- FreeBSD
+ FreeBSD
+ OpenBSD
The options SYSVSHM and SYSVSEM need
the option SHMMAXPGS (in pages). The following
shows an example of how to set the various parameters:
-options SYSVSHM
-options SHMMAXPGS=4096
-options SHMSEG=256
-
-options SYSVSEM
-options SEMMNI=256
-options SEMMNS=512
-options SEMMNU=256
+options SYSVSHM
+options SHMMAXPGS=4096
+options SHMSEG=256
+
+options SYSVSEM
+options SEMMNI=256
+options SEMMNS=512
+options SEMMNU=256
options SEMMAP=256
-
- If your platform is not listed here, please consider
- contributing some information.
-
-
-
+
+
+
Resource Limits
+
+ Unix-like operating systems enforce various kinds of resource
+ limits that might interfere with the operation of your
+
Postgres server. Of importance are
+ especially the limits on the number of processes per user, the
+ number of open files per process, and the amount of memory
+ available to a process. Each of these have a hard
+ and a soft
limit. The soft limit is what actually
+ counts but it can be changed by the user up to the hard limit.
+ The hard limit can only be changed by the root user. The system
+ call setrlimit is responsible for setting
+ these parameters. The shell the built-in command
+ ulimit (Bourne shells) or
+ limit (csh) is used to control the resource
+ limits from the command line. On BSD-derived systems the file
+ /etc/login.conf controls what values the
+ various resource limits are set to upon login. See
+ login.conf
+ 5 for details. The relevant
+ parameters are maxproc,
+ openfiles, and datasize.
+ For example:
+default:\
+...
+ :datasize-cur=256M:\
+ :maxproc-cur=256:\
+ :openfiles-cur=256:\
+...
+
+ (-cur is the soft limit. Append
+ -max to set the hard limit.)
+
+
+ Kernels generally also have an implementation-dependent
+ system-wide limit on some resources.
+
+
+ /proc/sys/fs/file-max determines the
+ maximum number of files that the kernel will allocate. It can
+ be changed by writing a different number into the file or by
+ adding an assignment in /etc/sysctl.conf.
+ The maximum limit of files per process is fixed at the time the
+ kernel is compiled; see
+ /usr/src/linux/Documentation/proc.txt for
+ more information.
+
+
+
+
+ The
Postgres server uses one process
+ per connection so you should provide for at least as many processes
+ as allowed connections, in addition to what you need for the rest
+ of your system. This is usually not a problem but if you run
+ several servers on one machine things might get tight.
+
+
+ The factory default limit on open files is often set to
+ socially friendly
values that allow many users to
+ coexist on a machine without using an inappropriate fraction of
+ the system resources. If you run many servers on a machine this
+ is perhaps what you want, but on dedicated servers you may want to
+ raise this limit.
+
+
can be started with the argument
SSL connections. When starting in SSL mode, the postmaster will look
for the files server.key and server.crt in
- the data directory (pointed to by PGDATA).
- These files should contain the server private key
+ the data directory. These files should contain the server private key
and certificate respectively. These files must be set up correctly
before an SSL-enabled server can start. If the private key is protected
with a passphrase, the postmaster will prompt for the passphrase and will
- not start until it has been provided.
+ not start until it has been entered.
The postmaster will listen for both standard and SSL connections
on the same TCP/IP port, and will negotiate with any connecting
client whether or not to use SSL.
- See
+ See
about how to force on the server side the use of SSL for certain
connections.
by a CA (either one of the global CAs or a local one) should be used in
production so the client can verify the servers identity. To create
a quick self-signed certificate, use the following OpenSSL command:
- openssl req -new -text -out cert.req
-
+openssl req -new -text -out cert.req
+
Fill out the information that openssl asks for. Make sure that you enter
the local host name as Common Name; the challenge password can be
- left blank. The script will generate a key that is passphrase protected;
- it will not accept a pass phrase that is less than four characters long.
- To remove the passphrase (as you must if you want automatic start-up of
- the postmaster), run the commands
- mv privkey.pem cert.pem.pw
- openssl rsa -in cert.pem.pw -out cert.pem
-
+ left blank. The script will generate a key that is passphrase protected;
+ it will not accept a pass phrase that is less than four characters long.
+ To remove the passphrase (as you must if you want automatic start-up of
+ the postmaster), run the commands
+mv privkey.pem cert.pem.pw
+openssl rsa -in cert.pem.pw -out cert.pem
+
Enter the old passphrase to unlock the existing key. Now do
- openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
- cp cert.pem $PGDATA/server.key
- cp cert.cert $PGDATA/server.crt
-
+openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
+cp cert.pem $PGDATA/server.key
+cp cert.cert $PGDATA/server.crt
+
to turn the certificate into a self-signed certificate and to copy the
- key and certificate to where the postmaster will look for them.
+ key and certificate to where the postmaster will look for them.
projects / postgresql.git / commitdiff