Skip to content

CjS77/docker-postgres-cert

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pg_hba.conf
pg_hba.conf
 
 
postgresql.conf
postgresql.conf
 
 
server.crt
server.crt
 
 
server.key
server.key
 
 
ssl.conf
ssl.conf
 
 
ssl.sh
ssl.sh
 
 

Repository files navigation

Docker Postgres with SSL Certificate

This repo is for running a Docker postgres image with SSL based on the library postgres 9.5 image.

Build

docker pull nimbustech/postgres-ssl:9.5

Use

  1. First get postgres up and running (replace $PG_DATA and 'demo' as required):

    docker run --rm --name psql -e POSTGRES_DB='demo' -e POSTGRES_PASSWORD='password' nimbustech/postgres-ssl:9.5

  2. Then copy your server.crt and server.key files to /my/cert/folder. You must make sure that the ownership and permisions are correct, typically by running the following in the host:

    sudo chown 999.docker *
sudo chmod 600 server.key

  3. You can configure postgres to use your certificates with:

    docker run --name psql -d -v /my/cert/folder:/var/ssl -e POSTGRES_PASSWORD='password' nimbustech/postgres-ssl:9.5

  4. Then connect with the proper sslmode parameter that your client uses to connect to postgres. (libpq docs)

    • disable - will not use ssl
    • allow - will revert to non-ssl mode with an outdated cert
    • prefer - will revert to non-ssl mode with an outdated cert
    • require - will fail with an outdated cert
    • verify-ca - will fail with an outdated cert
    • verify-full- will fail with an outdated cert
PGSSLMODE="prefer"  psql -h xxx.xxx.xxx.xxx -U postgres -d dbname

Environment

The environment variables are he same as for the official postgres image:

POSTGRES_PASSWORD

This environment variable is recommended for you to use the PostgreSQL image. This environment variable sets the superuser password for PostgreSQL. The default superuser is defined by the POSTGRES_USER environment variable. In the above example, it is being set to "password".

POSTGRES_USER

This optional environment variable is used in conjunction with POSTGRES_PASSWORD to set a user and its password. This variable will create the specified user with superuser power and a database with the same name. If it is not specified, then the default user of postgres will be used.

PGDATA

This optional environment variable can be used to define another location - like a subdirectory - for the database files. The default is /var/lib/postgresql/data, but if the data volume you're using is a fs mountpoint (like with GCE persistent disks), Postgres initdb recommends a subdirectory (for example /var/lib/postgresql/data/pgdata ) be created to contain the data.

POSTGRES_DB

This optional environment variable can be used to define a different name for the default database that is created when the image is first started. If it is not specified, than the value of POSTGRES_USER will be used.

Volumes

The following directories are defined as volumes:

  • /var/lib/postgresql/data
  • /var/ssl - postgres looks here for your server.crt and server.key files

MIT License

See the LICENSE file for full information.

About

A Dockerfile with a certificate generation script

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Shell 100.0%