All Products
Search
Document Center

The request to connect to an apsaradb RDS for PostgreSQL or PPAS instance is interrupted

Last Updated: Oct 09, 2021

Problem description

When the client attempts to connect to the apsaradb RDS for PostgreSQL or PPAS instance, if the connection is interrupted, one of the following errors is displayed:

  • server closed the connection unexpectedly This probably means the server terminated abnormallybefore or while processing the request.
  • Error connecting to the server: FATAL: no pg_hba.conf entry

Fixes

Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify such information in a timely manner.

This topic describes two solutions for scenarios where you cannot access RDS:

Why can't an ECS instance access RDS through the internal network?

  1. Check whether the internal IP address of the ECS instance is added to the whitelist of the RDS instance. If not, you can view the instance IP on the instances page.
  2. Then add a whitelist in the RDS console. For more information, see set whitelists.
  3. Check whether the whitelist is set to 0.0.0.0, and the correct format is 0.0.0.0/0.
    Note: This IP address is used with caution because it allows any device to access the RDS instance.
  4. If you have enabled the enhanced whitelist mode, perform the following checks:

    • If your RDS instance resides in a VPC and is accessed by using its internal endpoint, make sure that the internal IP address of your ECS instance is added to the IP address whitelist labeled default VPC.
    • If your RDS instance resides in the classic network and is accessed by using its internal endpoint, make sure that the internal IP address of your ECS instance is added to the IP address whitelist labeled default Classic Network.

Solution to a device other than ECS instances being unable to access RDS

When a device (for example, an ECS instance) accesses an RDS instance, it can connect to the RDS instance over the Internet. If you fail to connect to the instance by using the Internet address, the solution is as follows:

  1. Check whether an RDS whitelist is set. If the IP address is not configured, see set whitelist.
  2. Check whether the whitelist is set to 0.0.0.0. An IP address whitelist must contain entries similar to 0.0.0.0/0.
    Note: This IP address is used with caution because it allows any device to access the RDS instance.
  3. If you have enabled the enhanced whitelist mode, make sure that the public IP address of the device is added to the IP address whitelist of the classic network.
    Note: instances in VPCs are not accessible over the Internet.
  4. If you have configured a whitelist, the connection failure may be caused by the fact that the public IP address you added to the whitelist is not the real egress IP address of the device. The reason is as follows.
    Note: For more information about how to obtain the public IP address of a server, see locate local IP.
    • Public IP addresses dynamically change.
    • The tool or website that you use to query public IP addresses returns inaccurate results.

Application scope

  • ApsaraDB RDS for PostgreSQL
  • ApsaraDB RDS for PPAS