Running Docker Installation without exposing Postgre Port

Reverse proxies, SSL termination, web servers.
Post Reply
Twilek
Posts: 4
Joined: Thu Oct 11, 2018 7:04 pm

Running Docker Installation without exposing Postgre Port

Post by Twilek »

Hi,

I want to run Mayan as a docker installation. When I use the installation instructions it will spin up a postgres container which exposes its port publicly. If I bind the port to localhost ( -p 127.0.0.1:5432:5432 ) or try to keep it in the local docker network the Mayan container will start restarting every 10 seconds or so and not run. It should be be possible, as the docker-compose installation manages it as well. I do not want to use docker-compose as updating and backing it up seems to be such a hassle (or am I missing something?) Has anyone gotten such an installation working?

Regards

Twilek

User avatar
rosarior
Developer
Developer
Posts: 520
Joined: Tue Aug 21, 2018 3:28 am
Location: Puerto Rico
Contact:

Re: Running Docker Installation without exposing Postgre Port

Post by rosarior »

You can do that by creating a dedicated network

1. Create the network:

Code: Select all

docker network create mayan
2. Launch the PostgreSQL container with the network option and remove the port binding (-p 5432:5432):

Code: Select all

docker run -d \
--name mayan-edms-postgres \
--network=mayan \
--restart=always \
-e POSTGRES_USER=mayan \
-e POSTGRES_DB=mayan \
-e POSTGRES_PASSWORD=mayanuserpass \
-v /docker-volumes/mayan-edms/postgres:/var/lib/postgresql/data \
-d postgres:9.5
3. Launch the Mayan container with the network option and change the database host to the PostgreSQL container name (mayan-edms-postgres) instead of the IP address of the Docker host (172.17.0.1):

Code: Select all

docker run -d \
--name mayan-edms \
--network=mayan \
--restart=always \
-p 80:8000 \
-e MAYAN_DATABASE_ENGINE=django.db.backends.postgresql \
-e MAYAN_DATABASE_HOST=mayan-edms-postgres \
-e MAYAN_DATABASE_NAME=mayan \
-e MAYAN_DATABASE_PASSWORD=mayanuserpass \
-e MAYAN_DATABASE_USER=mayan \
-e MAYAN_DATABASE_CONN_MAX_AGE=60 \
-v /docker-volumes/mayan-edms/media:/var/lib/mayan \
mayanedms/mayanedms:<version>
Monitor the container to see if it worked with:

Code: Select all

docker logs -f mayan-edms
Last edited by rosarior on Sat Oct 13, 2018 7:09 pm, edited 1 time in total.

Twilek
Posts: 4
Joined: Thu Oct 11, 2018 7:04 pm

Re: Running Docker Installation without exposing Postgre Port

Post by Twilek »

Thanks for the answer, you might consider doing that as the standard installation, as exposing a databaseport publicly seems like huge security risk. I have helped myself in the meantime by running the mayan docker container on the hostnetwork and using my existing local mysql installation outside of docker. That has the benefit that it integrates automatically into my backup regime and lowers the footprint. The only problem that I have is that mayan will take port 8000 on ALL local network devices. As I access it via a rewrite virtualhost config of apache to get HTTPS access I would like to have it to only bind to localhost. Is there any config option or file to specify the bind address?

Twilek
Posts: 4
Joined: Thu Oct 11, 2018 7:04 pm

Re: Running Docker Installation without exposing Postgre Port

Post by Twilek »

Ich have tried your solution. The Postgres container runs:

458c95a59bd0 postgres:9.5 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 5432/tcp mayan-edms-postgres

When I try to spin up the mayan container it says:

docker run -d --name mayan-edms --network=mayan --restart=always -p 8000:8000 -e MAYAN_DATABASE_ENGINE=django.db.backends.postgresql -e MAYAN_DATABASE_HOST= mayan-edms-postgres -e MAYAN_DATABASE_NAME=mayan -e MAYAN_DATABASE_PASSWORD=mayanuserpass -e MAYAN_DATABASE_USER=mayan -e MAYAN_DATABASE_CONN_MAX_AGE=60 -v /docker-volumes/mayan-edms/media:/var/lib/mayan mayanedms/mayanedms:3.1.6

Unable to find image 'mayan-edms-postgres:latest' locally
docker: Error response from daemon: pull access denied for mayan-edms-postgres, repository does not exist or may require 'docker login'.
See 'docker run --help'.

Don´t now what´s going wrong. Just to let you know.

Twilek
Posts: 4
Joined: Thu Oct 11, 2018 7:04 pm

Re: Running Docker Installation without exposing Postgre Port

Post by Twilek »

Found the problem. There is a space in the MAYAN_DATABASE_HOST= line before the hostname. After having removed that it seems to work quite nicely. I still prefer my mysql approach so changing the bind adress would still be cool.

User avatar
rosarior
Developer
Developer
Posts: 520
Joined: Tue Aug 21, 2018 3:28 am
Location: Puerto Rico
Contact:

Re: Running Docker Installation without exposing Postgre Port

Post by rosarior »

Edited the post to fix the extra space. Thanks.

Post Reply