Author: Remy Chaput
This Docker image contains both PostgreSQL (a Relational Database Management System) and pgAdmin4 (a Web UI for Postgres), for teaching purposes.
The image is already pre-configured so that students can directly access postgres, create and query databases without having to configure neither Postgres, pgAdmin4, nor the the connection between pgAdmin4 and Postgres.
It also includes a sample database backup that can be easily and quickly restored for immediate hands-on: the DVD Rental Database, made available by Gordon Kwok. The backup file can be found at /root/dvdrental.tar and can be restored both from the pgAdmin4 Web UI (see their documentation) or from the command-line interface, by using the pg_restore tool.
All passwords have been disabled for ease-of-use: because pgAdmin4 can access the PSQL tool (and because PSQL in turns allows to execute some system commands), any attacker with access to the pgAdmin4 Web UI has effectively root access to the container. Because of Docker's containerization principle, this should not allow access to the host, but escalation flaws may exist.
It is therefore strongly recommended:
-
to never, ever, ever use this container in production;
-
to bind ports only to localhost (so as to avoid attackers on the same network gaining access to your pgAdmin4 UI).
This image was made for teaching purposes and is not appropriate for any other use-case. You should directly use Postgres' docker image and pgAdmin4's docker image for deployments that require security. The maintainer can not be held responsible for any damage on your system.
Pull the latest version of this image with:
docker pull rchaput/postgres_pgadmin4:latestThen instantiate a new container with:
docker run --name YOUR_CONTAINER_NAME -p 127.0.0.1:5050:5050 -d rchaput/postgres_pgadmin4:latestYou may now access the pgAdmin4 UI at http://localhost:5050/
Notes:
- Specifying
127.0.0.1when binding the port ensures that only the local interface can be used to access pgAdmin4. Using the (concise)5050:5050notation binds to all interfaces and is therefore unsafe.
This image is based on the Debian (Bookworm) version of Postgres. You may access a shell (Bash) if necessary by using:
docker exec -it YOUR_CONTAINER_NAME bash(with YOUR_CONTAINER_NAME the name of a running container).
Postgres files are located at: /var/lib/postgresql/data
pgAdmin4 binaries and configuration files are located at: /usr/pgadmin4; data files at: /var/lib/pgadmin4
You may place database backups (e.g., .tar files) in the /root folder to be able to restore them as databases and use existing data, by using the following command:
docker cp YOUR_BACKUP.tar YOUR_CONTAINER_NAME:/root/where YOUR_BACKUP.tar is the path (relative or absolute) to the backup file you want to copy, and YOUR_CONTAINER_NAME is the name of an existing container.
You may also restore a database from such a backup file directly from the command line, rather than using the pgAdmin4 UI, by using the following command in a container shell:
/usr/bin/pg_restore -d YOUR_DATABASE_NAME --create --username=postgres /root/YOUR_BACKUP.tarThe base Postgres image also exposes the 5432 port for direct access to Postgres. This should not be necessary, as you can access Postgres through pgAdmin4, but you may also bind this port when instantiating the container, by using several -p arguments: docker run --name YOUR_CONTAINER_NAME -p 127.0.0.1:5432:5432 -p 127.0.0.1:5050:5050 -d rchaput/postgres_pgadmin4:latest
Of course, the host port can be changed if 5432 or 5050 are already in use.
You are very welcome to fork and modify this image to suit your needs.
Pull Requests can be sent, although I'd rather avoid adding too many features; security and bugfixes patches are always welcome.
This image was made for a database/SQL course given at CPE Lyon; I will not have time to work on feature requests.