Setting up the PostgreSQL Listener

This section describes how to setup PostgreSQL listener. To learn first steps of creating listener, please follow Creating a listener section.

1. Go to SETTINGS tab, press the Show all button to expand supported protocols list.

2. Press PostgreSQL button in the Protocol field.

Note

TLS is always enabled for the PostgreSQL listener and cannot be disabled.

3. (Optional) Select the Legacy crypto checkbox to enable support for older encryption algorithms if your PostgreSQL clients require them.

4. In the Connection mode section, select desired connection mode.

Mode: bastion

Note

• User connects to the target host by including name along with account login on the target server and target server address in the login string, e.g. john_smith#root#192.168.0.110.

• For details on bastion connection mode, refer to Connection modes topic.

• Select bastion button in the Connection mode field.

• Select the IP address from the Local address drop-down list and enter port number.

Mode: proxy

Note

User connects to the target host by providing Fudo Enterprise IP address and port number which unambiguously identifies target host.

• Select proxy button in the Connection mode field.

• Select the the IP address from the Local address drop-down list and enter port number.

Note

• The Local address drop-down list elements are IP address defined in the Network configuration menu (Network Interfaces Configuration) or labeled IP addresses (Labeled IP Addresses).

• Selecting the Any option will result in Fudo listening on all configured IP addresses.

• When a Listener is configured with User Access Gateway as the local address, only one connection option is displayed after login to User Access Gateway for clarity, and the connection uses the address from the browser’s address bar together with the listener’s configured port.

• In case of cluster configuration, select a labeled IP address from the Local address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP Addresses topic.

5. In the Server certificate field, click Generate certificate to generate TLS certificate by choosing key algorithm and providing Common Name (server name where the certificate is installed), or click Upload to upload server certificate file with private key pasted at the end of the file. The rest of the required fields will be filled automatically. Allowed format of the server certificate file is PEM, although besides .pem, accepted file extensions are .txt and .cert.

Warning

For PostgreSQL listener, the certificate’s Common Name (CN) should match the hostname that clients will use to connect. Mismatched CN may cause certificate validation errors in PostgreSQL clients.

6. Click Save.

Note

• After creating the PostgreSQL listener, users can connect using the native PostgreSQL client, psql.

• The command used to establish the connection is available to the user after logging in to the User Access Gateway. For example:

psql postgres:1/85156504WW4NEopiQ0vePxbIqaXiEYcT:empty@<listener_address>[:port]/<database_name>

• The user must replace <database_name> with the correct database name.

Related topics:

• Data model

• Editing a Listener

• Deleting a Listener

• Blocking a Listener

• Unblocking a Listener

• Creating a PostgreSQL Server

• PostgreSQL