Hey guys,
I just set up a remote SSL port to our production db servers. Yeah,
yeah, it's iffy, but management...
I generated a server.crt and server.key as per docs.
I set ssl = true in postgresql.conf
I put this in pg_hba.conf:
hostnossl all all 127.0.0.1 255.255.255.255 md5
hostnossl all all <farmip> 255.255.255.255 md5
hostnossl all all <farmip> 255.255.255.255 md5
hostssl all all <remoteip> 255.255.255.255 md5
Basically, I changed my 'host' to 'hostnossl' to deny ssl connections
there (as I noticed psql seems to connect as ssl by default), and I
allowed and required our office ip to connect ssl
Now, I get heaps and heaps of these in my postgres log, from my farm ips:
Feb 9 18:07:35 goddard postgres[33474]: [3-1] FATAL: no pg_hba.conf
entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on
Feb 9 18:07:36 goddard postgres[33476]: [3-1] FATAL: no pg_hba.conf
entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on
Feb 9 18:07:36 goddard postgres[33478]: [3-1] FATAL: no pg_hba.conf
entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on
Feb 9 18:07:45 goddard postgres[33480]: [3-1] FATAL: no pg_hba.conf
entry for host "207.228.xxx.xxx", user "us-php", database "usa", SSL on
Does this mean that libpq always attempts to connect in SSL mode and
then falls back? Is it detecting that ssl=true and assuming that, even
though that particular IP does not support SSL? Is there some way to
fix this?
Chris
Surely it should reco