Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
201eac3809 | ||
|
|
965696813b | ||
|
|
3a676c2549 | ||
|
|
11fef8aec9 | ||
|
|
23c11bfddd | ||
|
|
1af6da45e9 | ||
|
|
bfc0f18759 | ||
|
|
9df82c58da | ||
|
|
ee2d2f10f7 | ||
|
|
9f3d24ca9f | ||
|
|
09926fbecd |
@@ -1 +1 @@
|
|||||||
FROM postgres:15.3
|
FROM postgres:15.4
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# dokku postgres [](https://github.com/dokku/dokku-postgres/actions/workflows/ci.yml?query=branch%3Amaster) [](https://webchat.libera.chat/?channels=dokku)
|
# dokku postgres [](https://github.com/dokku/dokku-postgres/actions/workflows/ci.yml?query=branch%3Amaster) [](https://webchat.libera.chat/?channels=dokku)
|
||||||
|
|
||||||
Official postgres plugin for dokku. Currently defaults to installing [postgres 15.3](https://hub.docker.com/_/postgres/).
|
Official postgres plugin for dokku. Currently defaults to installing [postgres 15.4](https://hub.docker.com/_/postgres/).
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
|
|||||||
@@ -457,7 +457,7 @@ service_container_rm() {
|
|||||||
local ID
|
local ID
|
||||||
|
|
||||||
service_pause "$SERVICE"
|
service_pause "$SERVICE"
|
||||||
ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "name=^/$SERVICE_NAME$" --format '{{ .ID }}') || true
|
ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "name=^/$SERVICE_NAME$") || true
|
||||||
# this may be 'true' in tests...
|
# this may be 'true' in tests...
|
||||||
if [[ -z "$ID" ]] || [[ "$ID" == "true" ]]; then
|
if [[ -z "$ID" ]] || [[ "$ID" == "true" ]]; then
|
||||||
return 0
|
return 0
|
||||||
@@ -939,7 +939,7 @@ service_pause() {
|
|||||||
declare SERVICE="$1"
|
declare SERVICE="$1"
|
||||||
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
||||||
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
||||||
local ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "name=^/$SERVICE_NAME$" --format '{{ .ID }}') || true
|
local ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "name=^/$SERVICE_NAME$") || true
|
||||||
[[ -z $ID ]] && dokku_log_warn "Service is already paused" && return 0
|
[[ -z $ID ]] && dokku_log_warn "Service is already paused" && return 0
|
||||||
|
|
||||||
if [[ -n $ID ]]; then
|
if [[ -n $ID ]]; then
|
||||||
|
|||||||
@@ -149,7 +149,9 @@ service_create_container() {
|
|||||||
|
|
||||||
dokku_log_verbose_quiet "Securing connection to database"
|
dokku_log_verbose_quiet "Securing connection to database"
|
||||||
service_pause "$SERVICE" >/dev/null
|
service_pause "$SERVICE" >/dev/null
|
||||||
"$DOCKER_BIN" container run --rm -i -v "$SERVICE_HOST_ROOT/data:/var/lib/postgresql/data" "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" bash -s <"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/enable_ssl.sh" &>/dev/null
|
"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/create_ssl_certs.sh" "$SERVICE_ROOT" &>/dev/null
|
||||||
|
"$DOCKER_BIN" container run --rm -i -v "$SERVICE_HOST_ROOT/data:/var/lib/postgresql/data" -v "$SERVICE_HOST_ROOT/certs:/var/lib/postgresql/certs" "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" bash -s <"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/enable_ssl.sh" &>/dev/null
|
||||||
|
rm -rf "$SERVICE_HOST_ROOT/certs"
|
||||||
|
|
||||||
suppress_output "$DOCKER_BIN" container start "$(cat "$SERVICE_ROOT/ID")"
|
suppress_output "$DOCKER_BIN" container start "$(cat "$SERVICE_ROOT/ID")"
|
||||||
service_port_reconcile_status "$SERVICE"
|
service_port_reconcile_status "$SERVICE"
|
||||||
@@ -191,7 +193,7 @@ service_start() {
|
|||||||
local QUIET="$2"
|
local QUIET="$2"
|
||||||
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
||||||
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
||||||
local ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "status=running" --filter "name=^/$SERVICE_NAME$" --format '{{ .ID }}') || true
|
local ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "status=running" --filter "name=^/$SERVICE_NAME$") || true
|
||||||
if [[ -n $ID ]]; then
|
if [[ -n $ID ]]; then
|
||||||
[[ -z $QUIET ]] && dokku_log_warn "Service is already started"
|
[[ -z $QUIET ]] && dokku_log_warn "Service is already started"
|
||||||
if [[ ! -f "$SERVICE_ROOT/ID" ]] || [[ "$(cat "$SERVICE_ROOT/ID")" != "$ID" ]]; then
|
if [[ ! -f "$SERVICE_ROOT/ID" ]] || [[ "$(cat "$SERVICE_ROOT/ID")" != "$ID" ]]; then
|
||||||
@@ -202,7 +204,7 @@ service_start() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
dokku_log_info2_quiet "Starting container"
|
dokku_log_info2_quiet "Starting container"
|
||||||
local PREVIOUS_ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "status=exited" --filter "name=^/$SERVICE_NAME$" --format '{{ .ID }}') || true
|
local PREVIOUS_ID=$("$DOCKER_BIN" container ps -aq --no-trunc --filter "status=exited" --filter "name=^/$SERVICE_NAME$") || true
|
||||||
local PASSWORD="$(service_password "$SERVICE")"
|
local PASSWORD="$(service_password "$SERVICE")"
|
||||||
|
|
||||||
if [[ -n $PREVIOUS_ID ]]; then
|
if [[ -n $PREVIOUS_ID ]]; then
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
[plugin]
|
[plugin]
|
||||||
description = "dokku postgres service plugin"
|
description = "dokku postgres service plugin"
|
||||||
version = "1.33.1"
|
version = "1.34.2"
|
||||||
[plugin.config]
|
[plugin.config]
|
||||||
|
|||||||
9
scripts/create_ssl_certs.sh
Executable file
9
scripts/create_ssl_certs.sh
Executable file
@@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
postgres_service_dir="$1"
|
||||||
|
|
||||||
|
cd "$postgres_service_dir"
|
||||||
|
mkdir certs && cd certs
|
||||||
|
openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch
|
||||||
@@ -1,7 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/sh
|
||||||
pushd /var/lib/postgresql/data >/dev/null
|
|
||||||
openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch
|
set -e
|
||||||
|
|
||||||
|
cd /var/lib/postgresql/data
|
||||||
|
|
||||||
|
cp ../certs/* .
|
||||||
|
chown postgres:postgres server.key
|
||||||
chmod 600 server.key
|
chmod 600 server.key
|
||||||
|
|
||||||
sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
|
sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
|
||||||
sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf
|
sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf
|
||||||
popd >/dev/null
|
|
||||||
|
|||||||
Reference in New Issue
Block a user