英文:
How can I give docker containers access to postgresql running on the host?
问题
I have postgresql running on the host, and I'd now like to connect to it from the docker containers also running on the host.
Within my docker-compose.yaml I have:
extra_hosts:
- "host.docker.internal:host-gateway"
Set on the container, and within the container, I'm able to ping host.docker.internal successfully, however when connecting to host.docker.internal:5432 the port that postgres is running on, it is refused. Likely because postgres is configured to only listen on 127.0.0.1:5432.
How can I configure postgres to allow connections as the above? I'm not quite sure how docker configures the networks, for example, if I modify postgres to allow a subnet that is configured with docker, I'm not sure if docker will change this network subnet at some point (for example if I recreate the docker-compose containers).
I do not want to fully open it under something like allowing 0.0.0.0.
Looking at the tshark output when I attempt to connect I see:
95 26.891536270 192.168.32.2 → 172.17.0.1 TCP 76 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
96 26.891557842 192.168.32.2 → 172.17.0.1 TCP 76 [TCP Out-Of-Order] [TCP Port numbers reused] 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
97 26.891577870 172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
98 26.891581727 172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
So 192.168.32.2 which seems to be under another bridge network that docker configures automatically.
英文:
I have postgresql running on the host, and I'd now like to connect to it from the docker containers also running on the host.
Within my docker-compose.yaml I have
extra_hosts:
- "host.docker.internal:host-gateway"
Set on the container, and within the container I'm able to ping host.docker.internal successfully, however when connecting to host.docker.internal:5432 the port that postgres is running on, it is refused. Likely beacuese postgres is configured to only listen on 127.0.0.1:5432.
How can I configure postgres to allow connections as the above? I'm not quite sure how docker configures the networks, for example if I modify postgres to allow a subnet that is configured with docker, I'm not sure if docker will change this network subnet at some point (for example if I recreate the docker-compose containers).
I do not want to fully open it under something like allowing 0.0.0.0.
Looking at the tshark output when I attempt to connect I see:
95 26.891536270 192.168.32.2 → 172.17.0.1 TCP 76 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
96 26.891557842 192.168.32.2 → 172.17.0.1 TCP 76 [TCP Out-Of-Order] [TCP Port numbers reused] 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
97 26.891577870 172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
98 26.891581727 172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
So 192.168.32.2 which seems to be under another bridge network that docker configures automatically.
答案1
得分: 0
将容器设置为使用默认的 bridge 网络:
services:
api:
network_mode: bridge
获取默认的 bridge 网络网关和子网:
gateway=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Gateway')
subnet=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Subnet')
在 postgresql.conf 中将监听地址更改为包括 Docker bridge 网关:
# 将这个
# listen_addresses = 'localhost' # 要监听的 IP 地址;
# 更改为:
listen_addresses = 'localhost,172.17.0.1' # 要监听的 IP 地址;
将子网添加到 pg_hba.conf:
sudo bash -c "echo 'host all all ${subnet} trustscram-sha-256' >> /etc/postgresql/14/main/pg_hba.conf"
英文:
Set the container to use the default bridge network:
services:
api:
network_mode: bridge
Get the default bridge network gateway and subnet:
gateway=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Gateway')
subnet=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Subnet')
In postgresql.conf change the listen address to include the docker bridge gateway:
# change this
# listen_addresses = 'localhost' # what IP address(es) to listen on;
# to:
listen_addresses = 'localhost,172.17.0.1' # what IP address(es) to listen on;
Add the subnet to pg_hba.conf:
sudo bash -c "echo 'host all all ${subnet} trustscram-sha-256' >> /etc/postgresql/14/main/pg_hba.conf"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论