<div dir="ltr"><div dir="ltr">Thank you very much Rizky,<div><br></div><div>Actually the WFS serves totally the purpose I'm seeking without the security implications of exposing my database as you well described it, I feel dumb for not considering it in the first place.</div><div><br></div><div>Thanks again for your enlightening advice.</div><div><br></div><div>Kind regards,</div><div><br></div><div>José<br><br><br><br></div><br><div id="mt-signature">
<table border="0" cellpadding="8" cellspacing="0" style="user-select: none;">
<tbody><tr>
<td>
<a href="https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&" class="" style="text-decoration:none">
<img src="https://s3.amazonaws.com/mailtrack-signature/sender_notified.gif" alt="Mailtrack" class="" width="32" height="32">
</a>
</td>
<td>
<span style="color:#777">Remitente notificado con</span> <br>
<a href="https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&" class="mt-install" style="color:#4374f7">Mailtrack</a>
<span style="color:transparent;font-size:0">12/05/20 20:25:04</span>
</td>
<td>
</td>
</tr>
</tbody></table>
</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 11, 2020 at 6:01 PM Rizky Maulana Nugraha <<a href="mailto:rizky@kartoza.com">rizky@kartoza.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div name="messageBodySection">
<div dir="auto">Hi Jose,<br>
<br>
If I understand it correctly, you want QGIS to access the database inside the containers, which is the same containers that GeoServer uses as PostGIS store in default configuration.<br>
<br>
If you want to expose PostGIS database directly, you should expose the port to the network. As this is just a tcp port, you can directly expose it over the network, like what you normally would with other port such as SSH.<br>
<br>
Let’s suppose you want to expose PostGIS over port 6543. Your database connection might look like this: postgis://user:pass@<mydomain>:6543/geonode_data<br>
<br>
To achieve that, you need to expose your container port. Add the port mapping entries to your docker-compose.yml file (or docker-compose.override.yml if you use it rather). The key should be <strong>services.db.ports</strong> and it should look like this:<br>
<br>
services:<br>
db:<br>
ports:<br>
- “6543:5432”<br>
<br>
Note that the way you access the database from outside the container does not affect how each containers connect to each other. There is no reason to set DATABASE_HOST other than it’s default value. Each containers knows that the database host is <strong>db</strong> (from the service name). For you, who want to access it from QGIS over the physical network, what matters is the address (can be IP address or DNS record) of where the machine that deploy the containers is, and the port that you expose, in this case 6543. But if you are using external database (not in docker) to feed into GeoNode and/or GeoServer, then the settings DATABASE_HOST becomes relevant.<br>
<br>
Alternatively you could also access it via WFS connection. After all, GeoServer can handle WFS. You can have the WFS endpoint of the layer you want to edit by copying the link from GeoNode metadata page, or from GeoServer directly (the WFS or OWS endpoint). However you can not create new table/layer this way. You can only connect to existing layer to perform Add/Edit features.<br>
<br>
Another note from security perspectives. Opening up your postgres connection over public network is not secure. To protect your database from man in the middle attack, you should activate SSL connection setup for your postgres. Other attempt to at least avoid an attack is by choosing random port to expose. For example, choose to expose at port 31201 instead of 6543 or 5432, which is a common guess for Postgres port. If your machine is behind firewall, you also need to allow inbound traffic to that port.<br></div>
</div>
<div name="messageSignatureSection"><br>
<div>Regards,
<div>
<div>--</div>
<div>Rizky Maulana Nugraha</div>
<div>Senior Software Engineer</div>
<div>Kartoza</div>
<a href="mailto:rizky@kartoza.com" target="_blank">rizky@kartoza.com</a></div>
</div>
</div>
<div name="messageReplySection">On 12 May 2020 02.50 +0700, Jose Cáceres <<a href="mailto:jose.atyus@gmail.com" target="_blank">jose.atyus@gmail.com</a>>, wrote:<br>
<blockquote type="cite" style="border-left:thin solid grey;margin:5px;padding-left:10px">
<div dir="ltr">Hi,
<div><br></div>
<div>I've installed Geonode Core on a Ubuntu server using Docker by following this instructions: <a href="https://docs.geonode.org/en/master/install/core/index.html#docker" target="_blank">https://docs.geonode.org/en/master/install/core/index.html#docker</a> </div>
<div><br></div>
<div>Right now, as default, the PostGIS database is running on localhost, but I would like to access the layers on Geoserver through QGIS on my Desktop and edit layers from there and push it back to Geoserver using my domain or the local IP as the Database Host.</div>
<div><br></div>
<div>Si my question is if there is a way to define a environmental variable, like DATABASE_HOST, on the docker composer file to override the localhost, and where does that variable should be, over the django container variables or over the db container.</div>
<div><br></div>
<div>This is how my docker file is configure right now:</div>
<div><br></div>
<div>version: '2.2'<br>
services:<br>
<br>
django:<br>
build: .<br>
# Loading the app is defined here to allow for<br>
# autoreload on changes it is mounted on top of the<br>
# old copy that docker added when creating the image<br>
volumes:<br>
- '.:/usr/src/app'<br>
environment:<br>
- DEBUG=False<br>
- GEONODE_LB_HOST_IP=<mydomain><br>
- GEONODE_LB_PORT=443<br>
- SITENAME = 'Geoportal OUOT'<br>
- SITEURL=https://<mydomain>/<br>
- ALLOWED_HOSTS=['<mydomain>', ]<br>
- GEOSERVER_PUBLIC_LOCATION=https:// <mydomain> /geoserver/<br>
- GEOSERVER_WEB_UI_LOCATION=https:// <mydomain> /geoserver/<br>
<br>
geoserver:<br>
environment:<br>
- GEONODE_LB_HOST_IP= <mydomain><br>
- GEONODE_LB_PORT=443<br clear="all">
<div><br></div>
<div><br></div>
<div>Thanks,</div>
<div><br></div>
<div>José </div>
--<br>
<div dir="ltr">
<div dir="ltr">
<div>José David Cáceres
<div>Ingeniero Ambiental</div>
<div>Máster en Tecnologías de la Información Geográfica<br>
<div>e-mail: <a href="mailto:jose.atyus@gmail.com" target="_blank">jose.atyus@gmail.com</a></div>
</div>
</div>
</div>
</div>
<br></div>
<br>
<div id="gmail-m_-8416247722764504994mt-signature">
<table border="0" cellpadding="8" cellspacing="0">
<tbody>
<tr>
<td><a href="https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&" style="text-decoration:none" target="_blank"><img src="https://s3.amazonaws.com/mailtrack-signature/sender_notified.gif" alt="Mailtrack" width="32" height="32"></a></td>
<td><span style="color:rgb(119,119,119)">Remitente notificado con</span><br>
<a href="https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&" style="color:rgb(67,116,247)" target="_blank">Mailtrack</a> <span style="color:transparent;font-size:0px">11/05/20 13:48:46</span></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<img width="0" height="0" alt="" style="display: flex;" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"></div>
_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-users</a><br></blockquote>
</div>
</div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>José David Cáceres<div>Ingeniero Ambiental</div><div>Máster en Tecnologías de la Información Geográfica<br><div>e-mail: <a href="mailto:jose.atyus@gmail.com" target="_blank">jose.atyus@gmail.com</a></div></div></div></div></div><img width="0" height="0" class="mailtrack-img" alt="" style="display:flex" src="https://mailtrack.io/trace/mail/a9aaf0098af378223b708a7cd894db25dda33e9a.png?u=16998"></div>