On 6/19/23 05:33, Peter J. Holzer wrote:
[snip]
> You cant setup firewall rules basedon dns names. firewall rules are based on
>> ip adresses and dns resolution happens on rule creation.
>> I dont have an example for nginx. As I remember nginx resolves dns names
>> only for variables. So setup a variable with your hostname and use this
>> variable in your server definition.
> As Francisco already pointed out, this can't work with nginx either. The
> client resolves the alias and the TCP packets only contain the IP
> address, not the alias which was used to get that address. So nginx
> simply doesn't have that information and therefore can't act on it.
>
> For HTTP this works because the HTTP protocol contains a Host field
> which the client fills with the name it used. But the Postgres protocol
> has no such information (and in any case nginx probably doesn't
> understand that protocol anyway).
>
> So (again, as Francisco already wrote) the best way is probably to write
> a simple proxy which uses the database (not DNS) name for routing. I
> seem to remember that nginx has a plugin architecture for protocols so
> it might make sense to write that as an nginx plugin instead of a
> standalone server, but that's really a judgement call the programmer has
> to make. Another possibility would of course be to extend pgbouncer to
> do what the OP needs.
How would this work with JDBC clients?
--
Born in Arizona, moved to Babylonia.
