PostgreSQL Replication Configuration with Cloudflare Tunnels

I’m currently in the process of setting up PostgreSQL replication between Site A and Site B using Cloudflare tunnels. Site A hosts the primary database, while Site B holds the replica database.

On the primary PostgreSQL instance at Site A,

cloudflared access tcp --hostname replacatdb.xxxx.xxxxx --url localhost:6432

And on the replica PostgreSQL instance at Site B,

cloudflared access tcp --hostname primarydb.xxxx.xxxxx --url localhost:7432

When attempting to obtain a backup from the primary database on the replica database instance, I’m encountering a permission denied error:

$ pg_basebackup -R -h localhost -p 7432 -U rep_user -D /var/lib/pgsql/14/data/ -P
Password:
pg_basebackup: error: could not access directory "/var/lib/pgsql/14/data/": Permission denied

Here’s the relevant entry in pg_hba.conf on both the primary and replica databases:

host replication rep_user replicatdb.xxxx.xxxxx md5
host replication rep_user primarydb.xxxx.xxxxx md5

I’ve also tried adding the following entry as well ( open to all hosts for testing purpose)

host all all 0.0.0.0/0 md5

I would like to understand whether PostgreSQL replication stream is compatible with Cloudflare tunnels, and if there are any critical configurations I may be overlooking.

we’re interested in transitioning to Cloudflare tunnels for enhanced security and performance, Could you please help me in locating reference documentation? I’ve recently begun working with Cloudflare tunnels and would appreciate any guidance would be greatly appreciated!

Hi @somesh.nistala,

Have you tried taking a look at Cloudflared logs to see if there are any hints that may help you see why PostgreSQL replication stream is not working.

Please refer to this documentation for instructions on how to enable logging: Tunnel logs · Cloudflare Zero Trust docs

Thank you so much for your response. The above issue is not related to Cloudflare. This issue is due to incorrect privileges. I was executing the pg_basebackup command not from the PostgreSQL shell.