Docker中的PostgreSQL-pg_hba.conf以允许从主机访问容器 [英] PostgreSQL in Docker - pg_hba.conf to allow access from host to container
问题描述
我想在Docker容器中运行PostgreSQL。我正在构建自己的Docker映像,因为我想包括PostgreSQL扩展。我应该将 pg_hba.conf
配置文件编辑为:
I want to run PostgreSQL inside a Docker container. I am building my own Docker image, as I want to include PostgreSQL extensions. I should edit the pg_hba.conf
configuration file to:
- 允许访问源于其他容器
- 允许来自主机的访问
第一个很简单:我可以如果我没记错的话,为 172.17.0.0/16
添加一条规则。
The first is quite simple: I can add a rule for 172.17.0.0/16
if I am not mistaken.
但是我该如何处理第二个问题?主机连接到容器中的psql时IP(或范围)是什么样的?
But how can I approach the second? What does the IP (or range) looks like when the host connects to psql in a container?
备注:我通过 docker启动容器运行-p 127.0.0.1:5432:5432
,因此理论上我只允许 pg_hba.conf <中的
all
/ code>,因为端口转发仅绑定到 127.0.0.1
。但是我更喜欢 pg_hba.conf
中的这种额外级别的安全性,以适应当我(可能是错误地)通过 docker run -p 5432运行容器时的情况:5432
。我希望这是有道理的。
Remark: I am starting the container via docker run -p 127.0.0.1:5432:5432
, so in theory I could just allow all
in pg_hba.conf
because the port forwarding is only bound to 127.0.0.1
. But I prefer this extra level of security in pg_hba.conf
for the situation when I (probably by mistake) run the container via docker run -p 5432:5432
. I hope this makes sense.
更新
实际上,设置范围 172.17.0.0/16
似乎不正确。例如,我的容器在测试中的IP为 172.18.0.2
。到目前为止,根据我的调查,似乎对默认范围或如何配置该范围尚未达成共识。
Actually, setting range 172.17.0.0/16
does not seem to be correct. For example, my container had IP 172.18.0.2
in my test. There does not seem to be a consensus on the default range or how to configure that range, according to my investigations so far.
推荐答案
检查您的docker0桥接接口,可能是172.18.0.0/16
check your docker0 bridge interface in your case it might be 172.18.0.0/16
更改postgresql.conf路径将与pg_hba.conf相同。
make changes in postgresql.conf path will be same as pg_hba.conf.
将地址添加到 *
然后在pg_hba.conf中将规则添加为
Then in pg_hba.conf add rule as
托管所有172.18.0.0/16 md5。
host all all 172.18.0.0/16 md5.
使用hostip运行docker:docker run -p:5432:5432
在这里相同的docker n / w上的其他容器可以通过主机进行连接,而不能通过其他主机进行连接。
run the docker with hostip : docker run -p :5432:5432 in this way other containser on same docker n/w can connect aswell as from host,but not from other hosts.
这篇关于Docker中的PostgreSQL-pg_hba.conf以允许从主机访问容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!