[GeoNode-users] Configure PostGIS Database over IP or Domain

Rizky Maulana Nugraha rizky at kartoza.com
Mon May 11 17:00:02 PDT 2020

Hi Jose,

If I understand it correctly, you want QGIS to access the database inside the containers, which is the same containers that GeoServer uses as PostGIS store in default configuration.

If you want to expose PostGIS database directly, you should expose the port to the network. As this is just a tcp port, you can directly expose it over the network, like what you normally would with other port such as SSH.

Let’s suppose you want to expose PostGIS over port 6543. Your database connection might look like this: postgis://user:pass@<mydomain>:6543/geonode_data

To achieve that, you need to expose your container port. Add the port mapping entries to your docker-compose.yml file (or docker-compose.override.yml if you use it rather). The key should be services.db.ports and it should look like this:

- “6543:5432”

Note that the way you access the database from outside the container does not affect how each containers connect to each other. There is no reason to set DATABASE_HOST other than it’s default value. Each containers knows that the database host is db (from the service name). For you, who want to access it from QGIS over the physical network, what matters is the address (can be IP address or DNS record) of where the machine that deploy the containers is, and the port that you expose, in this case 6543. But if you are using external database (not in docker) to feed into GeoNode and/or GeoServer, then the settings DATABASE_HOST becomes relevant.

Alternatively you could also access it via WFS connection. After all, GeoServer can handle WFS. You can have the WFS endpoint of the layer you want to edit by copying the link from GeoNode metadata page, or from GeoServer directly (the WFS or OWS endpoint). However you can not create new table/layer this way. You can only connect to existing layer to perform Add/Edit features.

Another note from security perspectives. Opening up your postgres connection over public network is not secure. To protect your database from man in the middle attack, you should activate SSL connection setup for your postgres. Other attempt to at least avoid an attack is by choosing random port to expose. For example, choose to expose at port 31201 instead of 6543 or 5432, which is a common guess for Postgres port. If your machine is behind firewall, you also need to allow inbound traffic to that port.

Rizky Maulana Nugraha
Senior Software Engineer
rizky at kartoza.com
On 12 May 2020 02.50 +0700, Jose Cáceres <jose.atyus at gmail.com>, wrote:
> Hi,
> I've installed Geonode Core on a Ubuntu server using Docker by following this instructions: https://docs.geonode.org/en/master/install/core/index.html#docker
> Right now, as default, the PostGIS database is running on localhost, but I would like to access the layers on Geoserver through QGIS on my Desktop and edit layers from there and push it back to Geoserver using my domain or the local IP as the Database Host.
> Si my question is if there is a way to define a environmental variable, like DATABASE_HOST, on the docker composer file to override the localhost, and where does that variable should be, over the django container variables or over the db container.
> This is how my docker file is configure right now:
> version: '2.2'
> services:
>  django:
>     build: .
>     # Loading the app is defined here to allow for
>     # autoreload on changes it is mounted on top of the
>     # old copy that docker added when creating the image
>     volumes:
>       - '.:/usr/src/app'
>     environment:
>       - DEBUG=False
>       - GEONODE_LB_HOST_IP=<mydomain>
>       - GEONODE_LB_PORT=443
>       - SITENAME = 'Geoportal OUOT'
>       - SITEURL=https://<mydomain>/
>       - ALLOWED_HOSTS=['<mydomain>', ]
>       - GEOSERVER_PUBLIC_LOCATION=https:// <mydomain> /geoserver/
>       - GEOSERVER_WEB_UI_LOCATION=https:// <mydomain> /geoserver/
>   geoserver:
>     environment:
>       - GEONODE_LB_HOST_IP= <mydomain>
>       - GEONODE_LB_PORT=443
> Thanks,
> José
> --
> José David Cáceres
> Ingeniero Ambiental
> Máster en Tecnologías de la Información Geográfica
> e-mail: jose.atyus at gmail.com
> Remitente notificado con
> Mailtrack 11/05/20 13:48:46
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20200512/60a74d56/attachment.html>

More information about the geonode-users mailing list