PostgreSQL as simple and secure as it gets
PostgreSQL is a powerful, open-source, object-relational database management system known for its reliability, feature set, and adherence to standards. It supports both SQL (relational) and JSON (non-relational) querying and is backed by a large, active community.
What can I do with this? This image will run postgres as postgres with the database postgres and the password you set initially. Why so simple? Because 99.9% of all containers that need postgres, are happy with the default settings, no different dbname, different dbuser, whatever needed. It also adds a simple backup scheduler that will backup your database if POSTGRES_BACKUP_SCHEDULE is set. It allows for incremental backups too if enabled.
Why should I run this image and not the other image(s) that already exist? Good question! Because ...
Important
- ... this image runs rootless as 1000:1000
- ... this image has a health check
- ... this image runs read-only
- ... this image is automatically scanned for CVEs before and after publishing
- ... this image is created via a secure and pinned CI/CD process
- ... this image is very small
- ... this image can take full and incremental backups on its own
If you value security, simplicity and optimizations to the extreme, then this image might be for you.
Below you find a comparison between this image and the most used or original one.
| image | size on disk | init default as | distroless | supported architectures |
|---|---|---|---|---|
| 11notes/postgres:16 | 46MB | 1000:1000 | ❌ | amd64, arm64, armv7 |
| postgres:16-alpine | 276MB | 0:0 | ❌ | amd64, armv6, armv7, arm64v8, 386, ppc64le, riscv64, s390x |
- /postgres/etc - Directory of config files
- /postgres/var - Directory of database files
name: "db"
services:
postgres:
image: "11notes/postgres:16"
read_only: true
environment:
TZ: "Europe/Zurich"
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
# make a full and compressed database backup each day at 03:00
POSTGRES_BACKUP_SCHEDULE: "0 3 * * *"
ports:
- "5432:5432/tcp"
networks:
frontend:
volumes:
- "postgres.etc:/postgres/etc"
- "postgres.var:/postgres/var"
- "postgres.backup:/postgres/backup"
tmpfs:
# needed for read-only
- "/postgres/run:uid=1000,gid=1000"
- "/postgres/log:uid=1000,gid=1000"
restart: "always"
volumes:
postgres.etc:
postgres.var:
postgres.backup:
networks:
frontend:| Parameter | Value | Description |
|---|---|---|
user |
docker | user name |
uid |
1000 | user identifier |
gid |
1000 | group identifier |
home |
/postgres | home directory of user docker |
| Parameter | Value | Default |
|---|---|---|
TZ |
Time Zone | |
DEBUG |
Will activate debug option for container image and app (if available) | |
POSTGRES_BACKUP_SCHEDULE |
Set backup schedule for full backups (crontab style) |
These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
docker pull 11notes/postgres:16
docker pull ghcr.io/11notes/postgres:16
docker pull quay.io/11notes/postgres:16
Tip
- Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
- Use Let’s Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the releases for breaking changes. If you have any problems with using this image simply raise an issue, thanks. If you have a question or inputs please create a new discussion instead of an issue. You can find all my other repositories on github.
created 26.08.2025, 00:58:58 (CET)