Skip to content

PostgreSQL

Overview

Field Value
Purpose Shared relational database
Business function Persistent application data
Owner IT Operations; database ownership to be recorded per application
Criticality High
Image postgres:alpine3.19

Architecture

Vaultwarden, Homebox, and other configured clients connect over the Docker backend network. Host TCP 5432 is also published and should be restricted by pfSense.

Installation

Docker Compose at /root/postgresql/docker-compose.yml.

Configuration

  • Data mounts: /root/postgresql/data:/var/lib/postgresql plus a Docker volume at /var/lib/postgresql/data
  • Network: backend
  • Port: host and container TCP 5432
  • Restart policy: always
  • Environment: POSTGRES_PASSWORD, POSTGRES_HOME

The two overlapping data mounts require review so the authoritative database path is unambiguous.

Operational Procedures

cd /root/postgresql
docker compose logs --tail=200 postgresql
docker exec postgresql pg_isready
docker compose restart postgresql
docker compose pull
docker compose up -d

Use pg_dump/pg_dumpall for logical backups and back up the deployment files. Do not copy a live data directory as the only backup method.

Troubleshooting

  • Check pg_isready, disk capacity, logs, and client credentials.
  • Confirm the client is on backend.
  • Confirm host port 5432 is not exposed beyond its intended sources.