sam-pgbouncer
Secure and Minimal Pgbouncer Docker-image. Listens by default on port 6432.
Environment variables
pre-set runtime variables
- VAR_LINUX_USER (postgres)
- VAR_CONFIG_FILE (/etc/pgbouncer/pgbouncer.ini)
- VAR_ARGON2_PARAMS (-r): Only used if VAR_ENCRYPT_PW is set to "yes".
- VAR_SALT_FILE (/proc/sys/kernel/hostname): Only used if VAR_ENCRYPT_PW is set to "yes".
- VAR_FINAL_COMMAND (/usr/local/bin/pgbouncer $VAR_CONFIG_FILE)
- VAR_DATABASES (*=port=5432): Comma separated list of backend databases. Default set to only read from Unix socket.
- VAR_param_auth_file (/etc/pgbouncer/userlist.txt): Pgbouncer authentication file.
- VAR_param_auth_hba_file (/etc/pgbouncer/pg_hba.conf): Pgbouncer hba authentication file.
- VAR_param_unix_socket_dir (/run/pgbouncer): Pgbouncer Unix socket dir, used by both frontend and backend.
- VAR_param_listen_addr (*): Allowed client network addresses. Default set to allow all.
Other runtime variables
- VAR_DATABASE_USERS: Comma separated list of database users.
- VAR_AUTH_HBA: Comma separated list of hba rules. Optional.
- VAR_param_<parameter name>: f ex VAR_param_auth_type.
- VAR_password_file_<user name from VAR_DATABASE_USERS>: Path to file containing the password for named user.
- VAR_password_<user name from VAR_DATABASE_USERS>: The password for named user. Slightly less secure.
- VAR_ENCRYPT_PW: Set to "yes" to hash passwords with Argon2.
Capabilities
Can drop all but SETPCAP, SETGID and SETUID.