Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .clabot
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
"marlowp",
"sijandh35",
"mcihad",
"nrjadkry"
"nrjadkry",
"brynsofz"
]
}
}
8 changes: 7 additions & 1 deletion docker-compose-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -118,13 +118,19 @@ services:
db:
# use geonode official postgis 15 image
image: geonode/postgis:15-3.5-latest
command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
command:
- postgres
- -c
- config_file=/etc/postgresql/postgresql.conf
container_name: db4${COMPOSE_PROJECT_NAME}
env_file:
- .env
volumes:
- dbdata:/var/lib/postgresql/data
- dbbackups:/pg_backups
- ./docker/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro
- ./docker/postgresql/conf.d:/etc/postgresql/conf.d:ro
- ./docker/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
restart: unless-stopped
healthcheck:
test: "pg_isready -d postgres -U postgres"
Expand Down
8 changes: 7 additions & 1 deletion docker-compose-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -119,13 +119,19 @@ services:
db:
# use geonode official postgis 15 image
image: geonode/postgis:15-3.5-latest
command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
command:
- postgres
- -c
- config_file=/etc/postgresql/postgresql.conf
container_name: db4${COMPOSE_PROJECT_NAME}
env_file:
- .env_test
volumes:
- dbdata:/var/lib/postgresql/data
- dbbackups:/pg_backups
- ./docker/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro
- ./docker/postgresql/conf.d:/etc/postgresql/conf.d:ro
- ./docker/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
restart: unless-stopped
healthcheck:
test: "pg_isready -d postgres -U postgres"
Expand Down
8 changes: 7 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -131,13 +131,19 @@ services:
db:
# use geonode official postgis 15 image
image: geonode/postgis:15-3.5-latest
command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The POSTGRESQL_MAX_CONNECTIONS environment variable, which was used here to configure max_connections, is no longer effective with the new configuration approach. This is a potentially breaking change for users who were relying on it. It would be helpful to document this change and provide instructions for setting max_connections via the new conf.d directory mechanism.

command:
- postgres
- -c
- config_file=/etc/postgresql/postgresql.conf
container_name: db4${COMPOSE_PROJECT_NAME}
env_file:
- .env
volumes:
- dbdata:/var/lib/postgresql/data
- dbbackups:/pg_backups
- ./docker/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro
- ./docker/postgresql/conf.d:/etc/postgresql/conf.d:ro
- ./docker/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
restart: unless-stopped
healthcheck:
test: "pg_isready -d postgres -U postgres"
Expand Down
1 change: 1 addition & 0 deletions docker/postgresql/conf.d/01-default.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
max_connections = 200
39 changes: 39 additions & 0 deletions docker/postgresql/pg_hba.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Local Unix socket connections - trust for local admin access
local all postgres trust

# Localhost connections - trust for container internal access
host all postgres 127.0.0.1/32 trust
host all postgres ::1/128 trust

# Allow replication connections from localhost
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust

# =============================================================================
# Application-specific rules (evaluated in order)
# =============================================================================

# GeoNode database - require SCRAM-SHA-256 authentication
# This matches connections from Django/Celery containers
host geonode geonode 172.19.0.0/16 scram-sha-256

# GeoNode geodatabase - require SCRAM-SHA-256 authentication
# This matches connections from GeoServer
host geonode_data geonode_data 172.19.0.0/16 scram-sha-256

# Template databases - no external access allowed
host template0 all all reject
host template1 all all reject

# Postgres database - admin only, require password
host postgres postgres 172.19.0.0/16 scram-sha-256

# =============================================================================
# Default catch-all rule - deny all other connections
# =============================================================================
# Explicitly deny all other connections:
host all all all reject

# Or allow with password (current default):
# host all all all scram-sha-256
13 changes: 13 additions & 0 deletions docker/postgresql/postgresql.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Data Directory (managed by Docker)
data_directory = '/var/lib/postgresql/data'

# Connection Settings
listen_addresses = '*' # Listen on all network interfaces

# Authentication Configuration File
hba_file = '/etc/postgresql/pg_hba.conf'

# Include additional configuration files from conf.d directory
# All .conf files in this directory will be processed
include_dir = 'conf.d'