PostgreSQL
Overview
| Field | Value |
|---|---|
| Purpose | Shared relational database |
| Business function | Persistent application data |
| Owner | IT Operations; database ownership to be recorded per application |
| Criticality | High |
| Image | postgres:alpine3.19 |
Architecture
Vaultwarden, Homebox, and other configured clients connect over the Docker backend network. Host TCP 5432 is also published and should be restricted by pfSense.
Installation
Docker Compose at /root/postgresql/docker-compose.yml.
Configuration
- Data mounts:
/root/postgresql/data:/var/lib/postgresqlplus a Docker volume at/var/lib/postgresql/data - Network:
backend - Port: host and container TCP
5432 - Restart policy:
always - Environment:
POSTGRES_PASSWORD,POSTGRES_HOME
The two overlapping data mounts require review so the authoritative database path is unambiguous.
Operational Procedures
cd /root/postgresql
docker compose logs --tail=200 postgresql
docker exec postgresql pg_isready
docker compose restart postgresql
docker compose pull
docker compose up -d
Use pg_dump/pg_dumpall for logical backups and back up the deployment files. Do not copy a live data directory as the only backup method.
Troubleshooting
- Check
pg_isready, disk capacity, logs, and client credentials. - Confirm the client is on
backend. - Confirm host port
5432is not exposed beyond its intended sources.