{"id":29782109,"url":"https://github.com/tecnativa/docker-postgres-autoconf","last_synced_at":"2025-10-08T10:02:11.947Z","repository":{"id":37839154,"uuid":"176455416","full_name":"Tecnativa/docker-postgres-autoconf","owner":"Tecnativa","description":"Autoconfigurable 🐘 Postgres image","archived":false,"fork":false,"pushed_at":"2024-12-09T12:09:24.000Z","size":39,"stargazers_count":7,"open_issues_count":1,"forks_count":32,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-12-09T13:23:04.425Z","etag":null,"topics":["autoconf","docker-image","hacktoberfest","postgresql"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tecnativa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-19T07:52:38.000Z","updated_at":"2024-12-09T12:09:29.000Z","dependencies_parsed_at":"2024-11-28T16:38:13.701Z","dependency_job_id":null,"html_url":"https://github.com/Tecnativa/docker-postgres-autoconf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Tecnativa/docker-postgres-autoconf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tecnativa%2Fdocker-postgres-autoconf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tecnativa%2Fdocker-postgres-autoconf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tecnativa%2Fdocker-postgres-autoconf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tecnativa%2Fdocker-postgres-autoconf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tecnativa","download_url":"https://codeload.github.com/Tecnativa/docker-postgres-autoconf/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tecnativa%2Fdocker-postgres-autoconf/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267368932,"owners_count":24076093,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-27T02:00:11.917Z","response_time":82,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["autoconf","docker-image","hacktoberfest","postgresql"],"created_at":"2025-07-27T14:11:37.993Z","updated_at":"2025-10-08T10:02:06.891Z","avatar_url":"https://github.com/Tecnativa.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PostgreSQL Auto-Conf\n\n[![Build Status](https://travis-ci.org/Tecnativa/docker-postgres-autoconf.svg?branch=master)](https://travis-ci.org/Tecnativa/docker-postgres-autoconf)\n[![Docker Pulls](https://img.shields.io/docker/pulls/tecnativa/postgres-autoconf.svg)](https://hub.docker.com/r/tecnativa/postgres-autoconf)\n[![Layers](https://images.microbadger.com/badges/image/tecnativa/postgres-autoconf.svg)](https://microbadger.com/images/tecnativa/postgres-autoconf)\n[![Commit](https://images.microbadger.com/badges/commit/tecnativa/postgres-autoconf.svg)](https://microbadger.com/images/tecnativa/postgres-autoconf)\n[![License](https://img.shields.io/github/license/Tecnativa/docker-postgres-autoconf.svg)](https://github.com/Tecnativa/docker-postgres-autoconf/blob/master/LICENSE)\n\n## What\n\nImage that configures Postgres before starting it.\n\n## Why\n\nTo automate dealing with specific users accessing from specific networks to a postgres server.\n\n## How\n\nIt tries to configure as good as possible, differentiating between connections made from LAN (docker networks attached) and from WAN (all others). This is done at entrypoint time, because it's the only way to know dynamic IP ranges in attached networks.\n\nThen it generates appropriate [`postgres.conf`](https://www.postgresql.org/docs/current/runtime-config.html) and [`pg_hba.conf`](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) files.\n\nIt doesn't validate your settings, so you should be aware of proper configuration:\n\n- Do not set `cert` auth method if `client.ca.cert.pem` is not supplied.\n- Do not enable TLS if `server.cert.pem` and `server.key.pem` are not supplied.\n- Do not publish ports without encryption.\n- Use good passwords if you don't use cert auth.\n\n### Environment variables\n\nVariables' defaults are all found in the [`Dockerfile`][].\n\nThe container is mainly configured via these environment variables:\n\n#### `CERTS`\n\nJSON object with some or all of these keys:\n\n- `client.ca.cert.pem`: PEM contents for Postgres' `ssl_ca_file` parameter. Enables `cert` authentication in remote postgres clients. It's the most secure remote auth option. All clients must authenticate with a cert signed by this CA.\n- `server.cert.pem`: PEM contents for Postgres' `ssl_cert_file` parameter. The Postgres server will identify himself and encrypt the connection with this certificate.\n- `server.key.pem`: PEM contents for Postgres' `ssl_key_file` parameter. The Postgres server will identify himself and encrypt the connection with this private key.\n\nIf you pass `server.cert.pem`, you should pass `server.key.pem` too, and viceversa, or TLS encryption will not be properly configured. You also need both of them if you use `client.ca.cert.pem`.\n\nIt is safer to mount files with secrets instead of passing a JSON string in an env variable. You can mount the equivalents:\n\n- `/etc/postgres/client.ca.cert.pem`\n- `/etc/postgres/server.cert.pem`\n- `/etc/postgres/server.key.pem`\n\n#### `CONF_EXTRA`\n\nString with contents appended to the generated `postgres.conf` file.\n\n#### `LAN_AUTH_METHOD`\n\nMethod required to authenticate clients that connect from LAN.\n\n#### `LAN_CONNECTION`\n\nConnection type allowed for LAN connections.\n\n#### `LAN_DATABASES`\n\nJSON array with database names whose access is allowed from LAN.\n\n#### `LAN_HBA_TPL`\n\nTemplate applied for each combination of LAN CIDR/USER/DATABASE in the `pg_hba.conf` file.\n\nSome placeholders can be expanded. See the [`Dockerfile`][] to know them.\n\n#### `LAN_TLS`\n\nWether to enable or not TLS in LAN connections.\n\n#### `LAN_USERS`\n\nUsers allowed to connect from LAN.\n\n#### `WAN_AUTH_METHOD`\n\nMethod required to authenticate clients that connect from WAN.\n\n#### `WAN_CONNECTION`\n\nConnection type allowed for WAN connections. If it is `hostssl`, it will only have effect when the required certs are received.\n\n#### `WAN_DATABASES`\n\nJSON array with database names whose access is allowed from WAN.\n\n#### `WAN_HBA_TPL`\n\nTemplate applied for each combination of USER/DATABASE in the `pg_hba.conf` file, for public connections.\n\nSome placeholders can be expanded. See the [`Dockerfile`][] to know them.\n\n#### `WAN_TLS`\n\nWether to enable or not TLS in WAN connections.\n\n#### `WAN_USERS`\n\nUsers allowed to connect from WAN.\n\n#### `HBA_EXTRA_RULES`\n\nJSON array of additional pg_hba.conf rules to append. Each array element should be a string representing a valid pg_hba.conf line.\n\nExample HBA_EXTRA_RULES format in an .env file:\n\nHBA_EXTRA_RULES=[\"host all all 192.168.1.0/24 md5\", \"hostssl mydb myuser 10.0.0.0/8 scram-sha-256\"]\n\nThis adds the following lines to pg_hba.conf:\n\nhost all all 192.168.1.0/24 md5\nhostssl mydb myuser 10.0.0.0/8 scram-sha-256\n\n[`Dockerfile`]: https://github.com/Tecnativa/docker-postgres-autoconf/blob/master/Dockerfile\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftecnativa%2Fdocker-postgres-autoconf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftecnativa%2Fdocker-postgres-autoconf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftecnativa%2Fdocker-postgres-autoconf/lists"}