Just a readme to remember how to install docker-postgres with SSL enabled
This is the original post https://stackoverflow.com/a/55072885.
Some people share the information without the source. If you have any question, go there, it is well explainde.
The snipet below has some minor changes and work for me.
generate the server.key and server.crt
- openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req
- openssl rsa -in privkey.pem -passin pass:abcd -out server.key
- openssl req -x509 -in server.req -text -key server.key -out server.crt
Only worked with alpine version - in my case postgres:14-alpine
set postgres (alpine) user as owner of the server.key and permissions to 600
- chown 0:70 server.key
- chmod 640 server.key
Start a postgres docker container, mapping the .key and .crt into the image.
docker run -d --name postgres \
-e POSTGRES_PASSWORD=password -p 5432:5432 \
-v "$PWD/server.crt:/var/lib/postgresql/server.crt:ro" \
-v "$PWD/server.key:/var/lib/postgresql/server.key:ro" \
postgres:11-alpine \
-c ssl=on \
-c ssl_cert_file=/var/lib/postgresql/server.crt \
-c ssl_key_file=/var/lib/postgresql/server.key
You can find a running bash script here. Just change with your needs:
https://gist.github.com/mrw34/c97bb03ea1054afb551886ffc8b63c3b
This is for myself.
docker exec -it bash
- sudo -u postgres psql
postgres=# \password postgres
Enter new password: <new-password>
postgres=# \q
- vi /var/lib/postgresql/data/pg_hba.conf - Location vary by instalation
host all all 0.0.0.0:0 md5
Now that we have a running Postgres in Docker with SSL enabled, let's commit the respository to run anywhere.
The image contains the minor changes we made on the previous steps
docker commit [container ID] [new image name]
docker save [new image name] > [image file name].tar
gzip [image file name].tar
This is for me, using GCP (Google Cloud Platform).
My Postgres/Docker is running o a Google Compute Engine (GCE) instace.
There are different ways to connect using ssh. Let's use gcloud (Google Cloud CLI)
gcloud compute ssh [INSTANCE_NAME]
gcloud compute scp [INSTANCE_NAME:/<file_path>]
gunzip [image file name].tar.gzip
docker load < [image file name].tar
!!! Not working To check volumes.
docker run image