How to Install PostgreSQL on RHEL 7

PostgreSQL is a powerful, open-source object-relational database system with over 30 years of active development. It is widely regarded as the most standards-compliant open-source SQL database, offering advanced features such as full ACID compliance, support for JSON and JSONB data types, table inheritance, robust indexing mechanisms, and a rich extension ecosystem. While RHEL 7 includes an older version of PostgreSQL in its base repositories, using the official PostgreSQL Global Development Group (PGDG) yum repository gives you access to more recent stable releases. This guide covers installing PostgreSQL 9.6 on RHEL 7, initializing the data cluster, configuring client authentication, and setting up a user and database for application use.

Prerequisites

  • A RHEL 7 server with root or sudo access
  • Active RHEL 7 subscription with base repositories enabled
  • Internet access to reach the PGDG yum repository
  • firewalld running for firewall management
  • No conflicting PostgreSQL packages installed from the base repositories

Check whether any PostgreSQL packages from RHEL base repos are installed and remove them to avoid conflicts:

sudo yum list installed | grep postgresql
sudo yum remove postgresql postgresql-server -y

Step 1: Add the PostgreSQL PGDG Yum Repository

The official PGDG repository provides the latest PostgreSQL releases for all major Linux distributions. Download and install the repository RPM for PostgreSQL 9.6 on RHEL 7:

sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

After installation, verify the repository files were created:

ls /etc/yum.repos.d/ | grep pgdg

Disable the PostgreSQL packages from the RHEL base repository to prevent version conflicts, as RHEL 7 base repos include older PostgreSQL versions that may shadow PGDG packages:

sudo yum-config-manager --disable rhel-7-server-rpms
# Re-enable after installing PostgreSQL, or use --exclude in /etc/yum.conf

Alternatively, exclude PostgreSQL from the base repo permanently:

sudo vi /etc/yum.repos.d/redhat.repo
# Add to [rhel-7-server-rpms] section:
# exclude=postgresql*

Step 2: Install PostgreSQL 9.6

Install the PostgreSQL 9.6 server package and client tools:

sudo yum install -y postgresql96-server postgresql96 postgresql96-contrib

The postgresql96-contrib package includes additional modules such as pg_stat_statements, pgcrypto, and uuid-ossp that are commonly needed in production. Confirm the installed version:

/usr/pgsql-9.6/bin/postgres --version
# postgres (PostgreSQL) 9.6.24

Step 3: Initialize the PostgreSQL Database Cluster

Before starting PostgreSQL for the first time, you must initialize the data directory (the database cluster). Use the setup script provided by the PGDG package:

sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb

Expected output:

Initializing database ... OK

The data directory is created at /var/lib/pgsql/9.6/data/ and owned by the postgres system user. This directory contains the configuration files and all database files for the cluster.

Step 4: Start and Enable the PostgreSQL Service

Start the PostgreSQL 9.6 service using systemctl and enable it to start at boot:

sudo systemctl start postgresql-9.6
sudo systemctl enable postgresql-9.6

Verify the service is running:

sudo systemctl status postgresql-9.6

You should see:

● postgresql-9.6.service - PostgreSQL 9.6 database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql-9.6.service; enabled; ...)
   Active: active (running) since Sun 2024-03-15 11:00:00 UTC; 3s ago

PostgreSQL listens on port 5432 by default. Confirm it is listening:

sudo ss -tlnp | grep 5432

Step 5: Configure pg_hba.conf Authentication

PostgreSQL uses a client authentication configuration file called pg_hba.conf (Host-Based Authentication) located in the data directory. This file controls which users can connect from which hosts and using what authentication method.

sudo vi /var/lib/pgsql/9.6/data/pg_hba.conf

The default RHEL configuration uses ident authentication for local connections, which maps OS users to database users. A more practical setup for application use combines peer for the postgres superuser and md5 (password) for application users:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             postgres                                peer
local   all             all                                     md5

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5

# IPv4 remote connections (specific subnet):
host    all             all             10.0.1.0/24             md5

# IPv6 local connections:
host    all             all             ::1/128                 md5

Save the file and reload PostgreSQL to apply authentication changes:

sudo systemctl reload postgresql-9.6

Step 6: Create a PostgreSQL User and Database

Switch to the postgres system user to access the PostgreSQL superuser account:

sudo -i -u postgres

Connect to the PostgreSQL interactive terminal:

psql

Inside the psql shell, set a password for the postgres superuser:

ALTER USER postgres WITH ENCRYPTED PASSWORD 'SuperSecure#2024';
q

Create a new database role (user) and a database for your application:

# Create a new database user with a password
createuser --interactive --pwprompt appowner
# Enter name: appowner
# Shall the new role be a superuser? No
# Shall the new role be allowed to create databases? No
# Shall the new role be allowed to create more new roles? No
# Enter password: [strong password]

# Create the application database owned by the new user
createdb -O appowner appdata

# Return to regular user
exit

Alternatively, perform the same operations from within psql:

sudo -u postgres psql

CREATE ROLE appowner WITH LOGIN ENCRYPTED PASSWORD 'AppOwner#2024';
CREATE DATABASE appdata OWNER appowner ENCODING 'UTF8' LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8' TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE appdata TO appowner;
q

Step 7: Test the Connection with psql

Test connecting to the new database as the application user:

psql -h 127.0.0.1 -U appowner -d appdata -W

Inside the psql shell, run a few commands to confirm the connection and create a test table:

-- Show connection information
conninfo

-- Create a test table
CREATE TABLE products (
    id SERIAL PRIMARY KEY,
    name VARCHAR(200) NOT NULL,
    price NUMERIC(10, 2),
    created_at TIMESTAMPTZ DEFAULT NOW()
);

-- Insert a row
INSERT INTO products (name, price) VALUES ('RHEL 7 Widget', 29.99);

-- Query the table
SELECT * FROM products;

-- List all tables
dt

-- Exit
q

Step 8: Allow Remote Connections

By default, PostgreSQL listens only on localhost. To accept connections from remote hosts, edit the main postgresql.conf configuration file:

sudo vi /var/lib/pgsql/9.6/data/postgresql.conf

Find and modify the listen_addresses parameter:

# To listen on all interfaces:
listen_addresses = '*'

# To listen on a specific IP:
listen_addresses = '192.168.1.10'

Restart PostgreSQL to apply the change:

sudo systemctl restart postgresql-9.6

Open the firewall for port 5432:

sudo firewall-cmd --permanent --add-port=5432/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-ports

For stricter access control, use a rich rule to limit access to a specific network:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" port protocol="tcp" port="5432" accept'
sudo firewall-cmd --reload

Step 9: SELinux Considerations

SELinux on RHEL 7 includes policies for PostgreSQL. The default data directory /var/lib/pgsql/ is already labelled with postgresql_db_t. If you move the data directory, relabel it:

# Check current context
ls -dZ /var/lib/pgsql/9.6/data

# Relabel a custom data directory
sudo semanage fcontext -a -t postgresql_db_t "/pgsql/data(/.*)?"
sudo restorecon -Rv /pgsql/data

If PostgreSQL cannot bind to a non-default port due to SELinux, allow the port:

sudo semanage port -a -t postgresql_port_t -p tcp 5433

PostgreSQL 9.6 is now fully installed and configured on your RHEL 7 server. You added the official PGDG yum repository, installed the server and contrib packages, initialized the database cluster, configured host-based authentication in pg_hba.conf, created an application user and database, and opened the firewall for remote access. PostgreSQL’s flexibility with pg_hba.conf makes it one of the most securely configurable open-source databases available, and the PGDG repository ensures you always have access to the latest stable releases on RHEL 7.