On Wed, 13 Mar 2019 at 21:21, Mark H. Wood <mwoodiu...@gmail.com> wrote:
> On Wednesday, March 13, 2019 at 6:37:55 AM UTC-4, Ashim Kapoor wrote: >> >> On this page : >> https://wiki.duraspace.org/display/DSDOC6x/Installing+DSpace#InstallingDSpace-RelationalDatabase:(PostgreSQLorOracle) >> it says :- >> >> Once installed, you need to enable TCP/IP connections (DSpace uses JDBC): >> >> - In postgresql.conf: uncomment the line starting: listen_addresses = >> 'localhost'. This is the default, in recent PostgreSQL releases, but >> you should at least check it. >> - Then tighten up security a bit by editing pg_hba.conf and adding >> this line: host dspace dspace 127.0.0.1 255.255.255.255 md5. This >> should appear *before* any lines matching all databases, because the >> first matching rule governs. >> >> My query is : should I make the above mentioned line the second entry in >> the following file ? The file says that the first entry should not be >> changed. >> >> This is my pg_hba.conf :- >> >> # DO NOT DISABLE! >> # If you change this first entry you will need to make sure that the >> # database superuser can access the database using some other method. >> # Noninteractive access to all databases is required during automatic >> # maintenance (custom daily cronjobs, replication, and similar tasks). >> # >> # Database administrative login by Unix domain socket >> local all postgres peer >> >> # TYPE DATABASE USER ADDRESS METHOD >> >> # "local" is for Unix domain socket connections only >> local all all peer >> # IPv4 local connections: >> > > I would place it here. > > >> host all all 127.0.0.1/32 md5 >> # IPv6 local connections: >> host all all ::1/128 md5 >> # Allow replication connections from localhost, by a user with the >> # replication privilege. >> #local replication postgres peer >> #host replication postgres 127.0.0.1/32 md5 >> #host replication postgres ::1/128 md5 >> (END) >> >> I have a general query : ( I don't have mastery over using databases.). >> The web request is handled by Tomcat. And tomcat interacts with the >> database. So won't the request originate on the same host as Tomcat is on >> the same host. >> > > Yes. > > >> Accordingly the new entry should start with local and not with host ? >> Where do I misunderstand ? >> >> > > In pg_hba.conf, lines that start with 'local' describe connections via a > Unix-domain socket, not an IP connection. The 'psql' command that comes > with PostgreSQL can use 'local' connections. The library used by DSpace to > make database connections does not use Unix-domain sockets, so we can't use > 'local' for DSpace. > > Lines that start with 'host' are appropriate for IP connections, which is > what DSpace will always use. The host with address '127.0.0.1' is the > local host, and those addresses are typically mapped to the name > 'localhost'. So the suggested "host dspace dspace 127.0.0.1 > 255.255.255.255 md5" allows IP connections from the local host (the same > machine) to the database 'dspace' by the PostgreSQL user 'dspace', using > that user's PostgreSQL password hashed using the MD5 algorithm for > secrecy. In [DSpace]/config/dspace.cfg and local.cfg you will find that > 'db.url' is set to connect to 'localhost', so DSpace will request IP > ("host") connections from 127.0.0.1 to 127.0.0.1. > Corresponding to :- "host dspace dspace 127.0.0.1 255.255.255.255 md5" Where are the instructions for DSPACE to respond with md5 ? Can you please clarify ? To learn more about configuring and running PostgreSQL, you can find its > manuals at https://www.postgresql.org/docs/manuals/ . Pick the version > that you have installed. The meaning of lines in pg_hba.conf is discussed > in the Server Administration part, the Client Authentication chapter, the > section "the pg_hba.conf file". (Chapter 20, section 20.1 in the version > 11 manual.) > > -- > All messages to this mailing list should adhere to the DuraSpace Code of > Conduct: https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dspace-tech+unsubscr...@googlegroups.com. > To post to this group, send email to dspace-tech@googlegroups.com. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
