From e37c1666fdbde1ca49454924a63b7aa02e808936 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Wed, 19 Nov 2025 20:26:36 +0330 Subject: [PATCH 01/15] HAFSQL_PUBLIC_PORT_SSL & HAFSQL_PUBLIC_PORT_TCP --- .env.example | 3 +++ postgres-public/compose.postgres-public.yml | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index 3f41e4e..55b8c83 100644 --- a/.env.example +++ b/.env.example @@ -307,6 +307,9 @@ PUBLIC_HOSTNAME="your.hostname.com" # (Requires PostgreSQL 17+ client with libpq 17+) # - Port 5433 (Plain TCP): postgresql://user:pass@hostname:5433/haf_block_log # (Works with all PostgreSQL versions, but NOT encrypted) +# Can change the default ports of the above connection methods: +# HAFSQL_PUBLIC_PORT_SSL = 5432 +# HAFSQL_PUBLIC_PORT_TCP = 5433 # HAFSQL_PUBLIC_CONNECTION_LIMIT=5 # Maximum concurrent connections for public users # HafSQL diff --git a/postgres-public/compose.postgres-public.yml b/postgres-public/compose.postgres-public.yml index 11a879b..7dcf807 100644 --- a/postgres-public/compose.postgres-public.yml +++ b/postgres-public/compose.postgres-public.yml @@ -6,8 +6,8 @@ services: # Extend caddy service to expose PostgreSQL ports caddy: ports: - - 5432:5432 # TLS port for PostgreSQL 17+ clients (sslnegotiation=direct) - - 5433:5433 # Plain TCP port for all PostgreSQL clients + - ${HAFSQL_PUBLIC_PORT_SSL:-5432}:5432 # TLS port for PostgreSQL 17+ clients (sslnegotiation=direct) + - ${HAFSQL_PUBLIC_PORT_TCP:-5433}:5433 # Plain TCP port for all PostgreSQL clients volumes: - type: bind source: ./caddy/layer4-postgres-snippets @@ -51,6 +51,8 @@ services: PGBOUNCER_QUERY_WAIT_TIMEOUT: 60 PGBOUNCER_CLIENT_IDLE_TIMEOUT: 0 PGBOUNCER_CLIENT_LOGIN_TIMEOUT: 30 + # Ignore unsupported startup parameters to prevent connection errors + PGBOUNCER_IGNORE_STARTUP_PARAMETERS: extra_float_digits # Logging PGBOUNCER_LOG_CONNECTIONS: 1 PGBOUNCER_LOG_DISCONNECTIONS: 1 -- GitLab From c1f6632c7ab7ee576e86a6365a0b6c9d967b6458 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Wed, 19 Nov 2025 21:55:05 +0330 Subject: [PATCH 02/15] Update haf_base.yaml --- haf_base.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/haf_base.yaml b/haf_base.yaml index 60c005a..8743b0b 100644 --- a/haf_base.yaml +++ b/haf_base.yaml @@ -90,6 +90,10 @@ services: host haf_block_log hafsql_owner ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log hafsql_user ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log haf_admin ${COMPOSE_PROJECT_NAME}-hafsql-uninstall-1.${NETWORK_NAME} trust\n + + # Allow connections from all the containers on the compose network + host haf_block_log haf_admin samenet trust\n + " SHM_DIR: /home/hived/shm_dir ROCKSDB_DIR: /home/hived/rocksdb_dir -- GitLab From 3bdcac977618823d57f9785eb34309bb95a3ee84 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Wed, 19 Nov 2025 22:45:34 +0330 Subject: [PATCH 03/15] allow connections from all the containers on compose network --- haf_base.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/haf_base.yaml b/haf_base.yaml index 8743b0b..e2953bc 100644 --- a/haf_base.yaml +++ b/haf_base.yaml @@ -91,9 +91,8 @@ services: host haf_block_log hafsql_user ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log haf_admin ${COMPOSE_PROJECT_NAME}-hafsql-uninstall-1.${NETWORK_NAME} trust\n - # Allow connections from all the containers on the compose network + # Allow connections from all the containers on the compose network\n host haf_block_log haf_admin samenet trust\n - " SHM_DIR: /home/hived/shm_dir ROCKSDB_DIR: /home/hived/rocksdb_dir -- GitLab From e624c4a44868a0bcc5c9a6f754d568156fb7ff1b Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 01:59:07 +0330 Subject: [PATCH 04/15] fix connection error - ignore startup parameters --- pgbouncer/docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/pgbouncer/docker-entrypoint.sh b/pgbouncer/docker-entrypoint.sh index e7d038c..4a8f792 100644 --- a/pgbouncer/docker-entrypoint.sh +++ b/pgbouncer/docker-entrypoint.sh @@ -95,6 +95,7 @@ tcp_keepalive = ${PGBOUNCER_TCP_KEEPALIVE:-1} tcp_keepcnt = ${PGBOUNCER_TCP_KEEPCNT:-3} tcp_keepidle = ${PGBOUNCER_TCP_KEEPIDLE:-60} tcp_keepintvl = ${PGBOUNCER_TCP_KEEPINTVL:-10} +ignore_startup_parameters = ${PGBOUNCER_IGNORE_STARTUP_PARAMETERS:-extra_float_digits} ;; Logging log_connections = ${PGBOUNCER_LOG_CONNECTIONS:-0} -- GitLab From 6114c440a53d4848b7ccd16356803125eb022ae1 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 02:19:50 +0330 Subject: [PATCH 05/15] Attempt to fix missing pg_hba entry error --- postgres-public/compose.postgres-public.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/postgres-public/compose.postgres-public.yml b/postgres-public/compose.postgres-public.yml index 7dcf807..54ea4f2 100644 --- a/postgres-public/compose.postgres-public.yml +++ b/postgres-public/compose.postgres-public.yml @@ -21,6 +21,7 @@ services: # Allow pgbouncer-public to connect as public user(s)\n # Trust connection from pgbouncer-public container - authentication happens at PgBouncer level\n host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} ${COMPOSE_PROJECT_NAME}-pgbouncer-public-1.${NETWORK_NAME} trust\n + host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} samenet trust\n # To add more users, extend this environment variable with additional lines\n " # This service provides a separate pgbouncer instance for public users -- GitLab From 3e0dc94437da3c370d48e8d6a02ab43dea17eae7 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 23:00:15 +0330 Subject: [PATCH 06/15] Will create another MR for this --- haf_base.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/haf_base.yaml b/haf_base.yaml index e2953bc..60c005a 100644 --- a/haf_base.yaml +++ b/haf_base.yaml @@ -90,9 +90,6 @@ services: host haf_block_log hafsql_owner ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log hafsql_user ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log haf_admin ${COMPOSE_PROJECT_NAME}-hafsql-uninstall-1.${NETWORK_NAME} trust\n - - # Allow connections from all the containers on the compose network\n - host haf_block_log haf_admin samenet trust\n " SHM_DIR: /home/hived/shm_dir ROCKSDB_DIR: /home/hived/rocksdb_dir -- GitLab From 1999c16bcde0bb4baf6724f3c434a8b7e6713a73 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 23:01:47 +0330 Subject: [PATCH 07/15] Update compose.postgres-public.yml --- postgres-public/compose.postgres-public.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/postgres-public/compose.postgres-public.yml b/postgres-public/compose.postgres-public.yml index 54ea4f2..a1144c0 100644 --- a/postgres-public/compose.postgres-public.yml +++ b/postgres-public/compose.postgres-public.yml @@ -19,8 +19,7 @@ services: environment: PG_ACCESS_PGBOUNCER_PUBLIC: " # Allow pgbouncer-public to connect as public user(s)\n - # Trust connection from pgbouncer-public container - authentication happens at PgBouncer level\n - host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} ${COMPOSE_PROJECT_NAME}-pgbouncer-public-1.${NETWORK_NAME} trust\n + # Trust connection from all containers on this compose (samenet)\n host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} samenet trust\n # To add more users, extend this environment variable with additional lines\n " -- GitLab From 2254bc0cddb65b34f8088a18f85fb26a2bb8a3a3 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Wed, 19 Nov 2025 20:26:36 +0330 Subject: [PATCH 08/15] HAFSQL_PUBLIC_PORT_SSL & HAFSQL_PUBLIC_PORT_TCP --- .env.example | 3 +++ postgres-public/compose.postgres-public.yml | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index 3771b6c..00ecf6e 100644 --- a/.env.example +++ b/.env.example @@ -307,6 +307,9 @@ PUBLIC_HOSTNAME="your.hostname.com" # (Requires PostgreSQL 17+ client with libpq 17+) # - Port 5433 (Plain TCP): postgresql://user:pass@hostname:5433/haf_block_log # (Works with all PostgreSQL versions, but NOT encrypted) +# Can change the default ports of the above connection methods: +# HAFSQL_PUBLIC_PORT_SSL = 5432 +# HAFSQL_PUBLIC_PORT_TCP = 5433 # HAFSQL_PUBLIC_CONNECTION_LIMIT=5 # Maximum concurrent connections for public users # HafSQL diff --git a/postgres-public/compose.postgres-public.yml b/postgres-public/compose.postgres-public.yml index 11a879b..7dcf807 100644 --- a/postgres-public/compose.postgres-public.yml +++ b/postgres-public/compose.postgres-public.yml @@ -6,8 +6,8 @@ services: # Extend caddy service to expose PostgreSQL ports caddy: ports: - - 5432:5432 # TLS port for PostgreSQL 17+ clients (sslnegotiation=direct) - - 5433:5433 # Plain TCP port for all PostgreSQL clients + - ${HAFSQL_PUBLIC_PORT_SSL:-5432}:5432 # TLS port for PostgreSQL 17+ clients (sslnegotiation=direct) + - ${HAFSQL_PUBLIC_PORT_TCP:-5433}:5433 # Plain TCP port for all PostgreSQL clients volumes: - type: bind source: ./caddy/layer4-postgres-snippets @@ -51,6 +51,8 @@ services: PGBOUNCER_QUERY_WAIT_TIMEOUT: 60 PGBOUNCER_CLIENT_IDLE_TIMEOUT: 0 PGBOUNCER_CLIENT_LOGIN_TIMEOUT: 30 + # Ignore unsupported startup parameters to prevent connection errors + PGBOUNCER_IGNORE_STARTUP_PARAMETERS: extra_float_digits # Logging PGBOUNCER_LOG_CONNECTIONS: 1 PGBOUNCER_LOG_DISCONNECTIONS: 1 -- GitLab From 9b812bfc7cba30c9aaf547fce0674a8d58efedc8 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Wed, 19 Nov 2025 21:55:05 +0330 Subject: [PATCH 09/15] Update haf_base.yaml --- haf_base.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/haf_base.yaml b/haf_base.yaml index 60c005a..8743b0b 100644 --- a/haf_base.yaml +++ b/haf_base.yaml @@ -90,6 +90,10 @@ services: host haf_block_log hafsql_owner ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log hafsql_user ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log haf_admin ${COMPOSE_PROJECT_NAME}-hafsql-uninstall-1.${NETWORK_NAME} trust\n + + # Allow connections from all the containers on the compose network + host haf_block_log haf_admin samenet trust\n + " SHM_DIR: /home/hived/shm_dir ROCKSDB_DIR: /home/hived/rocksdb_dir -- GitLab From 586f61bcfd8ed531e6dc72db3bc3e63ba7dba8f6 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Wed, 19 Nov 2025 22:45:34 +0330 Subject: [PATCH 10/15] allow connections from all the containers on compose network --- haf_base.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/haf_base.yaml b/haf_base.yaml index 8743b0b..e2953bc 100644 --- a/haf_base.yaml +++ b/haf_base.yaml @@ -91,9 +91,8 @@ services: host haf_block_log hafsql_user ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log haf_admin ${COMPOSE_PROJECT_NAME}-hafsql-uninstall-1.${NETWORK_NAME} trust\n - # Allow connections from all the containers on the compose network + # Allow connections from all the containers on the compose network\n host haf_block_log haf_admin samenet trust\n - " SHM_DIR: /home/hived/shm_dir ROCKSDB_DIR: /home/hived/rocksdb_dir -- GitLab From 395faaf5b961736e5d5c3bf45b62baed9b0e4897 Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 01:59:07 +0330 Subject: [PATCH 11/15] fix connection error - ignore startup parameters --- pgbouncer/docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/pgbouncer/docker-entrypoint.sh b/pgbouncer/docker-entrypoint.sh index e7d038c..4a8f792 100644 --- a/pgbouncer/docker-entrypoint.sh +++ b/pgbouncer/docker-entrypoint.sh @@ -95,6 +95,7 @@ tcp_keepalive = ${PGBOUNCER_TCP_KEEPALIVE:-1} tcp_keepcnt = ${PGBOUNCER_TCP_KEEPCNT:-3} tcp_keepidle = ${PGBOUNCER_TCP_KEEPIDLE:-60} tcp_keepintvl = ${PGBOUNCER_TCP_KEEPINTVL:-10} +ignore_startup_parameters = ${PGBOUNCER_IGNORE_STARTUP_PARAMETERS:-extra_float_digits} ;; Logging log_connections = ${PGBOUNCER_LOG_CONNECTIONS:-0} -- GitLab From f3d525fe47cbef91553aeddc892b88244c3ac05d Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 02:19:50 +0330 Subject: [PATCH 12/15] Attempt to fix missing pg_hba entry error --- postgres-public/compose.postgres-public.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/postgres-public/compose.postgres-public.yml b/postgres-public/compose.postgres-public.yml index 7dcf807..54ea4f2 100644 --- a/postgres-public/compose.postgres-public.yml +++ b/postgres-public/compose.postgres-public.yml @@ -21,6 +21,7 @@ services: # Allow pgbouncer-public to connect as public user(s)\n # Trust connection from pgbouncer-public container - authentication happens at PgBouncer level\n host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} ${COMPOSE_PROJECT_NAME}-pgbouncer-public-1.${NETWORK_NAME} trust\n + host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} samenet trust\n # To add more users, extend this environment variable with additional lines\n " # This service provides a separate pgbouncer instance for public users -- GitLab From 14e7a64ab961b556ffc8363d97778aaf44425d7a Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 23:00:15 +0330 Subject: [PATCH 13/15] Will create another MR for this --- haf_base.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/haf_base.yaml b/haf_base.yaml index e2953bc..60c005a 100644 --- a/haf_base.yaml +++ b/haf_base.yaml @@ -90,9 +90,6 @@ services: host haf_block_log hafsql_owner ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log hafsql_user ${COMPOSE_PROJECT_NAME}-hafsql-1.${NETWORK_NAME} trust\n host haf_block_log haf_admin ${COMPOSE_PROJECT_NAME}-hafsql-uninstall-1.${NETWORK_NAME} trust\n - - # Allow connections from all the containers on the compose network\n - host haf_block_log haf_admin samenet trust\n " SHM_DIR: /home/hived/shm_dir ROCKSDB_DIR: /home/hived/rocksdb_dir -- GitLab From be81b35776e291ca3cf4715ff10e7794161e56cf Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Fri, 21 Nov 2025 23:01:47 +0330 Subject: [PATCH 14/15] Update compose.postgres-public.yml --- postgres-public/compose.postgres-public.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/postgres-public/compose.postgres-public.yml b/postgres-public/compose.postgres-public.yml index 54ea4f2..a1144c0 100644 --- a/postgres-public/compose.postgres-public.yml +++ b/postgres-public/compose.postgres-public.yml @@ -19,8 +19,7 @@ services: environment: PG_ACCESS_PGBOUNCER_PUBLIC: " # Allow pgbouncer-public to connect as public user(s)\n - # Trust connection from pgbouncer-public container - authentication happens at PgBouncer level\n - host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} ${COMPOSE_PROJECT_NAME}-pgbouncer-public-1.${NETWORK_NAME} trust\n + # Trust connection from all containers on this compose (samenet)\n host haf_block_log ${HAFSQL_PUBLIC_USERNAME:-hafsql_public} samenet trust\n # To add more users, extend this environment variable with additional lines\n " -- GitLab From 2f52fd594e0d55fc1b61bd51be3741063315599b Mon Sep 17 00:00:00 2001 From: Mahdi Yari <16903082+mahdiyari@users.noreply.github.com> Date: Tue, 9 Dec 2025 00:47:58 +0330 Subject: [PATCH 15/15] remove spaces --- .env.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index 55b8c83..cf31bc1 100644 --- a/.env.example +++ b/.env.example @@ -308,8 +308,8 @@ PUBLIC_HOSTNAME="your.hostname.com" # - Port 5433 (Plain TCP): postgresql://user:pass@hostname:5433/haf_block_log # (Works with all PostgreSQL versions, but NOT encrypted) # Can change the default ports of the above connection methods: -# HAFSQL_PUBLIC_PORT_SSL = 5432 -# HAFSQL_PUBLIC_PORT_TCP = 5433 +# HAFSQL_PUBLIC_PORT_SSL=5432 +# HAFSQL_PUBLIC_PORT_TCP=5433 # HAFSQL_PUBLIC_CONNECTION_LIMIT=5 # Maximum concurrent connections for public users # HafSQL -- GitLab