forked from MeltanoLabs/tap-postgres
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
57 lines (54 loc) · 2.33 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---
# Can't put docker-compose in ssh_tunnel dir because of https://github.com/isbang/compose-action/issues/29 and its tie to our Github action. Easiest to just drop this file in the root directory
version: "2.1" #Borrowed heavily from https://github.com/pahaz/sshtunnel/blob/master/e2e_tests/docker-compose.yaml
services:
ssh:
image: ghcr.io/linuxserver/openssh-server:9.1_p1-r2-ls106 # This docker repo has added breaking changes a lot in the last month, pinning this.
container_name: openssh-server
hostname: openssh-server
environment:
- PUID=1000
- PGID=1000
- PUBLIC_KEY_FILE=/config/ssh_host_keys/ssh_host_rsa_key.pub
- SUDO_ACCESS=false
- PASSWORD_ACCESS=false
- USER_NAME=melty
volumes:
- ./ssh_tunnel/ssh-server-config:/config/ssh_host_keys:ro
ports:
- "127.0.0.1:2223:2222"
networks:
- inner
postgresdb:
image: postgres:13.0
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: main
networks:
inner:
ipv4_address: 10.5.0.5
postgres_ssl:
image: postgres:latest
command: postgres -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key -c ssl_ca_file=/var/lib/postgresql/ca.crt -c hba_file=/var/lib/postgresql/pg_hba.conf
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
POSTGRES_HOST_AUTH_METHOD: cert clientcert=verify-full
POSTGRES_INITDB_ARGS: --auth-host=cert
# Not placed in the data directory (/var/lib/postgresql/data) because of https://gist.github.com/mrw34/c97bb03ea1054afb551886ffc8b63c3b?permalink_comment_id=2678568#gistcomment-2678568
volumes:
- ./ssl/server.crt:/var/lib/postgresql/server.crt # Certificate verifying the server's identity to the client.
- ./ssl/server.key:/var/lib/postgresql/server.key # Private key to verify the server's certificate is legitimate.
- ./ssl/ca.crt:/var/lib/postgresql/ca.crt # Certificate authority to use when verifying the client's identity to the server.
- ./ssl/pg_hba.conf:/var/lib/postgresql/pg_hba.conf # Configuration file to allow connection over SSL.
ports:
- "5433:5432"
networks:
inner:
driver: bridge
ipam:
config:
- subnet: 10.5.0.0/16
gateway: 10.5.0.1