Using docker-compose I've developed a website which includes a Postgresql database. I deployed it on a server using the same docker-compose.yml file, but I found that I can remotely access my postgres server using psql.
I currently have these lines in my docker-compose
version: '3.6'
services:
db:
image: postgres
ports:
- 5432:5432
environment:
POSTGRES_DB: my_website
POSTGRES_USER: my_website
POSTGRES_PASSWORD: my_password
Does anybody know how I can only allow access to the postgres db from within the docker network so that it cannot accessed from outside the host OS?
At the moment you are binding the port 5432 from within the docker container onto a host port using the ports directive. To only have the port accessible within your local docker network, change ports to expose
version: '3.6'
services:
db:
image: postgres
expose:
- "5432"
environment:
POSTGRES_DB: my_website
POSTGRES_USER: my_website
POSTGRES_PASSWORD: my_password
Related
I am trying to run bamboo-server using a docker container and connect it to postgres db that is running on another container. First I run the postgres db and create an empty database named bamboo with a user postgres and password postgres.
And I run this commend to run bamboo server from https://hub.docker.com/r/atlassian/bamboo
$> docker volume create --name bambooVolume
$> docker run -v bambooVolume:/var/atlassian/application-data/bamboo --name="bamboo" -d -p 8085:8085 -p 54663:54663 atlassian/bamboo
Then I open localhost:8085 and generate a license and reach the point that I see this error
Error accessing database: org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
What is the problem?
SOLUTION:
Worked with this dokcer-compose yaml:
version: '2'
services:
bamboo:
image: atlassian/bamboo
container_name: bamboo
ports:
- '54663:5436'
- '8085:8085'
networks:
- bamboonet
volumes:
- bamboo-data:/var/atlassian/application-data/bamboo
hostname: bamboo
environment:
CATALINA_OPTS: -Xms256m -Xmx1g
BAMBOO_PROXY_NAME:
BAMBOO_PROXY_PORT:
BAMBOO_PROXY_SCHEME:
BAMBOO_DELAYED_START:
labels:
com.blacklabelops.description: "Atlassian Bamboo"
com.blacklabelops.service: "bamboo"
db-bamboo:
image: postgres
container_name: postgres
hostname: postgres
networks:
- bamboonet
volumes:
- bamboo-data-db:/var/lib/postgresql/data
ports:
- '5432:5432'
environment:
POSTGRES_PASSWORD: password
POSTGRES_USER: bamboo
POSTGRES_DB: bamboo
POSTGRES_ENCODING: UTF8
POSTGRES_COLLATE: C
POSTGRES_COLLATE_TYPE: C
PGDATA: /var/lib/postgresql/data/pgdata
labels:
com.blacklabelops.description: "PostgreSQL Database Server"
com.blacklabelops.service: "postgresql"
volumes:
bamboo-data:
external: false
bamboo-data-db:
external: false
networks:
bamboonet:
driver: bridge
If you don't set network of your docker it will be used bridge mode as default.
I think the problem is you might use {containerName}:5432 instead of localhost:5432 from your JDBC connection string, because localhost mean your container of website instead of real computer, so that you can't connect to DB by that.
jdbc:postgresql://bamboo-pg-db-container:5432/bamboo
Docker container for cvat_db has following settings:
services:
cvat_db:
container_name: cvat_db
image: postgres:10-alpine
restart: always
environment:
POSTGRES_USER: root
POSTGRES_DB: cvat
POSTGRES_HOST_AUTH_METHOD: trust
volumes:
cvat_db:/var/lib/postgresql/data
networks:
cvat
While below is the connection setting in dbeaver, where "HOST IP" i have put the IP address where cvat is hosted.
Dbeaver Settings
I'm getting error of timeout connection. So, I want to know how to connect postgres database to dbeaver.
Keep the following in mind:
Postgres always need a password according to their docs.
Do not create custom networks if it is not really needed. Use the default bridge network instead.
Do you connect with Postgres from another docker container or from your host system? If you connect from your host system add ports with 5432:5432.
mount your volumes to a subpath instead of named volumes
Example compose file:
version: '3.9'
services:
cvat_db:
container_name: cvat_db
image: postgres:10-alpine
restart: always
ports:
- 5432:5432
environment:
POSTGRES_USER: root
POSTGRES_PASSWORD: password
POSTGRES_DB: cvat
volumes:
- ./cvat_db:/var/lib/postgresql/data
I wrote an article about docker compose networking, perhaps it helps.
I have set up the following docker-compose.yml file to set up and run PostgreSQL and PgAdmin.
version: '3.1'
services:
db:
image: postgres:latest
container_name: postgres-dopp
restart: unless-stopped
environment:
POSTGRES_USER: dopp_dev
POSTGRES_PASSWORD: dopp_dev_pass
PGDATA: /data/postgres
ports:
- "5432:5432"
volumes:
- dbdata-dopp:/data/postgres
networks:
- network-dopp
pgadmin:
image: dpage/pgadmin4
environment:
PGADMIN_DEFAULT_EMAIL: pgadmin4#pgadmin.org
PGADMIN_DEFAULT_PASSWORD: admin
PGADMIN_CONFIG_SERVER_MODE: 'False'
depends_on:
- db
volumes:
- dbdata-dopp:/data/pgadmin
ports:
- "5050:80"
networks:
- network-dopp
networks:
network-dopp:
driver: bridge
volumes:
dbdata-dopp:
name: dopp-db-data
driver: local
This works fine, insofar as I can navigate to PgAdmin in my host machine's browser and through that I can connect to the database using the credentials I've defined in the environment variables. However, when attempting to make a direct connection to the postgres database from my host machine (by connecting to localhost:5432, since I have configured to expose that port), I then get the following error response:
[28P01] FATAL: password authentication failed for user "dopp_dev"
I'm fairly new to the peculiarities of Postgres and docker configuration, so I'm not sure what is causing Postgres to say that password authentication fails when connecting from my host machine, while it works perfectly fine if I do it through PgAdmin, which is on the same internal docker network.
Actually, I discovered that the docker postgres service's port 5432 was being shadowed by a local postgres instance running my host machine.
On my rasperry pi 4 I've installed docker and docker-compose and now I'm tring to install and use Postgres and Adminer
following that https://hub.docker.com/_/postgres I've created docker-compose.yaml file as follow:
# Use postgres/example user/password credentials
version: '3.1'
services:
db:
image: postgres
restart: unless-stopped
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
adminer:
image: adminer
restart: unless-stopped
ports:
- 8080:8080
and i run it with
docker-compose -f docker-compose.yaml up -d
after that DB_1 starts and adminer too
but when i try connect to http://192.168.1.38:8080/ i can't reach it
even if i try connect to postgres through pgAdmin it's says
could not connect to server: Connection refused (0x0000274D/10061) Is
the server running on host "192.168.1.38" and accepting TCP/IP
connections on port 5432?
however if i don't use docker-compose but just
docker run --name postgres -d --restart unless-stopped -p 5432:5432 -e POSTGRES_PASSWORD=123456 -v ${PWD}/data:/var/lib/postgresql/data postgres
it's work through pgAdmin
do you know what i'm doing wrong?
UPDATE: seems the problem is with docker-compose because any kind of docker-compose.yml file block connection to it...
with a container with djgango i tried to start server and it's works but when i try reach page it seem bloccked too
when i run docker-compose.yaml file docker-compose ps output is:
sudo netstat -tulpn screenshot
PgAdmin can't reach 5432 ports because you don't expose it.
Like for Adminer you need to expose the Postgres port 5432 on your machine in your compose file.
version: '3.1'
services:
db:
image: postgres
restart: unless-stopped
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
adminer:
image: adminer
restart: unless-stopped
ports:
- 8080:8080
a little late to the party but what you need to do is figure out the IP address of the postgres container, and use that as your host.
I try to initialize a database with Go.
I use port 5433 at postgres:alpine because 5432 is already taken by another microservice app.
func Init() {
DB, err = gorm.Open(postgres.New(postgres.Config{
DSN: "host=url_db user=gorm password=gorm dbname=gorm port=5433 sslmode=disable TimeZone=Asia/Tokyo",
}), &gorm.Config{})
if err != nil {
panic(err)
}
autoMigration()
}
url_db:
build:
context: ./api/services/url/db
dockerfile: Dockerfile
container_name: "url_db"
environment:
POSTGRES_USER: gorm
POSTGRES_PASSWORD: gorm
POSTGRES_DB: gorm
POSTGRES_HOST: url_db
ports:
- 5433:5433
You can confirm that only 5432 is exposed here.
I tried to expose 5433 by creating a new Dockerfile like this.
FROM postgres:alpine
EXPOSE 5433
But I got this error.
failed to initialize database, got error failed to connect to `host=url_db user=gorm database=gorm`: dial error (dial tcp 172.19.0.3:5433: connect: connection refused)
This comment:
Simply exposing the port on the docker image won't do anything unless postgres is actually configured to listen on that port. – super 5 mins ago
that teaches me the title(How can I expose a new port(not 5432) at postgres:alpine image?) is not the point, so I updated the title.
How to make postgres listen on the container's new exposed port (not 5432)?
You have multiple options:
Option 1: Define own postgresql.conf
url_db:
build:
context: ./api/services/url/db
dockerfile: Dockerfile
container_name: "url_db"
command: postgres -c "config_file=/etc/postgresql/postgresql.conf"
environment:
POSTGRES_USER: gorm
POSTGRES_PASSWORD: gorm
POSTGRES_DB: gorm
POSTGRES_HOST: url_db
ports:
- 5433:5433
volumes:
- /path/to/config:/etc/postgresql/postgresql.conf
Postgres has an example config at /usr/share/postgresql/postgresql.conf.sample within the container.
To get the config run:
docker run -i --rm postgres cat /usr/share/postgresql/postgresql.conf.sample > my-postgres.conf
Option 1: Overwrite the RUN command
url_db:
build:
context: ./api/services/url/db
dockerfile: Dockerfile
container_name: "url_db"
command: postgres -c port=5433
environment:
POSTGRES_USER: gorm
POSTGRES_PASSWORD: gorm
POSTGRES_DB: gorm
POSTGRES_HOST: url_db
ports:
- 5433:5433
You can have multiple containers that are internally listening on the same port, so long as they're mapped to different ports on the host (if they're published at all). In your example, you can set
url_db:
image: postgres:latest
environment:
POSTGRES_USER: gorm
et: cetera
ports:
- 5433:5432
Connections from outside Docker reach the remapped port, on <host ip>:5433. Connections between Docker containers use the standard service port, on url_db:5432. These connections ignore (and don't require) ports:.
"Expose" in modern Docker means almost nothing; it is most valuable as documentation in an image showing what port(s) the service normally uses. You can in theory ask Compose to expose: additional ports without modifying the image, but there's no practical effect from doing so.
For Docker Compose assuming we want to change port to 5433
An alternative to doing this is to do the following in your docker-compose.yml file
you can mount the postgres data into a volume in your directory in this case ./db
postgres:
image: postgres:10.14-alpine
environment:
POSTGRES_DB: iam
ports:
- 5433:5433
volumes:
- ./db:/var/lib/postgresql/data
Find the postgresql.conf file, then search the port
change the port to
port = 5433 # (change requires restart)