Skip to main content

Accessing PostgreSQL Data Source through the Gateway

NineData supports accessing PostgreSQL data sources through a gateway, allowing you to connect to PostgreSQL without providing an external address, even if it's in a private or dedicated network environment.

Prerequisites

  • The host where the gateway is deployed must be within the PostgreSQL data source's intranet environment and must be able to access the PostgreSQL data source smoothly through the intranet.
  • The host where the gateway is deployed must have internet access. If your host cannot access the internet and is within a local area network, you can deploy a proxy gateway. For more information, see Using a Proxy Gateway.

Step 1: Deploy the Gateway

This step is applicable to hosts that can access the public network. If your host cannot access the public network and is in the local area network, see Using Proxy Gateway to deploy the gateway.

  1. Log in to the NineData console on the host where the gateway needs to be deployed.

  2. In the left navigation pane, click >.

  3. Click in the upper right corner of the page.

  4. Configure the parameters based on the following table.

    ParameterDescription
    The name of the gateway. For easy searching and management, manual specification is supported.
    Select the operating system of the host where the gateway needs to be deployed, and the corresponding gateway installation method is displayed. The following operating systems are supported:
    • Windows(x86_64)
    • Linux(x86_64)
    • macOS
    Select the region closest to the host where the gateway is deployed to obtain relatively fast access speed.
    No configuration required.
  5. Install and configure the gateway on the host of the deployment end based on the installation method displayed below. After the configuration is completed, the connection diagram on the right side of the page changes from to .

  6. Click on , select the desired data source in the pop-up window, and proceed to Step 2.

Step 2: Access the PostgreSQL Data Source

  1. On the page, configure the parameters based on the table below.

    Parameter
    Description
    Enter the name of the data source. For ease of later retrieval and management, please use a meaningful name.
    Select .
    Select the gateway ID deployed in Step 1.
    Enter the access address and port of the PostgreSQL data source.
    • If PostgreSQL is installed on the local machine: Enter localhost or 127.0.0.1 for the address and the actual port of PostgreSQL for the port.
    • If PostgreSQL is installed on another host within the intranet: Enter the intranet IP of that host for the address and the actual port of PostgreSQL for the port.
    Enter the login username for PostgreSQL.
    Enter the login password for PostgreSQL.
    Select the region closest to your PostgreSQL host to effectively reduce network latency.
    Select according to the actual business purpose of the data source as an environment identifier for the data source. The default provides the and environments, and also supports you to create a custom environment.
    Note: In organization mode, the database environment can also be applied to permission policy management. For example, the default role only supports access to data sources in the environment and cannot access data sources in other environments. For more information, see Managing Roles.
    Specify whether to use SSL encryption to access the data source (default is off). If the data source requires SSL encryption, you must enable this switch; otherwise, the connection will fail.
    Click the switch on the right to enable or disable encryption transmission. Click the left of to expand detailed configurations.
    • : Supports four options:
      • Prefer: Automatically detects the SSL status of the server. If SSL is enabled on the server, it will connect via SSL. If SSL is not enabled on the server, it will connect without SSL.
      • Require: Always connects via SSL. If the server does not support this method or cannot establish an SSL connection for other reasons, the connection will fail.
      • Verify-CA: Upload a CA certificate to verify whether the server's certificate is signed by a trusted authority, preventing Man-in-the-Middle Attacks. Additionally, you can upload a client user certificate and key to verify your identity and encrypt communication with the server as needed.
      • Verify-full: On top of Verify-CA, verifies whether the server certificate's subject (e.g., hostname, IP address) matches the actual connected server to ensure connection security.
    • : Required when is Verify-CA or Verify-Full, specifies the CA certificate used to verify the server certificate.
    • (optional): If the server requests a client certificate, you must upload the client certificate to verify your identity. contains the user certificate (.pem) and key (.pk8).
    • : If the uploaded client key file is password-protected, enter the password here. Leave it blank if no password is set for the client key.
  2. After configuring all parameters, click on the right of to test whether the data source can be accessed normally. If is displayed, click to complete adding the data source. If not, please recheck the connection settings until the connection test succeeds.

Appendix: Using a Proxy Gateway

If the host where the gateway needs to be deployed cannot access the public network, a proxy gateway is needed. You need to prepare two hosts in the same LAN that can access each other:

  • Host A: A host that can access the public network.
  • Host B: The host where the gateway needs to be deployed.

Create a gateway in Host A. The role of this gateway is to act as a proxy so that Host B can connect to the NineData server through the proxy.

Procedure

  1. Log in to the NineData console on Host A.

  2. In the left navigation bar, click > .

  3. Click in the upper right corner of the page.

  4. Configure the parameters according to the following table.

    ParameterDescription
    The name of the gateway, which can be manually specified for easy search and management.
    Select the operating system of the host where the gateway needs to be deployed, and the corresponding gateway installation method will be displayed. The following operating systems are supported:
    • Windows (x86_64)
    • Linux (x86_64)
    • macOS
    Select the region closest to the host where the gateway is deployed to obtain relatively fast access speed.
    No need to configure.
  5. Install and configure the gateway in Host A according to the installation method displayed below. After the configuration is completed, the connection diagram on the right side of the page will change from to .

  6. Click , and then click in the upper right corner of the page again.

  7. In , select the operating system of Host B.

  8. Click , select , and click the drop-down box below . Select the gateway created in Host A from the drop-down menu.

    tip

    At this point, the gateway process will automatically open a port on Host A for Host B's access. When the page prompts "xxx has enabled proxy function, port xxx", it means that the proxy gateway has been successfully opened.

  9. Install the gateway on Host B according to the installation steps displayed below.

  10. Wait for the connection diagram on the right side of the page to change from to .

  11. Click to enter Step 2.