Disable external access to PostgreSQL

Overview of series “How to run Jira and Confluence behind NGINX reverse proxy on Docker”

  1. Run Atlassian Jira and Confluence with PostgreSQL on Docker
  2. NGINX as reverse proxy for Jira and Confluence on Docker
  3. Disable external access to PostgreSQL
  4. Enable SSL for NGINX reverse proxy using Let’s Encrypt on Docker

Introduction

The next step will be to disable external access to PostgreSQL. It should be only accessible inside of the Atlassian service network in our Docker host. And the containers should communicate directly with the PostgreSQL. Currently the communication is going through the IP of the Docker host.

Start PostgreSQL container with new settings

First we will stop Jira, Confluence and PostgreSQL and then recreate the PostgreSQL container with new settings (without exposing port 5432 and connected to the Atlassian network):

docker stop jira confluence postgres

docker rm postgres

docker run -d \
    --name postgres \
    -e POSTGRES_USER=postgres \
    -e POSTGRES_PASSWORD=mysecretpassword \
    -v postgresdata:/var/lib/postgresql/data \
    --network atlassian \
    postgres:10

Update database connection settings for Jira, Confluence and pgAdmin

In the first post of this series we used the IP address of the Docker host to connect to the database. Now we will change this to the containers internal name of the database container.

Configuration files for the database connection of Jira and Confluence are stored in the application data volume. By default Docker stores volumes in /var/lib/docker/volumes. If you have changed this path in your installation you will need to adjust it also here.

Updata database connection setting for Jira

nano /mnt/data/docker/volumes/jiraApplicationData/_data/dbconfig.xml

In the XML file exchange the IP address in the parameter “url” with the container name “postgres“.

Jira database configuartion

Update database connection setting for Confluence

nano /mnt/data/docker/volumes/confluenceApplicationData/_data/confluence.cfg.xml

In the XML file in the properties section look for the property “hibnerate.connection.url“. In it’s value also exchange the IP address with the container name as you did before.

Confluence Database configuration

Update connection settings in pgAdmin

Also update the connection settings in pgAdmin. Open pgAdmin in your browser by entering PGADMIN.YOURDOMAIN.COM.

Right click the existing server connection and go to “Properties“. In the “Connection” tab adjust the “Host name/address” to “postgres” and click onto “Save“.

Start Jira and Confluence containers

Start Jira and Confluence containers again and check if everything works.

docker start jira confluence

Conclusion

The PostgreSQL container with its databases are now restricted for internal use in the Docker network. To administrate it we have setup pgAdmin. However, the connections to our NGINX reverse proxy are still unsecure. In the next step we will setup SSL with Let’s Encypt.

Enable SSL for NGINX reverse proxy using Let’s Encrypt on Docker

docker postgres jira confluence pgadmin nginx reverse proxy lets encrypt certbot

Leave a Reply