSQL/<YOUR_VERSION>/data/pg_hba.conf
The default will have md5 in the column METHOD, but replace all of those with trust:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Then, open up pgAdmin III inside your Applications/PostgreSQL 9.X, right click the database (e.g. PostgreSQL 9.4 (localhost)), and click Reload Configuration. After this, I was able to rake db:create.
No password supplied means you have set it up to require password authentication and no password is being supplied. Here is documentation for 9.0: http://www.postgresql.org/docs/9.0/static/auth-methods.html
Keep in mind that local auth was changed from "ident" to "peer" in 9.1 to avoid confusion. See the 9.1 docs at http://www.postgresql.org/docs/9.1/static/auth-methods.html
Also keep in mind that this is an ordered rule set with first match governing. Furthermore local and localhost are different. Local is for local UNIX domain socket connections, while host localhost would be for network connections to localhost. So it sounds like you have some troubleshooting to do but hopefully the docs should help.
#appveyor.yml
services: postgresql
test_script:
- SET PGUSER=postgres
- SET PGPASSWORD=Password12!
- PATH=C:\Program Files\PostgreSQL\9.6\bin\;%PATH%