如何让Docker容器访问运行在主机上的PostgreSQL?

huangapple go评论56阅读模式
英文:

How can I give docker containers access to postgresql running on the host?

问题

I have postgresql running on the host, and I'd now like to connect to it from the docker containers also running on the host.

Within my docker-compose.yaml I have:

    extra_hosts:
    - "host.docker.internal:host-gateway"

Set on the container, and within the container, I'm able to ping host.docker.internal successfully, however when connecting to host.docker.internal:5432 the port that postgres is running on, it is refused. Likely because postgres is configured to only listen on 127.0.0.1:5432.

How can I configure postgres to allow connections as the above? I'm not quite sure how docker configures the networks, for example, if I modify postgres to allow a subnet that is configured with docker, I'm not sure if docker will change this network subnet at some point (for example if I recreate the docker-compose containers).

I do not want to fully open it under something like allowing 0.0.0.0.


Looking at the tshark output when I attempt to connect I see:

95 26.891536270 192.168.32.2 → 172.17.0.1   TCP 76 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
96 26.891557842 192.168.32.2 → 172.17.0.1   TCP 76 [TCP Out-Of-Order] [TCP Port numbers reused] 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
97 26.891577870   172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
98 26.891581727   172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

So 192.168.32.2 which seems to be under another bridge network that docker configures automatically.

英文:

I have postgresql running on the host, and I'd now like to connect to it from the docker containers also running on the host.

Within my docker-compose.yaml I have

    extra_hosts:
    - "host.docker.internal:host-gateway"

Set on the container, and within the container I'm able to ping host.docker.internal successfully, however when connecting to host.docker.internal:5432 the port that postgres is running on, it is refused. Likely beacuese postgres is configured to only listen on 127.0.0.1:5432.

How can I configure postgres to allow connections as the above? I'm not quite sure how docker configures the networks, for example if I modify postgres to allow a subnet that is configured with docker, I'm not sure if docker will change this network subnet at some point (for example if I recreate the docker-compose containers).

I do not want to fully open it under something like allowing 0.0.0.0.


Looking at the tshark output when I attempt to connect I see:

95 26.891536270 192.168.32.2 → 172.17.0.1   TCP 76 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
96 26.891557842 192.168.32.2 → 172.17.0.1   TCP 76 [TCP Out-Of-Order] [TCP Port numbers reused] 46440 → 5432 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2274078019 TSecr=0 WS=128
97 26.891577870   172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
98 26.891581727   172.17.0.1 → 192.168.32.2 TCP 56 5432 → 46440 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

So 192.168.32.2 which seems to be under another bridge network that docker configures automatically.

答案1

得分: 0

将容器设置为使用默认的 bridge 网络:

services:
  api: 
    network_mode: bridge

获取默认的 bridge 网络网关和子网:

gateway=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Gateway')
subnet=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Subnet')

postgresql.conf 中将监听地址更改为包括 Docker bridge 网关:

# 将这个
# listen_addresses = 'localhost'               # 要监听的 IP 地址;
# 更改为:
listen_addresses = 'localhost,172.17.0.1'               # 要监听的 IP 地址;

将子网添加到 pg_hba.conf

sudo bash -c "echo 'host    all             all             ${subnet}            trustscram-sha-256' >> /etc/postgresql/14/main/pg_hba.conf"
英文:

Set the container to use the default bridge network:

services:
  api: 
    network_mode: bridge

Get the default bridge network gateway and subnet:

gateway=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Gateway')
subnet=$(sudo docker network inspect bridge | jq -r '.[] .IPAM.Config[].Subnet')

In postgresql.conf change the listen address to include the docker bridge gateway:

# change this
# listen_addresses = 'localhost'               # what IP address(es) to listen on;
# to:
listen_addresses = 'localhost,172.17.0.1'               # what IP address(es) to listen on;

Add the subnet to pg_hba.conf:

sudo bash -c "echo 'host    all             all             ${subnet}            trustscram-sha-256' >> /etc/postgresql/14/main/pg_hba.conf"

huangapple
  • 本文由 发表于 2023年4月10日 22:37:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/75978030.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定