PostgreSQL /etc/postgresql/17/main/pg_hba.conf

Authentic ๐Ÿ“‹ Ubuntu 24.04 LTS (Noble Numbat) 133 lines

Compatibility

Currently viewing:
Ubuntu 24.04 LTS (Noble Numbat)
Also compatible:
Debian 11 (Bullseye) Debian 12 (Bookworm) Ubuntu 20.04 LTS (Focal Fossa) Ubuntu 22.04 LTS (Jammy Jellyfish)
Different versions:

File Info

Size
133 lines
MD5
7f6ef6767130d89c023bcad484b1afda
SHA256
ad0df9635890926d79a12d5627b68af6b85b6254fa23cace2bbe077838969c9e

Quick Commands

curl:
curl https://exampleconfig.com/api/v1/config/original/7f6ef6767130d89c023bcad484b1afda?hint=pg_hba.conf
wget:
wget -O pg_hba.conf https://exampleconfig.com/api/v1/config/original/7f6ef6767130d89c023bcad484b1afda?hint=pg_hba.conf
/etc/postgresql/17/main/pg_hba.conf
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.  A short
# synopsis follows.
#
# ----------------------
# Authentication Records
# ----------------------
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access.  Records take one of these forms:
#
# local         DATABASE  USER  METHOD  [OPTIONS]
# host          DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
# hostssl       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
# hostnossl     DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
# hostgssenc    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
# hostnogssenc  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type:
# - "local" is a Unix-domain socket
# - "host" is a TCP/IP socket (encrypted or not)
# - "hostssl" is a TCP/IP socket that is SSL-encrypted
# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, a regular expression (if it starts with a slash (/))
# or a comma-separated list thereof.  The "all" keyword does not match
# "replication".  Access to replication must be enabled in a separate
# record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", a
# regular expression (if it starts with a slash (/)) or a comma-separated
# list thereof.  In both the DATABASE and USER fields you can also write
# a file name prefixed with "@" to include names from a separate file.
#
# ADDRESS specifies the set of hosts the record matches.  It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask.  A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts.  Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE.  The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted.  Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# ---------------
# Include Records
# ---------------
#
# This file allows the inclusion of external files or directories holding
# more records, using the following keywords:
#
# include           FILE
# include_if_exists FILE
# include_dir       DIRECTORY
#
# FILE is the file name to include, and DIR is the directory name containing
# the file(s) to include.  Any file in a directory will be loaded if suffixed
# with ".conf".  The files of a directory are ordered by name.
# include_if_exists ignores missing files.  FILE and DIRECTORY can be
# specified as a relative or an absolute path, and can be double-quoted if
# they contain spaces.
#
# -------------
# Miscellaneous
# -------------
#
# This file is read on server startup and when the server receives a
# SIGHUP signal.  If you edit the file on a running system, you have to
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
# or execute "SELECT pg_reload_conf()".
#
# ----------------------------------
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records.  In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.




# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256
# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            scram-sha-256
host    replication     all             ::1/128                 scram-sha-256

How to Install PostgreSQL

Alpine Linux

sudo apk add postgresql

Debian

sudo apt update && sudo apt install postgresql

Red Hat Enterprise Linux

sudo yum install postgresql17-server

Ubuntu

sudo apt update && sudo apt install postgresql

Configuration File Location

File Path
/etc/postgresql/17/main/pg_hba.conf
Directory
/etc/postgresql/17/main/
Significance
System-wide configuration directory
Description
Files in /etc/ contain system-wide configuration settings that affect all users.

Complete PostgreSQL Configuration Guide

What is pg_hba.conf?
Access the original 'pg_hba.conf' (postgresql.conf) configuration file from a fresh PostgreSQL installation on Ubuntu 24.04 LTS (Noble Numbat). This is the exact default configuration that ships with the official PostgreSQL package, essential for database recovery, performance optimization, and understanding enterprise-grade settings.
Technical Details
Located at '/etc/postgresql/17/main/pg_hba.conf', this 133-line file controls shared buffers, WAL settings, autovacuum parameters, connection pooling, and query optimization. Powers some of the world's largest databases including Instagram, Spotify, and financial institutions processing millions of transactions daily.
Common Configuration Question
How do you configure PostgreSQL for optimal performance, high availability, and ACID compliance on Ubuntu 24.04?
Why Use This Configuration?
This factory-default configuration includes advanced indexing, full-text search capabilities, and enterprise security features. Critical for database administrators, data engineers, and developers building scalable applications with complex queries.

Frequently Asked Questions

When should I use this pg_hba.conf file?

Use this original configuration file when you need to restore PostgreSQL to its default state after misconfiguration, during fresh installations, or as a baseline for customization. It's particularly useful for troubleshooting when your current config isn't working properly.

How do I restore PostgreSQL to default settings?

Download this file and replace your current configuration at /etc/postgresql/17/main/pg_hba.conf. Make sure to backup your existing configuration first, then restart the PostgreSQL service to apply the changes.

Is this pg_hba.conf file secure for production use?

This is the factory-default configuration that ships with PostgreSQL on Ubuntu 24.04 LTS (Noble Numbat). While it provides a secure baseline, you should review and customize security settings based on your specific production requirements and compliance needs.

What's the difference between this and other OS versions?

This configuration is specifically from Ubuntu 24.04 LTS (Noble Numbat). Different operating systems and versions may have slightly different default settings, security patches, or feature availability. Check the compatibility section above for other OS versions.

Can I use this configuration file for PostgreSQL troubleshooting?

Yes, this original configuration is excellent for troubleshooting. Compare it with your current settings to identify modifications that might be causing issues, or temporarily replace your config with this one to isolate problems.