My question is how to configure it so that non-admin (non-postgres) accounts can login from the internet but the admin (postgres) user is only allowed from localhost or a limited IP range. What entries in the pg_hba.conf that let me set this up? I already have set this up in postgresql.conf:
listen_addresses = '*'
I also have added the line to my pg_hba.conf to allow log in from the wide open world:
host all all 0.0.0.0/0 md5
But now the postgres use can log in from any address which is not what I want :(
I have seen a number of places that talk about how to open up PostgreSQL for connections from any address like: https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host but no questions that open it up and lock down the postgres user.
Try:
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host all postgres 0.0.0.0/0 reject
host all all 0.0.0.0/0 md5