-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcompose.yml
82 lines (78 loc) · 2.79 KB
/
compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
version: "2"
services:
# validate tls is working with:
# openssl s_client -connect 0.0.0.0:5432 -starttls postgres
# export PG_PASSWORD=$(grep POSTGRES_PASSWORD ./env/postgres.env | sed -e 's/=/ /g' | awk '{print $NF}')
# psql --set=sslmode=require -h 0.0.0.0 -p 5432 -U postgres -d "mydb"
postgres:
container_name: postgres
image: docker.io/postgres:14.5-alpine
hostname: postgres
network_mode: host
restart: always
env_file:
- ./env/postgres.env
volumes:
- ../../tls/ca/ca.pem:/certs/tls/ca/ca.pem:ro
- ../../tls/postgres:/certs/tls/postgres:ro
- ./data-postgres/data:/var/lib/postgresql/data
- ./etc/localtime_us_eastern:/etc/localtime
- ./etc/timezone_us_eastern:/etc/timezone
ports:
- "5432:5432"
command:
- sh
- -c
- |
#!/usr/bin/env bash -e
echo "copying tls assets"
cp /certs/tls/postgres/* /
cp /certs/tls/ca/* /
chmod -R 400 /ca.pem
chmod -R 400 /server.pem
chmod -R 400 /server-key.pem
chown -R postgres:postgres /ca.pem /server.pem /server-key.pem
# ls -lrth /etc/tls/
# echo "updating openssl"
# apk add curl net-tools procps
# apk add --update openssl
echo "starting up"
echo "docker-entrypoint.sh -l -c ssl=on -c ssl_ca_file=/etc/tls/postgres/postgres-ca.pem"
docker-entrypoint.sh -l -c ssl=on -c ssl_cert_file=/server.pem -c ssl_key_file=/server-key.pem -c ssl_ca_file=/ca.pem
pgadmin:
container_name: pgadmin
image: docker.io/dpage/pgadmin4
hostname: pgadmin
environment:
- SERVER_MODE=True
- DEFAULT_SERVER_PORT=5050
- DEFAULT_SERVER_HOST=0.0.0.0
- POSTGRES_HOSTNAME=postgres
- POSTGRES_PORT=5432
# login creds
# https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples
- PGADMIN_SETUP_PASSWORD=123321
- PGADMIN_DEFAULT_PASSWORD=123321
- SESSION_DB_PATH=/pgadmin-sessions
# tls
- "PGADMIN_ENABLE_TLS=True"
ports:
- "5433:443"
volumes:
# https://github.com/helm/charts/issues/19690
# https://stackoverflow.com/questions/64781245/permission-denied-var-lib-pgadmin-sessions-in-docker
# user: root
# to write sessions outside the container
- ./data-pgadmin:/pgadmin-sessions
- ./pgadmin/db-config.json:/db-config.json
- ./etc/localtime_us_eastern:/etc/localtime
- ./etc/timezone_us_eastern:/etc/timezone
# pgadmin tls assets
- ../../tls/pgadmin/server-key.pem:/certs/server.key:ro
- ../../tls/pgadmin/server.pem:/certs/server.cert:ro
# db tls assets
- ../../tls/postgres/client-key.pem:/etc/tls/postgres.key:ro
- ../../tls/postgres/client.pem:/etc/tls/postgres.crt:ro
- ../../tls/ca/ca.pem:/etc/tls/postgres-ca.pem:ro