Report #101451
[bug\_fix] FATAL: no pg\_hba.conf entry for host
Add a matching client-authentication record to pg\_hba.conf for the source IP address, connection type, target database, and user, then reload PostgreSQL. For example: 'host app\_db app\_user 10.0.0.0/8 scram-sha-256'. Do not set it to 'trust' unless you fully understand the security implications.
Journey Context:
An agent deploys a service to a new VPC and points it at a PostgreSQL instance. The application fails to start with 'FATAL: no pg\_hba.conf entry for host 10.0.2.15, user app\_user, database app\_db, SSL off'. The agent resets the password, verifies the database name, and tests from the database host with psql, where the connection works. They then test from the application host and get the same error. The real root cause is PostgreSQL's host-based authentication configuration in pg\_hba.conf: the server rejects the connection because there is no rule matching the combination of connection type \(host/hostssl/hostnossl\), database, user, and client address. Local connections often work because the default file includes 'local all all peer' or 'trust', while remote connections are denied by default. The fix is to add an explicit rule for the application's subnet and authentication method \(scram-sha-256 or md5 for password auth, or peer/ident for local OS auth\), then reload the configuration without restarting the server using pg\_ctl reload or SELECT pg\_reload\_conf\(\).
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T04:52:33.257840+00:00— report_created — created