You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/postgresql/flexible-server/concepts-firewall-rules.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,22 +19,22 @@ With public access, the Azure Database for PostgreSQL flexible server instance i
19
19
20
20
You can create firewall rules by using the Azure portal or by using Azure CLI commands. You must be the subscription owner or a subscription contributor.
21
21
22
-
Server-level firewall rules apply to all databases on the same Azure Database for MySQL flexible server instance. The rules don't affect access to the Azure portal website.
22
+
Server-level firewall rules apply to all databases on the same Azure Database for PostgreSQL flexible server instance. The rules don't affect access to the Azure portal website.
23
23
24
-
The following diagram shows how connection attempts from the internet and Azure must pass through the firewall before they can reach Azure Database for MySQL flexible server databases:
24
+
The following diagram shows how connection attempts from the internet and Azure must pass through the firewall before they can reach Azure Database for PostgreSQL flexible server databases:
25
25
26
26
:::image type="content" source="../media/concepts-firewall-rules/1-firewall-concept.png" alt-text="Diagram that shows an overview of how the firewall works.":::
27
27
28
28
## Connect from the internet
29
29
If the source IP address of the request is within one of the ranges specified in the server-level firewall rules, the connection is granted. Otherwise, it's rejected.
30
30
31
-
For example, if your application connects with a Java Database Connectivity (JDBC) driver for Azure Database for MySQL flexible server, you might encounter this error because the firewall is blocking the connection:
31
+
For example, if your application connects with a Java Database Connectivity (JDBC) driver for Azure Database for PostgreSQL flexible server, you might encounter this error because the firewall is blocking the connection:
> org.postgresql.util.PSQLException: FATAL: no pg\_hba.conf entry for host "123.45.67.890", user "adminuser", database "postgresql", SSL
35
35
36
36
> [!NOTE]
37
-
> To access Azure Database for MySQL flexible server from your local computer, ensure that the firewall on your network and local computer allow outgoing communication on TCP port 5432.
37
+
> To access Azure Database for PostgreSQL flexible server from your local computer, ensure that the firewall on your network and local computer allow outgoing communication on TCP port 5432.
38
38
39
39
## Connect from Azure
40
40
We recommend that you find the outgoing IP address of any application or service and explicitly allow access to those individual IP addresses or ranges. For example, you can find the outgoing IP address of an Azure App Service app, or use a public IP address that's tied to a virtual machine.
@@ -52,22 +52,22 @@ If a fixed outgoing IP address isn't available for your Azure service, consider
52
52
## Programmatically manage firewall rules
53
53
In addition to using the Azure portal, you can manage firewall rules programmatically by using the Azure CLI.
54
54
55
-
From the Azure CLI, a firewall rule setting with a starting and ending address equal to 0.0.0.0 does the equivalent of the **Allow public access from any Azure service within Azure to this server** option in the portal. If firewall rules reject the connection attempt, the app won't reach the Azure Database for MySQL flexible server instance.
55
+
From the Azure CLI, a firewall rule setting with a starting and ending address equal to 0.0.0.0 does the equivalent of the **Allow public access from any Azure service within Azure to this server** option in the portal. If firewall rules reject the connection attempt, the app won't reach the Azure Database for PostgreSQL flexible server instance.
56
56
57
57
## Troubleshoot firewall problems
58
-
Consider the following possibilities when access to an Azure Database for MySQL flexible server instance doesn't behave as you expect:
58
+
Consider the following possibilities when access to an Azure Database for PostgreSQL flexible server instance doesn't behave as you expect:
59
59
60
-
***Changes to the allowlist haven't taken effect yet**: Changes to the firewall configuration of an Azure Database for MySQL flexible server instance might take up to five minutes.
60
+
***Changes to the allowlist haven't taken effect yet**: Changes to the firewall configuration of an Azure Database for PostgreSQL flexible server instance might take up to five minutes.
61
61
62
-
***The sign-in isn't authorized, or an incorrect password was used**: If a sign-in doesn't have permissions on the Azure Database for MySQL flexible server instance or the password is incorrect, the connection to the server is denied. Creating a firewall setting only provides clients with an opportunity to try connecting to your server. Each client must still provide the necessary security credentials.
62
+
***The sign-in isn't authorized, or an incorrect password was used**: If a sign-in doesn't have permissions on the Azure Database for PostgreSQL flexible server instance or the password is incorrect, the connection to the server is denied. Creating a firewall setting only provides clients with an opportunity to try connecting to your server. Each client must still provide the necessary security credentials.
63
63
64
64
For example, the following error might appear if authentication fails for a JDBC client:
65
65
66
66
> java.util.concurrent.ExecutionException: java.lang.RuntimeException: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "yourusername"
67
67
68
68
***The firewall isn't allowing dynamic IP addresses**: If you have an internet connection with dynamic IP addressing and you're having trouble getting through the firewall, try one of the following solutions:
69
69
70
-
* Ask your internet service provider (ISP) for the IP address range assigned to your client computers that access the Azure Database for MySQL flexible server instance. Then add the IP address range as a firewall rule.
70
+
* Ask your internet service provider (ISP) for the IP address range assigned to your client computers that access the Azure Database for PostgreSQL flexible server instance. Then add the IP address range as a firewall rule.
71
71
72
72
* Get static IP addresses instead for your client computers, and then add the static IP addresses as a firewall rule.
73
73
@@ -76,5 +76,5 @@ Consider the following possibilities when access to an Azure Database for MySQL
76
76
77
77
## Next steps
78
78
79
-
*[Create and manage Azure Database for MySQL flexible server firewall rules by using the Azure portal](how-to-manage-firewall-portal.md)
80
-
*[Create and manage Azure Database for MySQL flexible server firewall rules by using the Azure CLI](how-to-manage-firewall-cli.md)
79
+
*[Create and manage Azure Database for PostgreSQL flexible server firewall rules by using the Azure portal](how-to-manage-firewall-portal.md)
80
+
*[Create and manage Azure Database for PostgreSQL flexible server firewall rules by using the Azure CLI](how-to-manage-firewall-cli.md)
Azure Database for PostgreSQL flexible server offers high availability configurations with automatic failover capabilities. The high availability solution is designed to ensure that committed data is never lost because of failures and that the database won't be a single point of failure in your architecture. When high availability is configured, Azure Database for MySQL flexible server automatically provisions and manages a standby. Write-ahead-logs (WAL) is streamed to the replica in synchronous mode using PostgreSQL streaming replication. There are two high availability architectural models:
16
+
Azure Database for PostgreSQL flexible server offers high availability configurations with automatic failover capabilities. The high availability solution is designed to ensure that committed data is never lost because of failures and that the database won't be a single point of failure in your architecture. When high availability is configured, Azure Database for PostgreSQL - Flexible Server automatically provisions and manages a standby. Write-ahead-logs (WAL) is streamed to the replica in synchronous mode using PostgreSQL streaming replication. There are two high availability architectural models:
17
17
18
18
***Zone-redundant HA**: This option provides a complete isolation and redundancy of infrastructure across multiple availability zones within a region. It provides the highest level of availability, but it requires you to configure application redundancy across availability zones. Zone-redundant HA is preferred when you want protection from availability zone failures. However, one should account for added latency for cross-AZ synchronous writes. This latency is more pronounced for applications with short duration transactions. Zone-redundant HA is available in a [subset of Azure regions](./overview.md#azure-regions) where the region supports multiple [availability zones](../../availability-zones/az-overview.md). Uptime [SLA of 99.99%](https://azure.microsoft.com/support/legal/sla/postgresql) is offered in this configuration.
19
19
***Same-zone HA**: This option provides for infrastructure redundancy with lower network latency because the primary and standby servers will be in the same availability zone. It provides high availability without the need to configure application redundancy across zones. Same-zone HA is preferred when you want to achieve the highest level of availability within a single availability zone. This option lowers the latency impact but makes your application vulnerable to zone failures. Same-zone HA is available in all [Azure regions](./overview.md#azure-regions) where you can deploy Azure Database for PostgreSQL flexible server. Uptime [SLA of 99.95%](https://azure.microsoft.com/support/legal/sla/postgresql) offered in this configuration.
Copy file name to clipboardExpand all lines: articles/postgresql/flexible-server/how-to-troubleshoot-cli-errors.md
+17-17Lines changed: 17 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,23 +55,23 @@ Currently, Azure CLI doesn't support turning on debug logging, but you can retri
55
55
56
56
## Error codes
57
57
58
-
| Error code | Mitigation |
59
-
| ---------- |----------|
60
-
|MissingSubscriptionRegistration|Register your subscription with the resource provider. Run the command `az provider register --namespace Microsoft.DBPostgreSQL` to resolve the issue.|
61
-
|InternalServerError| Try to view the activity logs for your server to see if there's more information. Run the command `az monitor activity-log list --correlation-id <enter correlation-id>`. You can try the same CLI command after a few minutes. If the issues persists, [report it](https://github.com/Azure/azure-cli/issues) or reach out to Microsoft support.|
62
-
|ResourceNotFound| Resource being referenced can't be found. You can check resource properties, or check if resource is deleted or check if the resource is another subscription. |
63
-
|LocationNotAvailableForResourceType| - Check availability of Azure Database for PostgreSQL flexible server in [Azure regions](https://azure.microsoft.com/global-infrastructure/services/?products=postgresql). <br>- Check if Azure Database for PostgreSQL flexible server Resource types is registered with your subscription. |
64
-
|ResourceGroupBeingDeleted| Resource group is being deleted. Wait for deletion to complete.|
65
-
|PasswordTooLong| The provided password is too long. It must contain between 8 and 128 characters. Your password must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.).|
66
-
|PasswordNotComplex| The provided password isn't complex enough. It must contain between 8 and 128 characters. Your password must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.).|
67
-
|PasswordTooShort| Your password must contain between 8 and 128 characters. It must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.).|
68
-
|SubscriptionNotFound| The requested subscription wasn't found. Run `az account list all` to see all your current subscriptions.|
69
-
|InvalidParameterValue| An invalid value was given to a parameter. Check the [CLI reference docs](/cli/azure/postgres/flexible-server) to see what is the correct values supported for the arguments.|
70
-
|InvalidLocation| An invalid location was specified. Check availability of Azure Database for PostgreSQL flexible server in [Azure regions](https://azure.microsoft.com/global-infrastructure/services/?products=postgresql). |
71
-
|InvalidServerName|Identified an invalid server name. Check the server name. Run the command [az mysql flexible-server list](/cli/azure/mysql/flexible-server#az-mysql-flexible-server-list) to see all the list of Azure Database for PostgreSQL flexible server instances available.|
72
-
|InvalidResourceIdSegment| A syntax error was identified in your Azure Resource Manager template. Use a JSON formatter tool to validate the JSON to identify the syntax error.|
73
-
|InvalidUserName| Enter a valid username. The admin user name can't be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It can't start with pg_.|
74
-
|BlockedUserName| The admin user name can't be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It can't start with pg_. Avoid using these patterns in the admin name.|
|MissingSubscriptionRegistration|Register your subscription with the resource provider. Run the command `az provider register --namespace Microsoft.DBPostgreSQL` to resolve the issue.|
61
+
|InternalServerError| Try to view the activity logs for your server to see if there's more information. Run the command `az monitor activity-log list --correlation-id <enter correlation-id>`. You can try the same CLI command after a few minutes. If the issues persists, [report it](https://github.com/Azure/azure-cli/issues) or reach out to Microsoft support.|
62
+
|ResourceNotFound| Resource being referenced can't be found. You can check resource properties, or check if resource is deleted or check if the resource is another subscription. |
63
+
|LocationNotAvailableForResourceType| - Check availability of Azure Database for PostgreSQL flexible server in [Azure regions](https://azure.microsoft.com/global-infrastructure/services/?products=postgresql). <br>- Check if Azure Database for PostgreSQL flexible server Resource types is registered with your subscription. |
64
+
|ResourceGroupBeingDeleted| Resource group is being deleted. Wait for deletion to complete.|
65
+
|PasswordTooLong| The provided password is too long. It must contain between 8 and 128 characters. Your password must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.).|
66
+
|PasswordNotComplex| The provided password isn't complex enough. It must contain between 8 and 128 characters. Your password must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.).|
67
+
|PasswordTooShort| Your password must contain between 8 and 128 characters. It must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers (0 through 9), and non-alphanumeric characters (!, $, #, %, etc.).|
68
+
|SubscriptionNotFound| The requested subscription wasn't found. Run `az account list all` to see all your current subscriptions.|
69
+
|InvalidParameterValue| An invalid value was given to a parameter. Check the [CLI reference docs](/cli/azure/postgres/flexible-server) to see what is the correct values supported for the arguments.|
70
+
|InvalidLocation| An invalid location was specified. Check availability of Azure Database for PostgreSQL flexible server in [Azure regions](https://azure.microsoft.com/global-infrastructure/services/?products=postgresql). |
71
+
|InvalidServerName|Identified an invalid server name. Check the server name. Run the command [az postgres flexible-server list](/cli/azure/postgres/flexible-server#az-postgres-server-list) to see all the list of Azure Database for PostgreSQL flexible server instances available.|
72
+
|InvalidResourceIdSegment| A syntax error was identified in your Azure Resource Manager template. Use a JSON formatter tool to validate the JSON to identify the syntax error.|
73
+
|InvalidUserName| Enter a valid username. The admin user name can't be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It can't start with pg_.|
74
+
|BlockedUserName| The admin user name can't be azure_superuser, azure_pg_admin, admin, administrator, root, guest, or public. It can't start with pg_. Avoid using these patterns in the admin name.|
0 commit comments