Open EugenKon opened 10 months ago
You should create your custom hba_file and volume mount it in the image at /var/lib/postgresql/data/pg_hba.conf
Is there some way we can ask PostgreSQL what the hba_file
value is? Maybe a CLI incantation?
It might even make sense to wrap this up in a file existence check? (so if pg_hba.conf
doesn't exist, we don't create it)
Is there some way we can ask PostgreSQL what the
hba_file
value is? Maybe a CLI incantation?
We ask for the password_encryption
in the function appending to pg_hba.conf
and we can do the same for hba_file
.
https://github.com/docker-library/postgres/blob/ef9747fb7fc9fbd703b9136b897ffa61314ca51f/docker-entrypoint.sh#L244
root@da94ae7a13df:/# postgres -C hba_file
postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
# need to run `initdb` or create and configure the `postgresql.conf` file
root@da94ae7a13df:/# gosu postgres initdb
root@da94ae7a13df:/# postgres -C hba_file
/var/lib/postgresql/data/pg_hba.conf
The initdb
binary (part of PostgreSQL) is the one creating the pg_hba.conf
file and I don't see a way to prevent it (https://www.postgresql.org/docs/16/app-initdb.html).
I would hesitate to append to a file in a different/custom location since users might be using that bug to skip/ignore our pg_hba.conf
modification and we'd possibly make them less secure than they were expecting.
It seems that location of
pg_hba.conf
file is just hardcoded: https://github.com/docker-library/postgres/blob/8a631b939a0b4197cb6bef49b50b6c40c80ddf5b/15/bookworm/docker-entrypoint.sh#L253But If I set my custom hba_file, then initdb will create redundant
$PGDATA/pg_hba.conf
file.