- linkend="guc-tcpip-socket"> configuration parameter is
- enabled. host records match either
+ host records match either
SSL or non-
SSL connection
attempts.
+
+ Remote TCP/IP connections will not be possible unless
+ the server is started with an appropriate value for the
+ configuration parameter,
+ since the default behavior is to listen for TCP/IP connections
+ only on the local loopback address localhost.
+
+
hostssl
- This record matches connection attempts made using TCP/IP. In
- addition, this record requires that the connection is made with
+ This record matches connection attempts made using TCP/IP,
+ but only when the connection is made with
SSL + encryption .
To make use of this option the server must be built with
-
SSL support
enabled . Furthermore,
-
SSL must be enabled
by setting the - linkend="guc-ssl"> configuration parameter (see
- linkend="ssl-tcp"> for more information).
+
SSL support. Furthermore,
+
SSL must be enabled
at server start time + by setting the configuration parameter (see
+ linkend="ssl-tcp"> for more information).
This record is similar to hostssl but with the
- opposite logic: it only matches connection attempts made over
- TCP/IP that do not use
SSL .
+ opposite logic: it only matches connection attempts made over
+
TCP/IP that do not use
SSL .
-h hostname
- Specifies the IP host name or address on which the
- postmaster is to listen for
- connections from client applications. Defaults to
- listening on all configured addresses (including
- localhost).
+ Specifies the IP host name or address on which the
+ postmaster is to listen for TCP/IP
+ connections from client applications. The value can also be
+ a space-separated list of addresses, or * to specify
+ listening on all available interfaces. An empty value specifies
+ not listening on any IP addresses, in which case only Unix-domain
+ sockets can be used to connect to the postmaster .
+ Defaults to listening only
+ on localhost.
+ This option is equivalent to setting listen_addresses in
+ postgresql.conf.
-i
- Allows clients to connect via TCP/IP (Internet domain)
- connections. Without this option, only local Unix domain
- socket connections are accepted. This option corresponds
- to setting tcpip_socket=true in postgresql.conf.
+ Allows remote clients to connect via TCP/IP (Internet domain)
+ connections. Without this option, only local connections are
+ accepted. This option is equivalent to setting
+ listen_addresses to * in
+ postgresql.conf or via -h.
- --tcpip-socket=false has the opposite
- effect of this option.
+ This option is deprecated since it does not allow access to the
+ full functionality of listen_addresses. It's usually
+ better to set listen_addresses directly.
-l
- Enables secure connections using SSL. The -i
- option is also required. You must have compiled with SSL
+ Enables secure connections using SSL. You must have compiled with SSL
enabled to use this option.
The postmaster also takes a number of other
command line options. For more information, see the reference page
- and below. In particular, in order
- for the server to accept
- TCP/IP
TCP/IP connections
- (rather than just Unix-domain socket ones), you must specify the
- -i option.
+ and below.
be a different problem. For example, trying to start a postmaster
on a reserved port number may draw something like:
-$ postmaster -i - p 666
+$ postmaster -p 666
LOG: could not bind IPv4 socket: Permission denied
HINT: Is another postmaster already running on port 666? If not, wait a few seconds and retry.
FATAL: could not create TCP/IP listen socket
Connection Settings
-
- tcpip-socket" xreflabel="tcpip_socket">
- tcpip_socket boolean )
+
+ listen-addresses" xreflabel="listen_addresses">
+ listen_addresses string )
- If this is true, then the server will accept TCP/IP connections.
TCP/IP - Otherwise only local Unix domain socket connections are
- accepted. It is off by default. This option can only be set at
- server start.
+ Specifies the TCP/IP address(es) on which the server is
+ to listen for connections from client applications.
+ The value takes the form of a space-separated list of host names
+ and/or numeric IP addresses. The special entry *
+ corresponds to all available IP interfaces.
+ If the list is empty, the server does not listen on any IP interface
+ at all, in which case only Unix-domain sockets can be used to connect
+ to it.
+ The default value is localhost,
+ which allows only local loopback connections to be made.
+ This parameter can only be set at server start.
-
+
+
+ port (integer )
+
+ The TCP port the server listens on; 5432 by default. Note that the
+ same port number is used for all IP addresses the server listens on.
+ This parameter can only be set at server start.
+
+
+
+
max_connections (integer )
-
- port (integer )
-
- The TCP port the server listens on; 5432 by default. This
- option can only be set at server start.
-
-
-
-
unix_socket_directory (string )
server is to listen for
connections from client applications. The default is normally
/tmp , but can be changed at build time.
+ This parameter can only be set at server start.
-
-
- virtual_host (string )
-
- Specifies the IP address(es) on which the server is
- to listen for connections from client applications. If specified,
- it takes the form of a space-separated list of host names and/or
- numeric IP addresses. If the list is empty, the server listens
- on all available addresses (including
- localhost).
-
-
-
rendezvous_name (string )
Specifies the Rendezvous broadcast name. By default, the
- computer name is used, specified as ''.
+ computer name is used, specified as an empty string ''.
+ This option is only meaningful on platforms that support Rendezvous.
+ This option can only be set at server start.
|
-h x
- virtual_host = x
+ listen_addresses = x
|
-i
- tcpip_socket = on
+ listen_addresses = '*'
|
-k x
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.375 2004/03/15 16:18:42 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.376 2004/03/23 01:23:48 tgl Exp $
*
* NOTES
*
/* The socket number we are listening for connections on */
int PostPortNumber;
char *UnixSocketDir;
-char *VirtualHost ;
+char *ListenAddresses ;
/*
* MaxBackends is the limit on the number of backends we can start.
static int SendStop = false;
/* still more option variables */
-bool NetServer = false; /* listen on TCP/IP */
bool EnableSSL = false;
bool SilentMode = false; /* silent mode (-S) */
SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
break;
case 'h':
- SetConfigOption("virtual_host ", optarg, PGC_POSTMASTER, PGC_S_ARGV);
+ SetConfigOption("listen_addresses ", optarg, PGC_POSTMASTER, PGC_S_ARGV);
break;
case 'i':
- SetConfigOption("tcpip_socket", "true ", PGC_POSTMASTER, PGC_S_ARGV);
+ SetConfigOption("listen_addresses", "* ", PGC_POSTMASTER, PGC_S_ARGV);
break;
case 'k':
SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
* Initialize SSL library, if specified.
*/
#ifdef USE_SSL
- if (EnableSSL && !NetServer)
- {
- postmaster_error("TCP/IP connections must be enabled for SSL");
- ExitPostmaster(1);
- }
if (EnableSSL)
secure_initialize();
#endif
for (i = 0; i < MAXLISTEN; i++)
ListenSocket[i] = -1;
- if (NetServer )
+ if (ListenAddresses )
{
- if (VirtualHost && VirtualHost[0])
- {
- char *curhost,
- *endptr;
- char c = 0;
+ char *curhost,
+ *endptr;
+ char c;
- curhost = VirtualHost;
- for (;;)
- {
- while (*curhost == ' ') /* skip any extra spaces */
- curhost++;
- if (*curhost == '\0')
- break;
- endptr = strchr(curhost, ' ');
- if (endptr)
- {
- c = *endptr;
- *endptr = '\0';
- }
+ curhost = ListenAddresses;
+ for (;;)
+ {
+ /* ignore whitespace */
+ while (isspace((unsigned char) *curhost))
+ curhost++;
+ if (*curhost == '\0')
+ break;
+ endptr = curhost;
+ while (*endptr != '\0' && !isspace((unsigned char) *endptr))
+ endptr++;
+ c = *endptr;
+ *endptr = '\0';
+ if (strcmp(curhost,"*") == 0)
+ status = StreamServerPort(AF_UNSPEC, NULL,
+ (unsigned short) PostPortNumber,
+ UnixSocketDir,
+ ListenSocket, MAXLISTEN);
+ else
status = StreamServerPort(AF_UNSPEC, curhost,
(unsigned short) PostPortNumber,
UnixSocketDir,
ListenSocket, MAXLISTEN);
- if (status != STATUS_OK)
- ereport(FATAL,
- (errmsg("could not create listen socket for \"%s\"",
- curhost)));
- if (endptr)
- {
- *endptr = c;
- curhost = endptr + 1;
- }
- else
- break;
- }
- }
- else
- {
- status = StreamServerPort(AF_UNSPEC, NULL,
- (unsigned short) PostPortNumber,
- UnixSocketDir,
- ListenSocket, MAXLISTEN);
if (status != STATUS_OK)
- ereport(FATAL,
- (errmsg("could not create TCP/IP listen socket")));
+ ereport(WARNING,
+ (errmsg("could not create listen socket for \"%s\"",
+ curhost)));
+ *endptr = c;
+ if (c != '\0')
+ curhost = endptr+1;
+ else
+ break;
}
+ }
#ifdef USE_RENDEZVOUS
- if (rendezvous_name != NULL)
- {
- DNSServiceRegistrationCreate(rendezvous_name,
- "_postgresql._tcp.",
- "",
- htonl(PostPortNumber),
- "",
- (DNSServiceRegistrationReply) reg_reply,
- NULL);
- }
-#endif
+ /* Register for Rendezvous only if we opened TCP socket(s) */
+ if (ListenSocket[0] != -1 && rendezvous_name != NULL)
+ {
+ DNSServiceRegistrationCreate(rendezvous_name,
+ "_postgresql._tcp.",
+ "",
+ htonl(PostPortNumber),
+ "",
+ (DNSServiceRegistrationReply) reg_reply,
+ NULL);
}
+#endif
#ifdef HAVE_UNIX_SOCKETS
status = StreamServerPort(AF_UNIX, NULL,
UnixSocketDir,
ListenSocket, MAXLISTEN);
if (status != STATUS_OK)
- ereport(FATAL ,
+ ereport(WARNING ,
(errmsg("could not create Unix-domain socket")));
#endif
+ /*
+ * check that we have some socket to listen on
+ */
+ if (ListenSocket[0] == -1)
+ ereport(FATAL,
+ (errmsg("no socket configured to listen on")));
+
XLOGPathInit();
/*
* Written by Peter Eisentraut
. *
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.191 2004/03/22 03:15:29 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.192 2004/03/23 01:23:48 tgl Exp $
*
*--------------------------------------------------------------------
*/
&session_auth_is_superuser,
false, NULL, NULL
},
- {
- {"tcpip_socket", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
- gettext_noop("Makes the server accept TCP/IP connections."),
- NULL
- },
- &NetServer,
- false, NULL, NULL
- },
{
{"ssl", PGC_POSTMASTER, CONN_AUTH_SECURITY,
gettext_noop("Enables SSL connections."),
},
{
- {"virtual_host ", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
- gettext_noop("Sets the host name or IP address to listen to."),
+ {"listen_addresses ", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
+ gettext_noop("Sets the host name or IP addresses to listen to."),
NULL
},
- &VirtualHost ,
- "", NULL, NULL
+ &ListenAddresses ,
+ "localhost ", NULL, NULL
},
{
# - Connection Settings -
-#tcpip_socket = false
+#listen_addresses = 'localhost' # what IP interface(s) to listen on;
+ # defaults to localhost, '*' = any
+#port = 5432
#max_connections = 100
# note: increasing max_connections costs about 500 bytes of shared
# memory per connection slot, in addition to costs from shared_buffers
# and max_locks_per_transaction.
#superuser_reserved_connections = 2
-#port = 5432
#unix_socket_directory = ''
#unix_socket_group = ''
#unix_socket_permissions = 0777 # octal
-#virtual_host = '' # what interface to listen on; defaults to any
#rendezvous_name = '' # defaults to the computer name
# - Security & Authentication -
*
* Copyright (c) 2000-2003, PostgreSQL Global Development Group
*
- * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.101 2004/02/03 17:34:03 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.102 2004/03/23 01:23:48 tgl Exp $
*/
/*----------------------------------------------------------------------
"syslog",
"syslog_facility",
"syslog_ident",
- "tcpip_socket",
"TimeZone",
"trace_notify",
"transform_null_equals",
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.153 2004/02/10 03:42:45 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.154 2004/03/23 01:23:48 tgl Exp $
*
* NOTES
* some of the information in this file should be moved to
* A few postmaster startup options are exported here so the
* configuration file processor can access them.
*/
-extern bool NetServer;
extern bool EnableSSL;
extern bool SilentMode;
extern int MaxBackends;
extern int Unix_socket_permissions;
extern char *Unix_socket_group;
extern char *UnixSocketDir;
-extern char *VirtualHost ;
+extern char *ListenAddresses ;
/*****************************************************************************
projects / postgresql.git / commitdiff