The official Postgres image comes without any SSL certificates, leaving users to create the functionality for themselves. This image strives to provide that missing functionality by using self-signed SSL certificates. It is available on both GitHub Container Register (ghcr.io) and Docker Hub (hub.docker.com).
In order to ensure the provenance of the images, all images are automatically built and pushed by GitHub Actions with every push to the main branch of this repo. Weekly builds are kicked off on Saturdays at 00:30 UTC so that we get all the upstream updates to the postgres image.
Images are built for the following architecture.
- amd64
- arm32v6
- arm64v8
| Registry Name | Image Name |
|---|---|
| GitHub Container Registry | ghcr.io/infrastructure-as-code/postgres |
| Docker Hub | infrastructureascode/postgres |
Starting a container.
docker run --rm -it \
-e POSTGRES_PASSWORD=password \
ghcr.io/infrastructure-as-code/postgres:15-alpine
Since this image is extended from the official Postgresql images, it also has the same basic funcationality as the official images, so please review the instructions from the official image as well.
Additionally, the following environment variables provide a little bit of control of the self-signed SSL certificates.
| Environment Variable | Default Value | Description |
|---|---|---|
SSL_DOMAIN |
pg.local |
The domain used in the self-signed SSL certificate |
SSL_DAYS |
3650 | The number of days the self-signed SSL certificates are valid for |
SSL_ONLY |
true |
Should all connections be SSL-only? |
Self-signed SSL certifications are generated when a container is started for the first time (so that at least we don't all have the same certificates).
Please make sure you understand the security implications of using self-signed certificates of you use this for anything other than dev or test purposes. The Postgresql libpq-ssl page has a nice table describing the SSL modes that you should review.