Guys can you explain me how can I change the pg_hba.conf of container while I'm buildi

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

We have added <a href="https://github.com/kartoza/docker-postgis/blob/develop/setup-co

Hello, I was not able to change method from peer</c

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Setting PASSWORD_AUTHENTICATION won't change the local line from <code class="notransl

Chaning pg_hba.conf about docker-postgis HOT 10 CLOSED

kartoza commented on August 15, 2024

Chaning pg_hba.conf

from docker-postgis.

Comments (10)

gubuntu commented on August 15, 2024 1

we have made improvements to config file modification in the 9.6-2.4 branch that will soon be ported to the 10.0-2.4 branch by @NyakudyaA. Then all you should need to do is modify setup-pg_hba.sh with the lines you need.

from docker-postgis.

timlinux commented on August 15, 2024

@kkalugerov I tried with your command as above but the -e is inserted into the hba file, breaking it:

[timlinux@sandstone ~/Desktop/docker-test]$ docker build -t deleteme .
Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM kartoza/postgis:10.0-2.4
 ---> ede8fef4332d
Step 2/3 : RUN echo -e "host all all 127.0.0.1/32 trust\n host all all ::1/128 trust\n local all all trust" > /etc/postgresql/10/main/pg_hba.conf
 ---> Running in b94438bc34ac
Removing intermediate container b94438bc34ac
 ---> 40fc8c851720
Step 3/3 : ENTRYPOINT ["/bin/bash"]
 ---> Running in 7bbea2d043d7
Removing intermediate container 7bbea2d043d7
 ---> 9638403a7a9e
Successfully built 9638403a7a9e
Successfully tagged deleteme:latest
[timlinux@sandstone ~/Desktop/docker-test]$ docker run -ti deleteme
root@77e9a7a8c88e:/# cat /etc/postgresql/10/main/pg_hba.conf
-e host all all 127.0.0.1/32 trust
 host all all ::1/128 trust
 local all all trust

if you are customising the image, it might be simpler to just do a Dockerfile like this:

FROM kartoza/postgis:10.0-2.4
RUN echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/10/main/pg_hba.conf
RUN echo "host all all ::1/128 trust" >> /etc/postgresql/10/main/pg_hba.conf
RUN echo "local all all trust" >> /etc/postgresql/10/main/pg_hba.conf
# Shell to bash while testing so we can see if hba file is good
ENTRYPOINT ["/bin/bash"]

Here is the validation that it worked:

[timlinux@sandstone ~/Desktop/docker-test]$ docker build -t deleteme .
Sending build context to Docker daemon  2.048kB
Step 1/5 : FROM kartoza/postgis:10.0-2.4
 ---> ede8fef4332d
Step 2/5 : RUN echo "host all all 127.0.0.1/32 trust" >> /etc/postgresql/10/main/pg_hba.conf
 ---> Running in a71b7123be15
Removing intermediate container a71b7123be15
 ---> b90fc0cf91eb
Step 3/5 : RUN echo "host all all ::1/128 trust" >> /etc/postgresql/10/main/pg_hba.conf
 ---> Running in 784625601fd6
Removing intermediate container 784625601fd6
 ---> e9f875d6659c
Step 4/5 : RUN echo "local all all trust" >> /etc/postgresql/10/main/pg_hba.conf
 ---> Running in e5bde04e3822
Removing intermediate container e5bde04e3822
 ---> ea9abb9cb7aa
Step 5/5 : ENTRYPOINT ["/bin/bash"]
 ---> Running in 0b6665e87ad9
Removing intermediate container 0b6665e87ad9
 ---> ada86ed99e46
Successfully built ada86ed99e46
Successfully tagged deleteme:latest
[timlinux@sandstone ~/Desktop/docker-test]$ docker run -ti deleteme
root@969b4da69b5c:/# cat /etc/postgresql/10/main/pg_hba.conf
...
...
...
# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            md5
host    replication     all             ::1/128                 md5
host    all             all             172.0.0.0/8               md5
host    all             all             192.168.0.0/16               md5
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
local all all trust

from docker-postgis.

timlinux commented on August 15, 2024

Note in newer docker versions, the extra RUN commands no longer impose a layer penalty so it is ok to be verbose like this I think.

from docker-postgis.

kkalugerov commented on August 15, 2024

@timlinux my idea is to modify pg_hba.conf not just to extend it :)

"local" is for Unix domain socket connections only

local all all peer

IPv4 local connections:

host all all 127.0.0.1/32 md5

IPv6 local connections:

host all all ::1/128 md5

All I want is those three lines to became trust.If I modified them in the running container of psql and then reload the service inside the container everything is good but I cannot create an image with the modifications... :
If you have any other good ideas please share them.

P.S.
I have tried the solution that you provide but like this the config file goes in conflict... and doesn't allow me to access specific db with specific user(who owns the db) without password.

from docker-postgis.

kkalugerov commented on August 15, 2024

@timlinux Any suggestions :? :)

from docker-postgis.

timlinux commented on August 15, 2024

@kkalugerov my suggestion would be to simply make a local copy of the pg_hbba file and then add it during your docker build. Does that not work for you?

from docker-postgis.

NyakudyaA commented on August 15, 2024

We have added https://github.com/kartoza/docker-postgis/blob/develop/setup-conf.sh#L24 to control connections to the database.

For ph_hba you can now pass an environment variable https://github.com/kartoza/docker-postgis/blob/develop/setup-pg_hba.sh#L17

from docker-postgis.

AntoninRousset commented on August 15, 2024

Hello, I was not able to change method from peer to trust for local connection type and looking at the setup scripts it does not seems possible.
I usually access the database with UNIX sockets by sharing the /var/run/postgresql volume bettween a postgis docker and my app docker and this easily breaks the peer requirements of having the same operating system user name.

from docker-postgis.

NyakudyaA commented on August 15, 2024

@AntoninRousset what have you tried. Currently if you pass PASSWORD_AUTHENTICATION env variable it is used in cluster initializations if the data directory does not exists or is empty. The same env will also populate values in pg_hba and PostgreSQL.conf.

Could you try that otherwise I can suggest you mount your config as a volume

from docker-postgis.

AntoninRousset commented on August 15, 2024

Setting PASSWORD_AUTHENTICATION won't change the local line from local all all peer to local all all trust in pg_hba.conf. Actually, after trying it pg logs invalid value for parameter "password_encryption": "trust" because the host line set by the setup-pg_hba.sh script set the replaced the default password encryption scram-sha-256 of some host lines with trust as expected.
A custom configuration folder indeed solves it, I was surprised because this issue usually does not pop with the official postgres docker.

from docker-postgis.

Chaning pg_hba.conf about docker-postgis HOT 10 CLOSED

Comments (10)

"local" is for Unix domain socket connections only

IPv4 local connections:

IPv6 local connections:

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent