public inbox for [email protected]
help / color / mirror / Atom feedDocker setup without password
4+ messages / 2 participants
[nested] [flat]
* Docker setup without password
@ 2025-03-25 13:22 Lutz Badenheuer <[email protected]>
2025-03-26 10:05 ` Re: Docker setup without password Aditya Toshniwal <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Lutz Badenheuer @ 2025-03-25 13:22 UTC (permalink / raw)
To: [email protected]
Hello everybody,
I'd like to deploy PgAdmin4 with Ansible to a Docker Swarm cluster without any
authentication and authorization, as it will not be exposed to the public.
Only internal SSH users will be able to access the SSH tunnel endpoint, a unix
domain socket. These users are already authenticated with their SSH public key
and a second factor, and each of them is an experienced, trusted user.
Unfortunately, PgAdmin4 makes it very hard for me to accomplish this, or maybe
I didn't find or understand the relevant documentation. I have already managed
to automatically login into PgAdmin4 by forcing it into desktop mode, but when
I try to open a database in the menu on the left side, PgAdmin4 keeps asking
for a password -- which has already been supplied with a PGPASS_FILE.
Please, don't get me wrong: I highly appreciate when developers try to develop
their software as secure as possible, thus protecting unexperienced users from
insecure setups. And to be honest, I'm also not happy with having to force the
software into desktop mode just to circumvent having to log into PgAdmin4. But
then, having to spread passwords and add documentation to our projects just so
my users can access that database doesn't make me happy either.
What I have already accomplished and tried so far:
- force PgAdmin4 into desktop mode (PGADMIN_CONFIG_SERVER_MODE: "False"), thus
omitting the need to login into PgAdmin4
- adding a PGPASS_FILE (with and without leading dots) with Docker configs to
- /var/lib/pgadmin/pgpass
- /var/lib/pgadmin/pgpass/storage/sw_lukenukem.de/pgpass
- setting the correct password in servers.json with the settings
- Password
- PassFile
At the moment, the service configuration in my docker-compose.yml looks like
so (and no, please rest assured that s3cR3t is not the real password ;-):
--snip-----
pgadmin:
image: dpage/pgadmin4:latest
environment:
PGADMIN_DEFAULT_EMAIL: "[email protected]"
PGADMIN_DEFAULT_PASSWORD: "s3cR3t"
PGADMIN_LISTEN_ADDRESS: "0.0.0.0"
PGADMIN_DISABLE_POSTFIX: "True"
PGADMIN_CONFIG_SERVER_MODE: "False"
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: "False"
PGPASS_FILE: "/var/lib/pgadmin/pgpass"
configs:
- source: servers_json
target: /pgadmin4/servers.json
- source: pgpass
target: /var/lib/pgadmin/pgpass
uid: "5050"
gid: "0"
mode: 0600
- source: pgpass
target: /var/lib/pgadmin/storage/sw_lukenukem.de/pgpass
uid: "5050"
gid: "0"
mode: 0600
--snip-----
However, after reading the documentation over and over and playing around with
several configuration options, I'm at the end of my ideas. Any suggestions and
hints are very welcome. If you need more information, please let me know.
Thank you in advance and please excuse my bad english, I know I lack training.
Best wishes,
Lutz
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: Docker setup without password
2025-03-25 13:22 Docker setup without password Lutz Badenheuer <[email protected]>
@ 2025-03-26 10:05 ` Aditya Toshniwal <[email protected]>
2025-03-27 16:52 ` Re: Docker setup without password Lutz Badenheuer <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Aditya Toshniwal @ 2025-03-26 10:05 UTC (permalink / raw)
To: Lutz Badenheuer <[email protected]>; +Cc: [email protected]
Hi Lutz,
Did you try removing pgpass from configs? PGPASS_FILE should be enough.
On Wed, Mar 26, 2025 at 3:05 PM Lutz Badenheuer <[email protected]> wrote:
> Hello everybody,
>
> I'd like to deploy PgAdmin4 with Ansible to a Docker Swarm cluster without
> any
> authentication and authorization, as it will not be exposed to the public.
>
> Only internal SSH users will be able to access the SSH tunnel endpoint, a
> unix
> domain socket. These users are already authenticated with their SSH public
> key
> and a second factor, and each of them is an experienced, trusted user.
>
> Unfortunately, PgAdmin4 makes it very hard for me to accomplish this, or
> maybe
> I didn't find or understand the relevant documentation. I have already
> managed
> to automatically login into PgAdmin4 by forcing it into desktop mode, but
> when
> I try to open a database in the menu on the left side, PgAdmin4 keeps
> asking
> for a password -- which has already been supplied with a PGPASS_FILE.
>
> Please, don't get me wrong: I highly appreciate when developers try to
> develop
> their software as secure as possible, thus protecting unexperienced users
> from
> insecure setups. And to be honest, I'm also not happy with having to force
> the
> software into desktop mode just to circumvent having to log into PgAdmin4.
> But
> then, having to spread passwords and add documentation to our projects
> just so
> my users can access that database doesn't make me happy either.
>
> What I have already accomplished and tried so far:
>
> - force PgAdmin4 into desktop mode (PGADMIN_CONFIG_SERVER_MODE: "False"),
> thus
> omitting the need to login into PgAdmin4
> - adding a PGPASS_FILE (with and without leading dots) with Docker configs
> to
> - /var/lib/pgadmin/pgpass
> - /var/lib/pgadmin/pgpass/storage/sw_lukenukem.de/pgpass
> - setting the correct password in servers.json with the settings
> - Password
> - PassFile
>
> At the moment, the service configuration in my docker-compose.yml looks
> like
> so (and no, please rest assured that s3cR3t is not the real password ;-):
>
> --snip-----
> pgadmin:
> image: dpage/pgadmin4:latest
> environment:
> PGADMIN_DEFAULT_EMAIL: "[email protected]"
> PGADMIN_DEFAULT_PASSWORD: "s3cR3t"
> PGADMIN_LISTEN_ADDRESS: "0.0.0.0"
> PGADMIN_DISABLE_POSTFIX: "True"
> PGADMIN_CONFIG_SERVER_MODE: "False"
> PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: "False"
> PGPASS_FILE: "/var/lib/pgadmin/pgpass"
> configs:
> - source: servers_json
> target: /pgadmin4/servers.json
> - source: pgpass
> target: /var/lib/pgadmin/pgpass
> uid: "5050"
> gid: "0"
> mode: 0600
> - source: pgpass
> target: /var/lib/pgadmin/storage/sw_lukenukem.de/pgpass
> uid: "5050"
> gid: "0"
> mode: 0600
> --snip-----
>
> However, after reading the documentation over and over and playing around
> with
> several configuration options, I'm at the end of my ideas. Any suggestions
> and
> hints are very welcome. If you need more information, please let me know.
>
> Thank you in advance and please excuse my bad english, I know I lack
> training.
>
> Best wishes,
> Lutz
>
--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
<https://www.enterprisedb.com/;
"Don't Complain about Heat, Plant a TREE"
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: Docker setup without password
2025-03-25 13:22 Docker setup without password Lutz Badenheuer <[email protected]>
2025-03-26 10:05 ` Re: Docker setup without password Aditya Toshniwal <[email protected]>
@ 2025-03-27 16:52 ` Lutz Badenheuer <[email protected]>
2025-04-01 06:09 ` Re: Docker setup without password Aditya Toshniwal <[email protected]>
0 siblings, 1 reply; 4+ messages in thread
From: Lutz Badenheuer @ 2025-03-27 16:52 UTC (permalink / raw)
To: [email protected]
Hello,
Am Mittwoch, 26. März 2025, 11:05:30 CET schrieb Aditya Toshniwal:
> Did you try removing pgpass from configs? PGPASS_FILE should be enough.
Unfortunately, that doesn't work neither by setting this as an absolute nor as
a relative path. Whenever I open PgAdmin4 I'm logged in automatically but when
when i open "Servers" in the tree menu on the left, "db" shows up with a small
red cross and I'm asked to enter a password. Any more ideas?
Thanks in advance,
Lutz
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: Docker setup without password
2025-03-25 13:22 Docker setup without password Lutz Badenheuer <[email protected]>
2025-03-26 10:05 ` Re: Docker setup without password Aditya Toshniwal <[email protected]>
2025-03-27 16:52 ` Re: Docker setup without password Lutz Badenheuer <[email protected]>
@ 2025-04-01 06:09 ` Aditya Toshniwal <[email protected]>
0 siblings, 0 replies; 4+ messages in thread
From: Aditya Toshniwal @ 2025-04-01 06:09 UTC (permalink / raw)
To: Lutz Badenheuer <[email protected]>; +Cc: [email protected]
Hi Lutz,
We never tested this scenario. We'll try at our end and let you know.
On Fri, Mar 28, 2025 at 9:29 PM Lutz Badenheuer <[email protected]> wrote:
> Hello,
>
> Am Mittwoch, 26. März 2025, 11:05:30 CET schrieb Aditya Toshniwal:
> > Did you try removing pgpass from configs? PGPASS_FILE should be enough.
>
> Unfortunately, that doesn't work neither by setting this as an absolute
> nor as
> a relative path. Whenever I open PgAdmin4 I'm logged in automatically but
> when
> when i open "Servers" in the tree menu on the left, "db" shows up with a
> small
> red cross and I'm asked to enter a password. Any more ideas?
>
> Thanks in advance,
> Lutz
>
--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
<https://www.enterprisedb.com/;
"Don't Complain about Heat, Plant a TREE"
^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2025-04-01 06:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-03-25 13:22 Docker setup without password Lutz Badenheuer <[email protected]>
2025-03-26 10:05 ` Aditya Toshniwal <[email protected]>
2025-03-27 16:52 ` Lutz Badenheuer <[email protected]>
2025-04-01 06:09 ` Aditya Toshniwal <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox