Skip to content

Instantly share code, notes, and snippets.

@robson-koji

robson-koji/docker-postgres-ssl.md

Last active April 1, 2023 23:51
Show Gist options
  • Save robson-koji/faf6e00458b4e58a6cfafabd5737e978 to your computer and use it in GitHub Desktop.
Save robson-koji/faf6e00458b4e58a6cfafabd5737e978 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
docker-postgres-ssl.md

docker-postgres-ssl

Just a readme to remember how to install docker-postgres with SSL enabled

Create a Docker instance of Postgres with SSL enabled

This is the original post https://stackoverflow.com/a/55072885.

Some people share the information without the source. If you have any question, go there, it is well explainde.

The snipet below has some minor changes and work for me.

Generate certificates

generate the server.key and server.crt

  • openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req
  • openssl rsa -in privkey.pem -passin pass:abcd -out server.key
  • openssl req -x509 -in server.req -text -key server.key -out server.crt

Set permissions

Only worked with alpine version - in my case postgres:14-alpine

set postgres (alpine) user as owner of the server.key and permissions to 600

  • chown 0:70 server.key
  • chmod 640 server.key

Create and start docker container

Start a postgres docker container, mapping the .key and .crt into the image.

docker run -d --name postgres \ 
  -e POSTGRES_PASSWORD=password -p 5432:5432 \ 
  -v "$PWD/server.crt:/var/lib/postgresql/server.crt:ro" \
  -v "$PWD/server.key:/var/lib/postgresql/server.key:ro" \
  postgres:11-alpine \
  -c ssl=on \
  -c ssl_cert_file=/var/lib/postgresql/server.crt \
  -c ssl_key_file=/var/lib/postgresql/server.key

You can find a running bash script here. Just change with your needs:

https://gist.github.com/mrw34/c97bb03ea1054afb551886ffc8b63c3b

Change Password and allow external access

This is for myself.

Login

docker exec -it bash

Change Password

  • sudo -u postgres psql
  postgres=# \password postgres
  Enter new password: <new-password>
  postgres=# \q

Allow external access

  • vi /var/lib/postgresql/data/pg_hba.conf - Location vary by instalation
  host    all             all             0.0.0.0:0         md5

Now that we have a running Postgres in Docker with SSL enabled, let's commit the respository to run anywhere.

Run anywhere

Create a Docker image

The image contains the minor changes we made on the previous steps

docker commit [container ID] [new image name]
docker save [new image name] > [image file name].tar
gzip [image file name].tar

Copy Docker image file

This is for me, using GCP (Google Cloud Platform).

My Postgres/Docker is running o a Google Compute Engine (GCE) instace.

There are different ways to connect using ssh. Let's use gcloud (Google Cloud CLI)

  gcloud compute ssh [INSTANCE_NAME]
  gcloud compute scp [INSTANCE_NAME:/<file_path>]

Load image

  gunzip [image file name].tar.gzip
  docker load < [image file name].tar

Run image

  !!! Not working To check volumes. 
  docker run image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment