9

I'm trying to allow a connection from one Docker container to a postgres container by specifying the host name of the client container in the server's pg_hba.conf file. Postgres's documentation indicates that a host name can be specified, rather than an IP address. Since I'm using Docker Compose to start the two containers, they should be accessible to each other by container name using Docker Compose's DNS. I don't want to open up all IP addresses for security reasons, and when I eventually add access for additional containers, it will be much easier to just specify the container name in the pg_hba.conf file rather than assign static IP addresses to each of them. However, when I attempt to do this, it fails with a message such as this:

psql: FATAL: no pg_hba.conf entry for host "192.168.208.3", user "postgres", database "postgres", SSL off

Here's a minimum reproducible example of what I'm trying to do:

I use the following Docker Compose file:

version: '3'
services:
  postgresdb:
    image: postgres:9.4
    container_name: postgres-server
    ports:
      - "5432:5432"
    volumes:
      - "postgres-data:/var/lib/postgresql/data"
  postgres-client:
    image: postgres:9.4
    container_name: postgres-client
    depends_on:
      - postgres-server

volumes:
  postgres-data:

After running docker-compose up, I exec into the server container and modify the pg_hba.conf file in /var/lib/postgresql/data to look like this:

host all postgres postgres-client trust

I then restart the postgres server (docker-compose down then docker-compose up) and it loads the modified pg_hba.conf from the mounted volume.

I exec into the client container and attempt to connect to the postgres server:

docker exec -it postgres-client /bin/bash
psql -U postgres -h postgres-server postgres

This is where I get an error such as the following: 

psql: FATAL:  no pg_hba.conf entry for host "192.168.208.3", user "postgres", database "postgres", SSL off

I can't seem to find anything online that shows how to get this working. I've found examples where they just open up all or a range of IP addresses, but none where they get the use of a host name working. Here are some related questions and information:

Any ideas on how to get this working the way I would expect it to work using Docker Compose?

Improve this question
2
  • does the hostname postgres-client actually resolve in your container's DNS lookup? Commented Feb 11, 2020 at 19:11
  • @richyen Yes, it does: # ping postgres-client PING postgres-client (172.25.0.3) 56(84) bytes of data. 64 bytes from postgres-client.postgreshostresolution_default (172.25.0.3): icmp_seq=1 ttl=64 time=0.128 ms Commented Feb 11, 2020 at 19:46

1 Answer 1

Reset to default
9

You need to add the full qualified host name of the client container in pg_hba.conf.

host all postgres postgres-client.<network_name> trust

e.g:

host all postgres postgres-client.postgreshostresolution_default trust

If no network has been defined, network_name is <project_name>_default. By default project_name is the folder the docker-compose.yml resides.

To get the network names you may also call

docker inspect postgres-client | grep Networks -A1

or

docker network ls

to get a list of all docker networks currently defined on your docker host

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Nice! This works. your_container_name.your_network_name
Not working for me. I get Client IP address resolved to "my-container.my-network", forward lookup not checked. And then get no pg_hba.conf entry for host "192.168.112.3", user "myuser", database "postgres", SSL off. The only way it works, if I add 192.168.0.0/16 and explicitly specify it to allow connecting from. Which is not as nice.
@Andrius in your example the pg_hba.conf file must look like host all myuser my-container.my-network trust Does it look like that?
@JanDev yes. It looks like that

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.