|
|
@@ -53,11 +53,11 @@ The PostgreSQL image uses several environment variables which are easy to miss.
|
|
|
|
|
|
### `POSTGRES_PASSWORD`
|
|
|
|
|
|
-This environment variable is recommended for you to use the PostgreSQL image. This environment variable sets the superuser password for PostgreSQL. The default superuser is defined by the `POSTGRES_USER` environment variable.
|
|
|
+This environment variable is normally required for you to use the PostgreSQL image. This environment variable sets the superuser password for PostgreSQL. The default superuser is defined by the `POSTGRES_USER` environment variable.
|
|
|
|
|
|
Note 1: The PostgreSQL image sets up `trust` authentication locally so you may notice a password is not required when connecting from `localhost` (inside the same container). However, a password will be required if connecting from a different host/container.
|
|
|
|
|
|
-Note 2: This variable defines the superuser password in the PostgreSQL instance, as set by the `initdb` script during inital container startup. It has no effect on the `PGPASSWORD` environment variable that may be used by the `psql` client at runtime, as described at [https://www.postgresql.org/docs/10/static/libpq-envars.html](https://www.postgresql.org/docs/10/static/libpq-envars.html). `PGPASSWORD`, if used, will be specified as a separate environment variable.
|
|
|
+Note 2: This variable defines the superuser password in the PostgreSQL instance, as set by the `initdb` script during initial container startup. It has no effect on the `PGPASSWORD` environment variable that may be used by the `psql` client at runtime, as described at [https://www.postgresql.org/docs/10/static/libpq-envars.html](https://www.postgresql.org/docs/10/static/libpq-envars.html). `PGPASSWORD`, if used, will be specified as a separate environment variable.
|
|
|
|
|
|
### `POSTGRES_USER`
|
|
|
|
|
|
@@ -77,6 +77,18 @@ This optional environment variable can be used to define another location for th
|
|
|
|
|
|
**Note:** on PostgreSQL 9.x, this variable is `POSTGRES_INITDB_XLOGDIR` (reflecting [the changed name of the `--xlogdir` flag to `--waldir` in PostgreSQL 10+](https://wiki.postgresql.org/wiki/New_in_postgres_10#Renaming_of_.22xlog.22_to_.22wal.22_Globally_.28and_location.2Flsn.29)).
|
|
|
|
|
|
+### `POSTGRES_HOST_AUTH_METHOD`
|
|
|
+
|
|
|
+This optional variable can be used to control the `auth-method` for `host` connections for `all` databases, `all` users, and `all` addresses. If unspecified then [`md5` password authentication](https://www.postgresql.org/docs/current/auth-password.html) is used. On an uninitialized database, this will populate `pg_hba.conf` via this approximate line:
|
|
|
+
|
|
|
+```console
|
|
|
+echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf
|
|
|
+```
|
|
|
+
|
|
|
+It is not recommended to use [`trust`](https://www.postgresql.org/docs/current/auth-trust.html) since it allows anyone to connect without a password, even if one is set (like via `POSTGRES_PASSWORD`).
|
|
|
+
|
|
|
+See the PostgreSQL documentation on [`pg_hba.conf`](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) for more information about possible values and their meanings.
|
|
|
+
|
|
|
### `PGDATA`
|
|
|
|
|
|
This optional variable can be used to define another location - like a subdirectory - for the database files. The default is `/var/lib/postgresql/data`, but if the data volume you're using is a filesystem mountpoint (like with GCE persistent disks), Postgres `initdb` recommends a subdirectory (for example `/var/lib/postgresql/data/pgdata` ) be created to contain the data.
|
|
|
@@ -131,13 +143,13 @@ There are many ways to set PostgreSQL server configuration. For information on w
|
|
|
$ # customize the config
|
|
|
|
|
|
$ # run postgres with custom config
|
|
|
- $ docker run -d --name some-postgres -v "$PWD/my-postgres.conf":/etc/postgresql/postgresql.conf %%IMAGE%% -c 'config_file=/etc/postgresql/postgresql.conf'
|
|
|
+ $ docker run -d --name some-postgres -v "$PWD/my-postgres.conf":/etc/postgresql/postgresql.conf -e POSTGRES_PASSWORD=mysecretpassword %%IMAGE%% -c 'config_file=/etc/postgresql/postgresql.conf'
|
|
|
```
|
|
|
|
|
|
- Set options directly on the run line. The entrypoint script is made so that any options passed to the docker command will be passed along to the `postgres` server daemon. From the [docs](https://www.postgresql.org/docs/current/static/app-postgres.html) we see that any option available in a `.conf` file can be set via `-c`.
|
|
|
|
|
|
```console
|
|
|
- $ docker run -d --name some-postgres %%IMAGE%% -c 'shared_buffers=256MB' -c 'max_connections=200'
|
|
|
+ $ docker run -d --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword %%IMAGE%% -c 'shared_buffers=256MB' -c 'max_connections=200'
|
|
|
```
|
|
|
|
|
|
## Locale Customization
|
|
|
@@ -165,11 +177,11 @@ As of [docker-library/postgres#253](https://github.com/docker-library/postgres/p
|
|
|
The main caveat to note is that `postgres` doesn't care what UID it runs as (as long as the owner of `/var/lib/postgresql/data` matches), but `initdb` *does* care (and needs the user to exist in `/etc/passwd`):
|
|
|
|
|
|
```console
|
|
|
-$ docker run -it --rm --user www-data %%IMAGE%%
|
|
|
+$ docker run -it --rm --user www-data -e POSTGRES_PASSWORD=mysecretpassword %%IMAGE%%
|
|
|
The files belonging to this database system will be owned by user "www-data".
|
|
|
...
|
|
|
|
|
|
-$ docker run -it --rm --user 1000:1000 %%IMAGE%%
|
|
|
+$ docker run -it --rm --user 1000:1000 -e POSTGRES_PASSWORD=mysecretpassword %%IMAGE%%
|
|
|
initdb: could not look up effective user ID 1000: user does not exist
|
|
|
```
|
|
|
|
|
|
@@ -180,7 +192,7 @@ The three easiest ways to get around this:
|
|
|
2. bind-mount `/etc/passwd` read-only from the host (if the UID you desire is a valid user on your host):
|
|
|
|
|
|
```console
|
|
|
- $ docker run -it --rm --user "$(id -u):$(id -g)" -v /etc/passwd:/etc/passwd:ro %%IMAGE%%
|
|
|
+ $ docker run -it --rm --user "$(id -u):$(id -g)" -v /etc/passwd:/etc/passwd:ro -e POSTGRES_PASSWORD=mysecretpassword %%IMAGE%%
|
|
|
The files belonging to this database system will be owned by user "jsmith".
|
|
|
...
|
|
|
```
|
|
|
@@ -189,7 +201,7 @@ The three easiest ways to get around this:
|
|
|
|
|
|
```console
|
|
|
$ docker volume create pgdata
|
|
|
- $ docker run -it --rm -v pgdata:/var/lib/postgresql/data %%IMAGE%%
|
|
|
+ $ docker run -it --rm -v pgdata:/var/lib/postgresql/data -e POSTGRES_PASSWORD=mysecretpassword %%IMAGE%%
|
|
|
The files belonging to this database system will be owned by user "postgres".
|
|
|
...
|
|
|
( once it's finished initializing successfully and is waiting for connections, stop it )
|
|
|
@@ -222,7 +234,7 @@ The Docker documentation is a good starting point for understanding the differen
|
|
|
2. Start your `%%IMAGE%%` container like this:
|
|
|
|
|
|
```console
|
|
|
- $ docker run --name some-%%REPO%% -v /my/own/datadir:/var/lib/postgresql/data -d %%IMAGE%%:tag
|
|
|
+ $ docker run --name some-%%REPO%% -v /my/own/datadir:/var/lib/postgresql/data -e POSTGRES_PASSWORD=mysecretpassword -d %%IMAGE%%:tag
|
|
|
```
|
|
|
|
|
|
The `-v /my/own/datadir:/var/lib/postgresql/data` part of the command mounts the `/my/own/datadir` directory from the underlying host system as `/var/lib/postgresql/data` inside the container, where PostgreSQL by default will write its data files.
|
Joe Ferguson