public inbox for [email protected]
help / color / mirror / Atom feedFrom: Lutz Badenheuer <[email protected]>
To: [email protected]
Subject: Docker setup without password
Date: Tue, 25 Mar 2025 14:22:54 +0100
Message-ID: <23879802.6Emhk5qWAg@nap> (raw)
Hello everybody,
I'd like to deploy PgAdmin4 with Ansible to a Docker Swarm cluster without any
authentication and authorization, as it will not be exposed to the public.
Only internal SSH users will be able to access the SSH tunnel endpoint, a unix
domain socket. These users are already authenticated with their SSH public key
and a second factor, and each of them is an experienced, trusted user.
Unfortunately, PgAdmin4 makes it very hard for me to accomplish this, or maybe
I didn't find or understand the relevant documentation. I have already managed
to automatically login into PgAdmin4 by forcing it into desktop mode, but when
I try to open a database in the menu on the left side, PgAdmin4 keeps asking
for a password -- which has already been supplied with a PGPASS_FILE.
Please, don't get me wrong: I highly appreciate when developers try to develop
their software as secure as possible, thus protecting unexperienced users from
insecure setups. And to be honest, I'm also not happy with having to force the
software into desktop mode just to circumvent having to log into PgAdmin4. But
then, having to spread passwords and add documentation to our projects just so
my users can access that database doesn't make me happy either.
What I have already accomplished and tried so far:
- force PgAdmin4 into desktop mode (PGADMIN_CONFIG_SERVER_MODE: "False"), thus
omitting the need to login into PgAdmin4
- adding a PGPASS_FILE (with and without leading dots) with Docker configs to
- /var/lib/pgadmin/pgpass
- /var/lib/pgadmin/pgpass/storage/sw_lukenukem.de/pgpass
- setting the correct password in servers.json with the settings
- Password
- PassFile
At the moment, the service configuration in my docker-compose.yml looks like
so (and no, please rest assured that s3cR3t is not the real password ;-):
--snip-----
pgadmin:
image: dpage/pgadmin4:latest
environment:
PGADMIN_DEFAULT_EMAIL: "[email protected]"
PGADMIN_DEFAULT_PASSWORD: "s3cR3t"
PGADMIN_LISTEN_ADDRESS: "0.0.0.0"
PGADMIN_DISABLE_POSTFIX: "True"
PGADMIN_CONFIG_SERVER_MODE: "False"
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: "False"
PGPASS_FILE: "/var/lib/pgadmin/pgpass"
configs:
- source: servers_json
target: /pgadmin4/servers.json
- source: pgpass
target: /var/lib/pgadmin/pgpass
uid: "5050"
gid: "0"
mode: 0600
- source: pgpass
target: /var/lib/pgadmin/storage/sw_lukenukem.de/pgpass
uid: "5050"
gid: "0"
mode: 0600
--snip-----
However, after reading the documentation over and over and playing around with
several configuration options, I'm at the end of my ideas. Any suggestions and
hints are very welcome. If you need more information, please let me know.
Thank you in advance and please excuse my bad english, I know I lack training.
Best wishes,
Lutz
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Docker setup without password
In-Reply-To: <23879802.6Emhk5qWAg@nap>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox