apache - Unable to connect to Postgres via PHP but can connect from command line and PgAdmin on different machine -
i've had quick search around (about 30 minutes) , tried few bits, nothing seems work. please note i'm no linux expert (i can basic stuff, simple installs, configurations etc) of config have may wrong, don't see it! (feel free correct of configs below)
the setup
i have running instance of postgresql 9.3 on red hat enterprise linux server release 7.1 (maipo) box. it's running selinux , iptables.
iptables config (added in 80, 443 , 5432.. , 22, done before...)
# sample configuration iptables service # can edit manually or use system-config-firewall # please not ask add additional ports/services default configuration *filter :input accept [0:0] :forward accept [0:0] :output accept [0:0] -a input -m state --state related,established -j accept -a input -p icmp -j accept -a input -i lo -j accept -a input -p tcp -m state --state new -m tcp --dport 22 -j accept -a input -m state --state new -m tcp -p tcp --dport 5432 -j accept -a input -m state --state new -p tcp --dport 80 -j accept -a input -m state --state new -p tcp --dport 443 -j accept -a input -j reject --reject-with icmp-host-prohibited -a forward -j reject --reject-with icmp-host-prohibited commit postgresql pg_hba.cong (deleted comments)
# type database user address method local ident host 127.0.0.1/32 md5 host ::1/128 md5 host 0.0.0.0/0 md5 postgresql.conf (only changed listen address)
listen_addresses = '*' setup new users
$ sudo -u postgres /usr/pgsql-9.3/bin/createuser -s "pgadmin" $ sudo -u postgres /usr/pgsql-9.3/bin/createuser "webuser" $ sudo -u postgres psql postgres=# alter role "pgadmin" password 'weakpassword'; alter role postgres=# alter role "webuser" password 'anotherweakpassword'; alter role postgres=# \q test connection
psql -u [pgadmin|webuser] -h [localhost|127.0.0.1|hostname] -w postgres password user [pgadmin|webuser]: [weakpassword|anotherweakpassword] psql (9.3.7) type "help" help. postgres=# \q as can see tested 127.0.0.1, localhost , hostname on command line make sure connect use 3 identifiers both different accounts.
i've connected using pgadmin windows box, , connects using hostname , ip address using both users.
the problem...
the problem comes when try connect php via apache (it doesn't happen if run same script on command line)
php test script
<?php error_reporting( e_all ); ini_set('display_errors', '1'); $conn1 = pg_connect("host='localhost' port='5432' user='pgadmin' password='weakpassword' dbname='postgres'"); $conn2 = pg_connect("host='127.0.0.1' port='5432' user='pgadmin' password='weakpassword' dbname='postgres'"); $conn3 = pg_connect("host='localhost' port='5432' user='webuser' password='anotherweakpassword' dbname='postgres'"); $conn4 = pg_connect("host='127.0.0.1' port='5432' user='webuser' password='anotherweakpassword' dbname='postgres'"); $status1 = pg_connection_status( $conn1 ); $status2 = pg_connection_status( $conn2 ); $status3 = pg_connection_status( $conn3 ); $status4 = pg_connection_status( $conn4 ); # check connection if ( $status1 === false || $status1 === pgsql_connection_bad || $status2 === false || $status2 === pgsql_connection_bad || $status3 === false || $status3 === pgsql_connection_bad || $status4 === false || $status4 === pgsql_connection_bad ) { throw new exception("i'm broken"); } # query $res1 = pg_query( $conn1, "select * pg_type limit 1" ); $res2 = pg_query( $conn2, "select * pg_type limit 1" ); $res3 = pg_query( $conn3, "select * pg_type limit 1" ); $res4 = pg_query( $conn4, "select * pg_type limit 1" ); # test 1 result. $row1 = pg_fetch_row($res1); $row2 = pg_fetch_row($res2); $row3 = pg_fetch_row($res3); $row4 = pg_fetch_row($res4); echo $row1[0] . "\n"; echo $row2[0] . "\n"; echo $row3[0] . "\n"; echo $row4[0] . "\n"; on command line following output (as expected)
bool bool bool bool but in browser following
warning: pg_connect(): unable connect postgresql server: not connect server: permission denied server running on host "localhost" (::1) , accepting tcp/ip connections on port 5432? not connect server: permission denied server running on host "localhost" (127.0.0.1) , accepting tcp/ip connections on port 5432? in /var/www/html/test.php on line 6 warning: pg_connect(): unable connect postgresql server: not connect server: permission denied server running on host "127.0.0.1" , accepting tcp/ip connections on port 5432? in /var/www/html/test.php on line 7 warning: pg_connect(): unable connect postgresql server: not connect server: permission denied server running on host "localhost" (::1) , accepting tcp/ip connections on port 5432? not connect server: permission denied server running on host "localhost" (127.0.0.1) , accepting tcp/ip connections on port 5432? in /var/www/html/test.php on line 8 warning: pg_connect(): unable connect postgresql server: not connect server: permission denied server running on host "127.0.0.1" , accepting tcp/ip connections on port 5432? in /var/www/html/test.php on line 9 fatal error: uncaught exception 'exception' message 'i'm broken' in /var/www/html/test.php:25 stack trace: #0 {main} thrown in /var/www/html/test.php on line 25 i've got feeling it's iptables not allowing connect when coming through apache reason, i'm stumped (i bet it's stupidly simple)
i think covers everything...
help me stack overflow, you're hope!
ok... answered... problem selinux. needed run following....
setsebool -p httpd_can_network_connect_db on also if need check if selinux causing issues can turned off following
setenforce 0 then once finished
setenforce 1 anyways, done... onwards!
Comments
Post a Comment