Databases

Install PostgreSQL 17 on RHEL 10 / Rocky Linux 10 / AlmaLinux 10

Josphat Mutai Updated Mar 25, 2026 · 4 min read

Rocky Linux 10 and RHEL 10 ship with PostgreSQL 16 in the base AppStream, but the PGDG (PostgreSQL Global Development Group) repository has PostgreSQL 17 ready to go. This guide uses the PGDG repo because it gives you the latest upstream release with full control over major version upgrades.

Original content from computingforgeeks.com - post 4456

Covered here: installing PostgreSQL 17 from PGDG on Rocky Linux 10 (same steps work on AlmaLinux 10 and RHEL 10), initializing the cluster, enabling remote connections, configuring firewalld and SELinux, and creating your first database. For Debian-based systems, see the guide on installing PostgreSQL on Debian.

Verified working: March 2026 on Rocky Linux 10.1 (kernel 6.12), SELinux enforcing, PostgreSQL 17.9

Prerequisites

  • Rocky Linux 10, AlmaLinux 10, or RHEL 10 (minimal or server install)
  • Root or sudo access
  • Firewall port 5432/tcp for remote client connections
  • SELinux in enforcing mode (we won’t disable it)

Add the PGDG Repository

Install the PGDG repository RPM for RHEL 10 compatible systems:

sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-10-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Rocky Linux 10 no longer uses the traditional dnf module system for PostgreSQL, so there’s no need to disable a built-in module. The PGDG packages take priority automatically.

Install PostgreSQL 17

Install the server and client packages:

sudo dnf install -y postgresql17-server postgresql17

The install pulls in postgresql17-libs as a dependency. Three packages total:

Installed:
  postgresql17-17.9-1PGDG.rhel10.1.x86_64
  postgresql17-libs-17.9-1PGDG.rhel10.1.x86_64
  postgresql17-server-17.9-1PGDG.rhel10.1.x86_64

Initialize the Database Cluster

PostgreSQL requires an initial database cluster before it can start. Run the setup script:

sudo /usr/pgsql-17/bin/postgresql-17-setup initdb

You should see:

Initializing database ... OK

This creates the data directory at /var/lib/pgsql/17/data/ with the default locale and encoding (UTF-8).

Start and Enable PostgreSQL

Start the service and enable it to survive reboots:

sudo systemctl enable --now postgresql-17

Verify the service is running:

systemctl status postgresql-17

The output should show active (running):

● postgresql-17.service - PostgreSQL 17 database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql-17.service; enabled; preset: disabled)
     Active: active (running) since Wed 2026-03-25 04:08:20 EAT
       Docs: https://www.postgresql.org/docs/17/static/

Check the exact version from the psql client:

sudo -u postgres /usr/pgsql-17/bin/psql -c 'SELECT version();'

Confirmed PostgreSQL 17.9 compiled with GCC 14.3.1 on Rocky Linux 10:

 PostgreSQL 17.9 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 14.3.1 20250617 (Red Hat 14.3.1-2), 64-bit

Enable Remote Connections

By default, PostgreSQL only listens on localhost. To allow connections from other servers or workstations, edit the main configuration file:

sudo vi /var/lib/pgsql/17/data/postgresql.conf

Find the listen_addresses line and change it to:

listen_addresses = '*'

Next, configure client authentication in pg_hba.conf:

sudo vi /var/lib/pgsql/17/data/pg_hba.conf

Add a line at the end to allow password-based connections from any IP (restrict to your subnet in production):

host    all    all    0.0.0.0/0    scram-sha-256

Set a password for the postgres superuser:

sudo -u postgres /usr/pgsql-17/bin/psql -c "ALTER USER postgres WITH PASSWORD 'YourSecurePassword';"

Restart PostgreSQL to apply the configuration changes:

sudo systemctl restart postgresql-17

Configure the Firewall

Open port 5432 in firewalld for remote PostgreSQL connections:

sudo firewall-cmd --permanent --add-port=5432/tcp
sudo firewall-cmd --reload

Verify the port is open:

sudo firewall-cmd --list-ports

You should see 5432/tcp in the output.

SELinux Configuration

PostgreSQL from PGDG works with SELinux enforcing out of the box on Rocky Linux 10 because the PGDG packages include the correct file contexts. No setsebool commands are needed for the default setup.

If you change the data directory to a non-standard location, you will need to set the correct SELinux context:

sudo semanage fcontext -a -t postgresql_db_t "/custom/pgdata(/.*)?"
sudo restorecon -Rv /custom/pgdata

If you change PostgreSQL’s port from the default 5432, tell SELinux:

sudo semanage port -a -t postgresql_port_t -p tcp 5433

Check for any AVC denials after changes:

sudo ausearch -m avc -ts recent

Create a Database and User

Connect to the PostgreSQL shell:

sudo -u postgres /usr/pgsql-17/bin/psql

Create a new database and user:

CREATE DATABASE appdb;
CREATE USER appuser WITH ENCRYPTED PASSWORD 'AppPass2026';
GRANT ALL PRIVILEGES ON DATABASE appdb TO appuser;
\q

List all databases to confirm:

sudo -u postgres /usr/pgsql-17/bin/psql -l

The output shows the new database alongside the defaults:

   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype
-----------+----------+----------+-----------------+-------------+-------------
 appdb     | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8
 postgres  | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8
 template0 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8
 template1 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8

RHEL Family Path Reference

ItemPath / Value
Binaries/usr/pgsql-17/bin/
Data directory/var/lib/pgsql/17/data/
Config file/var/lib/pgsql/17/data/postgresql.conf
HBA config/var/lib/pgsql/17/data/pg_hba.conf
Log directory/var/lib/pgsql/17/data/log/
Service namepostgresql-17
Default port5432/tcp
System userpostgres

On Ubuntu/Debian, the paths are different: binaries in /usr/lib/postgresql/17/bin/, config in /etc/postgresql/17/main/, and the service name is just postgresql.

Production Hardening

A few things to tighten before running in production:

  • Restrict pg_hba.conf: Replace 0.0.0.0/0 with your actual application subnet (e.g., 10.0.1.0/24)
  • Tune shared_buffers: Set to 25% of total RAM. The default 128 MB is too low for production
  • Enable WAL archiving for point-in-time recovery
  • Set up automated backups using BorgBackup or pg_basebackup
  • Monitor with pg_stat_statements: Add shared_preload_libraries = 'pg_stat_statements' to track slow queries

For monitoring your PostgreSQL server alongside the rest of your infrastructure, consider setting up Nagios or a similar monitoring stack with PostgreSQL-specific checks.

Josphat Mutai

Founder of Computingforgeeks. Expertise in Virtualization, Cloud, Linux/UNIX Administration, Automation,Storage Systems, Containers, Server Clustering e.t.c.

Related Articles

AlmaLinux Install PHP OPcache on Rocky / Alma / CentOS 9|8 Rocky Linux How To Install HAProxy on Rocky Linux 9 / AlmaLinux 9 AlmaLinux AlmaLinux 10 Upgrade Guide: Upgrade from AlmaLinux 9 Safely RHEl Configure oVirt FreeIPA LDAP Authentication on Rocky Linux 10

Leave a Comment

Press ESC to close