sslmode - detecting local docker

public inbox for pgsql-admin@postgresql.org  
help / color / mirror / Atom feed

sslmode - detecting local docker
2+ messages / 2 participants
[nested] [flat]

* sslmode - detecting local docker
@ 2026-04-13 13:09  AJ Weber <aweber@comcast.net>
  0 siblings, 1 reply; 2+ messages in thread

From: AJ Weber @ 2026-04-13 13:09 UTC (permalink / raw)
  To: pgsql-admin@lists.postgresql.org

I'm trying to configure my custom JDBC connection to be as safe as 
practical.

Years gone by, I would simply check if the URL (configured-property) had 
"localhost" in it, and do nothing. Recently I decided I'd check for 
localhost AND see if any "ssl" was explicitly already set in the URL.  
If not, I tried adding ssl=true as a connection param.  This fails when 
using a postgresql docker container, because they typically are not 
configured for SSL, but the hostname is also not "localhost".

Besides changing my logic to add "sslmode=prefer" (instead of "true", 
which may be the default anyway), does anyone have a good way to 
determine if the JDBC URL is actually a docker container running on the 
same host?

Currently running v16.x, but these modes haven't changed in a long time, 
so I suppose this question applies across currently supported versions.

Thanks in advance,

AJ

^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: sslmode - detecting local docker
@ 2026-04-14 05:51  Roland Müller <rolmur@gmail.com>
  parent: AJ Weber <aweber@comcast.net>
  0 siblings, 0 replies; 2+ messages in thread

From: Roland Müller @ 2026-04-14 05:51 UTC (permalink / raw)
  To: AJ Weber <aweber@comcast.net>; +Cc: pgsql-admin@lists.postgresql.org

With docker or podman you can list the networks and inspect them one by one
to get their subnets. This information could then be used in pg_hba.conf.

E.g. using podman , docker should be the same except name of the command:

$ podman network ls
NETWORK ID    NAME        DRIVER
2f259bab93aa  podman      bridge
$podman inspect  2f259bab93aa
...
          "subnets": [
               {
                    "subnet": "SOME_IP_NET/SOME_MASK",
                    "gateway": "SOME_IP_ADDR"
               }
          ],
...

Am Mo., 13. Apr. 2026 um 16:09 Uhr schrieb AJ Weber <aweber@comcast.net>:

> I'm trying to configure my custom JDBC connection to be as safe as
> practical.
>
> Years gone by, I would simply check if the URL (configured-property) had
> "localhost" in it, and do nothing. Recently I decided I'd check for
> localhost AND see if any "ssl" was explicitly already set in the URL.
> If not, I tried adding ssl=true as a connection param.  This fails when
> using a postgresql docker container, because they typically are not
> configured for SSL, but the hostname is also not "localhost".
>
> Besides changing my logic to add "sslmode=prefer" (instead of "true",
> which may be the default anyway), does anyone have a good way to
> determine if the JDBC URL is actually a docker container running on the
> same host?
>
> Currently running v16.x, but these modes haven't changed in a long time,
> so I suppose this question applies across currently supported versions.
>
> Thanks in advance,
>
> AJ
>
>
>
>


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2026-04-14 05:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-04-13 13:09 sslmode - detecting local docker AJ Weber <aweber@comcast.net>
2026-04-14 05:51 ` Roland Müller <rolmur@gmail.com>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox