mirror of
https://codeberg.org/hyperreal/techne
synced 2024-11-01 14:23:06 +01:00
46 lines
1.4 KiB
Org Mode
46 lines
1.4 KiB
Org Mode
|
#+title: PostgreSQL
|
||
|
|
#+setupfile: ../org-templates/page.org
|
||
|
|
|
||
|
|
** Change password for user
|
||
|
|
#+begin_src shell
|
||
|
|
sudo -u user_name psql db_name
|
||
|
|
#+end_src
|
||
|
|
|
||
|
|
#+begin_src sql
|
||
|
|
ALTER USER user_name WITH PASSWORD 'new_password';
|
||
|
|
#+end_src
|
||
|
|
|
||
|
|
** Update password auth method to SCRAM
|
||
|
|
Edit ~/etc/postgresql/16/main/postgresql.conf~:
|
||
|
|
#+BEGIN_SRC shell
|
||
|
|
password_encryption = scram-sha-256
|
||
|
|
#+END_SRC
|
||
|
|
|
||
|
|
Restart postgresql.service:
|
||
|
|
#+BEGIN_SRC shell
|
||
|
|
sudo systemctl restart postgresql.service
|
||
|
|
#+END_SRC
|
||
|
|
|
||
|
|
At this point, any services using the old MD5 auth method will fail to connect to their PostgreSQL databases.
|
||
|
|
|
||
|
|
Update the settings in ~/etc/postgresql/16/main/pg_hba.conf~:
|
||
|
|
#+BEGIN_SRC shell
|
||
|
|
TYPE DATABASE USER ADDRESS METHOD
|
||
|
|
local all mastodon scram-sha-256
|
||
|
|
local all synapse_user scram-sha-256
|
||
|
|
#+END_SRC
|
||
|
|
|
||
|
|
Enter a psql shell and determine who needs to upgrade their auth method:
|
||
|
|
#+BEGIN_SRC sql
|
||
|
|
SELECT rolname, rolpassword ~ '^SCRAM-SHA-256\$' AS has_upgraded FROM pg_authid WHERE rolcanlogin;
|
||
|
|
|
||
|
|
\password username
|
||
|
|
#+END_SRC
|
||
|
|
|
||
|
|
Restart postgresql.service and all services using a PostgreSQL database:
|
||
|
|
#+BEGIN_SRC shell
|
||
|
|
sudo systemctl restart postgresql.service
|
||
|
|
sudo systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
|
||
|
|
sudo systemctl restart matrix-synapse.service
|
||
|
|
#+END_SRC
|