Re: sslmode - detecting local docker

public inbox for pgsql-admin@postgresql.org  
help / color / mirror / Atom feed

From: Roland Müller <rolmur@gmail.com>
To: AJ Weber <aweber@comcast.net>
Cc: pgsql-admin@lists.postgresql.org
Subject: Re: sslmode - detecting local docker
Date: Tue, 14 Apr 2026 08:51:59 +0300
Message-ID: <CA+8p0G2gDTZTqAV6d-5oEVc7i-ZgASqCCPWXUH+2CocVTLY=Ug@mail.gmail.com> (raw)
In-Reply-To: <31b00cee-fc14-4872-aef1-f6151c7cd1ee@comcast.net>
References: <31b00cee-fc14-4872-aef1-f6151c7cd1ee@comcast.net>

With docker or podman you can list the networks and inspect them one by one
to get their subnets. This information could then be used in pg_hba.conf.

E.g. using podman , docker should be the same except name of the command:

$ podman network ls
NETWORK ID    NAME        DRIVER
2f259bab93aa  podman      bridge
$podman inspect  2f259bab93aa
...
          "subnets": [
               {
                    "subnet": "SOME_IP_NET/SOME_MASK",
                    "gateway": "SOME_IP_ADDR"
               }
          ],
...

Am Mo., 13. Apr. 2026 um 16:09 Uhr schrieb AJ Weber <aweber@comcast.net>:

> I'm trying to configure my custom JDBC connection to be as safe as
> practical.
>
> Years gone by, I would simply check if the URL (configured-property) had
> "localhost" in it, and do nothing. Recently I decided I'd check for
> localhost AND see if any "ssl" was explicitly already set in the URL.
> If not, I tried adding ssl=true as a connection param.  This fails when
> using a postgresql docker container, because they typically are not
> configured for SSL, but the hostname is also not "localhost".
>
> Besides changing my logic to add "sslmode=prefer" (instead of "true",
> which may be the default anyway), does anyone have a good way to
> determine if the JDBC URL is actually a docker container running on the
> same host?
>
> Currently running v16.x, but these modes haven't changed in a long time,
> so I suppose this question applies across currently supported versions.
>
> Thanks in advance,
>
> AJ
>
>
>
>

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: pgsql-admin@postgresql.org
  Cc: rolmur@gmail.com, aweber@comcast.net, pgsql-admin@lists.postgresql.org
  Subject: Re: sslmode - detecting local docker
  In-Reply-To: <CA+8p0G2gDTZTqAV6d-5oEVc7i-ZgASqCCPWXUH+2CocVTLY=Ug@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox