{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叼着烟拽天下 的问题《PostgreSQL in Docker - pg_hba.conf to allow access》','https://www.manongdao.com/q-723875.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to run PostgreSQL inside a Docker container. I am building my own Docker image, as I want to include PostgreSQL extensions. I should edit the pg_hba.conf configuration file to:
- allow access originating from other containers
- allow access originating from the host
The first is quite simple: I can add a rule for 172.17.0.0/16 if I am not mistaken.
But how can I approach the second? What does the IP (or range) looks like when the host connects to psql in a container?
Remark: I am starting the container via docker run -p 127.0.0.1:5432:5432, so in theory I could just allow all in pg_hba.conf because the port forwarding is only bound to 127.0.0.1. But I prefer this extra level of security in pg_hba.conf for the situation when I (probably by mistake) run the container via docker run -p 5432:5432. I hope this makes sense.
update
Actually, setting range 172.17.0.0/16 does not seem to be correct. For example, my container had IP 172.18.0.2 in my test. There does not seem to be a consensus on the default range or how to configure that range, according to my investigations so far.
check your docker0 bridge interface in your case it might be 172.18.0.0/16
make changes in postgresql.conf path will be same as pg_hba.conf.
listenaddress to "*"
Then in pg_hba.conf add rule as
host all all 172.18.0.0/16 md5.
run the docker with hostip : docker run -p :5432:5432 in this way other containser on same docker n/w can connect aswell as from host,but not from other hosts.