Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Allow Docker Container Access to Host's Postgres Database on linux (ubuntu)

You have to do 2 things in order to allow your container to access your host's postgresql database

  1. Make your postgresql listen to an external ip address
  2. Let this client ip (your docker container) access your postgresql database with a given user

Obs: By "Host" here I mean "the server where docker is running on".

Make your postgresql listen to an external ip address

Find your postgresql.conf (in case you don't know where it is)

$ sudo find / -type f -name postgresql.conf # => /etc/postgresql/9.5/main/postgresql.conf

Change postgresql.conf to allow external access

$ sudo atom /etc/postgresql/9.5/main/postgresql.conf # or the path you found before

Look for the line: #listen_addresses = 'localhost' # what IP address(es) to listen on;

Uncomment and set the external ip adress that'll be trying to access your DB. If you don't know it, or want to free all ips to access it (not that safe), set it to '*':

listen_addresses = '*' # what IP address(es) to listen on;

Restart postgres

$ /etc/init.d/postgresql restart

You can check if this worked out with this command:

$ netstat -nlt

It will output something like this:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN 

See that it has the address 0.0.0.0 on port 5432.

Let your container access your postgresql database with a given user

Find your pg_hba.conf

$ sudo find / -type f -name pg_hba.conf # => /etc/postgresql/9.5/main/pg_hba.conf

Change pg_hba.conf to allow access to your database

$ sudo atom /etc/postgresql/9.5/main/pg_hba.conf # or the path you found before

# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access.  Records take one of these forms:
#
host my_database_name my_database_user 172.17.0.0/16 trust # Allowing docker container connections to host db
#
# local      DATABASE  USER  METHOD  [OPTIONS]
# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]

Restart postgres and test your connection

$ psql my_database_name my_database_user -h <host-ip-address>

References:

https://stackoverflow.com/questions/31249112/allow-docker-container-to-connect-to-a-local-host-postgres-database

https://www.thegeekstuff.com/2014/02/enable-remote-postgresql-connection/

@HighMileage
Copy link

HighMileage commented Mar 20, 2019

Thanks for making this gist! I've also been looking into getting a Dockerized process to talk to a postgres DB running on its host. After some research, it looks like you can also use the --network=host/--net=host optional (eg docker run --network=host <MY_IMAGE> bash) to share the host's network stack with the Dockerized process. That cuts out the need to make updates to listen_addresses and changes to pg_hba.conf will depend on your current configuration. Just figured I'd mention it here in case it's helpful to you or anyone else that comes upon this gist later.

@percybolmer
Copy link

percybolmer commented Jul 24, 2019

HighMileage, thanks alot for that solution!

@blinky-z
Copy link

blinky-z commented Aug 12, 2019

Thx, nice article!

@lhttjdr
Copy link

lhttjdr commented Nov 19, 2019

In my case, sharing host network using --net=host will lead to port conflicts.
This solution works fine. Thank you!

@soerface
Copy link

soerface commented Dec 3, 2019

Be aware that trust means "you can login as any user without a password via this connection". So any container you run will be able to access your database. See https://www.postgresql.org/docs/9.1/auth-methods.html#AUTH-TRUST

Maybe you want to replace trust by md5 or password and provide your container with the password.

@novrian
Copy link

novrian commented Aug 14, 2020

thanks a lot, I've been looking for this solution

@Khunpisit
Copy link

Khunpisit commented Oct 1, 2020

Be aware that trust means "you can login as any user without a password via this connection". So any container you run will be able to access your database. See https://www.postgresql.org/docs/9.1/auth-methods.html#AUTH-TRUST

Maybe you want to replace trust by md5 or password and provide your container with the password.

this very helpful!

@stevenpitts
Copy link

stevenpitts commented Oct 15, 2020

For reasons I don't know, my docker container was assigned a 172.18.x.x address, so you might need to replace 172.17.0.0/16 with 172.0.0.0/8.

@unleftie
Copy link

unleftie commented Feb 1, 2021

172.0.0.0/8

*172.16.0.0/12

@fobiasmog
Copy link

fobiasmog commented May 20, 2021

listen_addresses = '*'
holly mother.... DO NOT USE '*' for security reasons! It allows to connect to your db from anywhere

@andreasnuesslein
Copy link

andreasnuesslein commented Jun 21, 2021

listen_addresses = '*'
holly mother.... DO NOT USE '*' for security reasons! It allows to connect to your db from anywhere

... unless you have a firewall in place

@fobiasmog
Copy link

fobiasmog commented Jun 22, 2021

listen_addresses = '*'
holly mother.... DO NOT USE '*' for security reasons! It allows to connect to your db from anywhere

... unless you have a firewall in place

Tell it to mongodb users :D

@jtmancilla
Copy link

jtmancilla commented Aug 17, 2021

This solution works, thanks. Gracias, Excelente artículo

@OzzyTheGiant
Copy link

OzzyTheGiant commented Sep 24, 2021

For reasons I don't know, my docker container was assigned a 172.18.x.x address, so you might need to replace 172.17.0.0/16 with 172.0.0.0/8.

It really depends on your app and what docker decides the IP will be set as.

@marcosfelipp
Copy link

marcosfelipp commented Nov 3, 2021

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment