PostgreSQL Connection Refused Fix

Updated March 11, 2026 • Expert Guide • Prime AI Tech Solutions

Looking for the best solutions? Compare top options and get expert advice tailored to your needs.

Explore Top Recommendations ›

Understanding and Resolving "PostgreSQL Connection Refused" Errors

The "PostgreSQL Connection Refused" error is a common roadblock for developers and system administrators alike. It signifies that your client application attempted to establish a connection with a PostgreSQL server, but the server actively denied the connection attempt. Unlike a timeout, which suggests no response, "Connection Refused" indicates the server was reachable but explicitly rejected the connection. This article provides a highly detailed, step-by-step guide to diagnose and fix this pervasive issue, ensuring your PostgreSQL database is accessible and secure.

Resolving this error requires a systematic approach, checking configurations on both the server and client sides, as well as network infrastructure. We'll delve into the most frequent causes and provide actionable solutions, transforming a frustrating error into a manageable diagnostic challenge.

PostgreSQL Connection Refused Troubleshooting Flowchart

Step-by-Step Guide: Diagnosing and Fixing "Connection Refused"

Step 1: Verify PostgreSQL Server Status

The most fundamental reason for a connection refusal is that the PostgreSQL server process isn't running. Before diving into complex configurations, always confirm the server is active.

  • Linux (systemd-based distributions like Ubuntu, Debian, CentOS 7+): 
    sudo systemctl status postgresql

    Look for "active (running)". If not, start it:

    sudo systemctl start postgresql

    And enable it to start on boot:

    sudo systemctl enable postgresql
  • Linux (older systems or custom installations): 
    pg_ctl status -D /path/to/data/directory

    If not running, start it:

    pg_ctl start -D /path/to/data/directory
  • Windows: Check the Services manager (services.msc) for "PostgreSQL" service status. Start it if it's stopped.

If the server fails to start, check its logs immediately (see Step 6) for startup errors.

Step 2: Check PostgreSQL Port (5432) Availability and Listening Address

Even if PostgreSQL is running, it might not be listening on the expected network interface or port. By default, PostgreSQL listens on port 5432.

  1. Verify Listening Port:
    • Linux: 
      sudo netstat -tuln | grep 5432
      sudo ss -tuln | grep 5432

      You should see an entry like tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN or 0.0.0.0:5432 or [::]:5432. If no entry appears, PostgreSQL isn't listening on that port.

    • Windows: 
      netstat -ano | findstr :5432

      Then use tasklist /fi "PID eq [PID_from_netstat]" to confirm it's a PostgreSQL process.

  2. Examine postgresql.conf's listen_addresses:

    The postgresql.conf file controls server-wide settings. Locate it (common paths: /etc/postgresql/{version}/main/postgresql.conf on Debian/Ubuntu, /var/lib/pgsql/{version}/data/postgresql.conf on CentOS/RHEL, or your data directory). Open it and find the listen_addresses parameter.

    • listen_addresses = 'localhost' (or '127.0.0.1'): This restricts connections to only the local machine. Remote clients will be refused.
    • listen_addresses = '*': This allows PostgreSQL to listen on all available network interfaces, making it accessible from remote hosts. This is often necessary for non-local connections.
    • listen_addresses = '192.168.1.100': This restricts listening to a specific IP address.

    Action: If you need remote access and listen_addresses is set to 'localhost', change it to '*' or the specific IP address of the server's network interface. After modification, you must restart the PostgreSQL service for changes to take effect (sudo systemctl restart postgresql).

Step 3: Review pg_hba.conf for Client Authentication

Even if PostgreSQL is listening, it uses pg_hba.conf (Host-Based Authentication) to determine which hosts are allowed to connect, which users can authenticate, and what authentication method they must use. This is a common source of "Connection Refused" if the connection is from an unauthorized host or user.

  • Locate pg_hba.conf: It's typically in the same directory as postgresql.conf.
  • Understand the Format: Each line is a rule: TYPE DATABASE USER ADDRESS METHOD [OPTIONS].
    • TYPE: local (Unix socket), host (TCP/IP), hostssl, hostnossl.
    • DATABASE: all, specific database name, replication.
    • USER: all, specific user name.
    • ADDRESS: IP address or range (e.g., 192.168.1.0/24 for a subnet, 0.0.0.0/0 for all IPs, 127.0.0.1/32 for localhost).
    • METHOD: trust, ident, md5, scram-sha-256, peer, etc.
  • Common Example for Remote Access: 
    host    all             all             0.0.0.0/0               md5

    This rule allows any user from any IP address to connect to any database using MD5 password authentication. For production, restrict ADDRESS to known client IPs or subnets.

  • Action: Ensure there's a rule that matches your client's connection attempt (type, database, user, and most critically, IP address). If you add or modify a rule, you must reload PostgreSQL's configuration (sudo systemctl reload postgresql) for changes to take effect. A restart is also fine, but a reload is less disruptive.
PostgreSQL Server Configuration Files and Network Rules

Step 4: Firewall Configuration

A firewall (like ufw, firewalld, or iptables on Linux, or Windows Defender Firewall) can block incoming connections to port 5432, leading to a "Connection Refused" error even if PostgreSQL is correctly configured.

  • UFW (Uncomplicated Firewall - Ubuntu/Debian): 
    sudo ufw allow 5432/tcp
    sudo ufw enable
    sudo ufw status verbose
  • Firewalld (CentOS/RHEL): 
    sudo firewall-cmd --add-port=5432/tcp --permanent
    sudo firewall-cmd --reload
    sudo firewall-cmd --list-all
  • IPTables (General Linux): 
    sudo iptables -A INPUT -p tcp --dport 5432 -j ACCEPT

    Remember to save iptables rules permanently, as they are often reset on reboot if not saved.

  • Windows Defender Firewall: Navigate to "Windows Defender Firewall with Advanced Security", create an inbound rule to allow TCP connections on port 5432.

Action: Ensure your firewall is configured to allow incoming TCP connections on port 5432 from the IP addresses or ranges that need to access the database.

Step 5: Client-Side Connection Parameters

The "Connection Refused" error can sometimes stem from incorrect parameters specified by the client application itself.

  • Hostname/IP Address: Double-check that the client is attempting to connect to the correct IP address or hostname of the PostgreSQL server.
  • Port: Confirm the client is using the correct port, which is 5432 by default.
  • Database Name: Ensure the client is requesting a valid database that exists on the server.
  • Username: Verify the username exists and has the necessary permissions.
  • Connection String: For applications, meticulously review the connection string syntax. Examples:
    • psql -h your_server_ip -p 5432 -U your_user -d your_database
    • jdbc:postgresql://your_server_ip:5432/your_database

Action: Correct any discrepancies in the client's connection parameters.

Step 6: Check PostgreSQL Logs

PostgreSQL logs are invaluable for diagnosing issues. They can provide specific reasons for connection failures, authentication problems, or server startup issues.

  • Log Location:
    • Linux (Debian/Ubuntu): /var/log/postgresql/postgresql-{version}-main.log
    • Linux (CentOS/RHEL): Often in the data directory, e.g., /var/lib/pgsql/{version}/data/log/
    • Windows: In the log subdirectory of your data directory.
    • The exact path can also be found in postgresql.conf under log_directory or log_file_name.
  • What to Look For:
    • Messages indicating the server failed to start or crashed.
    • FATAL: could not bind socket to address ...: Address already in use (another process is using port 5432).
    • FATAL: no pg_hba.conf entry for host "..." user "..." database "..." SSL off (a clear indication of a pg_hba.conf issue).
    • Authentication errors (though these usually result in "password authentication failed" rather than "connection refused", they can sometimes be misdiagnosed).

Action: Tail the log file (tail -f /path/to/logfile) while attempting a connection to see real-time error messages. This often pinpoints the exact problem.