[GeoNode-users] Configure PostGIS Database over IP or Domain
jose.atyus at gmail.com
Tue May 12 19:25:22 PDT 2020
Thank you very much Rizky,
Actually the WFS serves totally the purpose I'm seeking without the
security implications of exposing my database as you well described it, I
feel dumb for not considering it in the first place.
Thanks again for your enlightening advice.
On Mon, May 11, 2020 at 6:01 PM Rizky Maulana Nugraha <rizky at kartoza.com>
> Hi Jose,
> If I understand it correctly, you want QGIS to access the database inside
> the containers, which is the same containers that GeoServer uses as PostGIS
> store in default configuration.
> If you want to expose PostGIS database directly, you should expose the
> port to the network. As this is just a tcp port, you can directly expose it
> over the network, like what you normally would with other port such as SSH.
> Let’s suppose you want to expose PostGIS over port 6543. Your database
> connection might look like this: postgis://user:pass@
> To achieve that, you need to expose your container port. Add the port
> mapping entries to your docker-compose.yml file (or
> docker-compose.override.yml if you use it rather). The key should be
> *services.db.ports* and it should look like this:
> - “6543:5432”
> Note that the way you access the database from outside the container does
> not affect how each containers connect to each other. There is no reason to
> set DATABASE_HOST other than it’s default value. Each containers knows that
> the database host is *db* (from the service name). For you, who want to
> access it from QGIS over the physical network, what matters is the address
> (can be IP address or DNS record) of where the machine that deploy the
> containers is, and the port that you expose, in this case 6543. But if you
> are using external database (not in docker) to feed into GeoNode and/or
> GeoServer, then the settings DATABASE_HOST becomes relevant.
> Alternatively you could also access it via WFS connection. After all,
> GeoServer can handle WFS. You can have the WFS endpoint of the layer you
> want to edit by copying the link from GeoNode metadata page, or from
> GeoServer directly (the WFS or OWS endpoint). However you can not create
> new table/layer this way. You can only connect to existing layer to perform
> Add/Edit features.
> Another note from security perspectives. Opening up your postgres
> connection over public network is not secure. To protect your database from
> man in the middle attack, you should activate SSL connection setup for your
> postgres. Other attempt to at least avoid an attack is by choosing random
> port to expose. For example, choose to expose at port 31201 instead of 6543
> or 5432, which is a common guess for Postgres port. If your machine is
> behind firewall, you also need to allow inbound traffic to that port.
> Rizky Maulana Nugraha
> Senior Software Engineer
> rizky at kartoza.com
> On 12 May 2020 02.50 +0700, Jose Cáceres <jose.atyus at gmail.com>, wrote:
> I've installed Geonode Core on a Ubuntu server using Docker by following
> this instructions:
> Right now, as default, the PostGIS database is running on localhost, but I
> would like to access the layers on Geoserver through QGIS on my Desktop and
> edit layers from there and push it back to Geoserver using my domain or the
> local IP as the Database Host.
> Si my question is if there is a way to define a environmental variable,
> like DATABASE_HOST, on the docker composer file to override the localhost,
> and where does that variable should be, over the django container variables
> or over the db container.
> This is how my docker file is configure right now:
> version: '2.2'
> build: .
> # Loading the app is defined here to allow for
> # autoreload on changes it is mounted on top of the
> # old copy that docker added when creating the image
> - '.:/usr/src/app'
> - DEBUG=False
> - GEONODE_LB_HOST_IP=<mydomain>
> - GEONODE_LB_PORT=443
> - SITENAME = 'Geoportal OUOT'
> - SITEURL=https://<mydomain>/
> - ALLOWED_HOSTS=['<mydomain>', ]
> - GEOSERVER_PUBLIC_LOCATION=https:// <mydomain> /geoserver/
> - GEOSERVER_WEB_UI_LOCATION=https:// <mydomain> /geoserver/
> - GEONODE_LB_HOST_IP= <mydomain>
> - GEONODE_LB_PORT=443
> José David Cáceres
> Ingeniero Ambiental
> Máster en Tecnologías de la Información Geográfica
> e-mail: jose.atyus at gmail.com
> [image: Mailtrack]
> <https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&> Remitente
> notificado con
> <https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&> 11/05/20
> geonode-users mailing list
> geonode-users at lists.osgeo.org
José David Cáceres
Máster en Tecnologías de la Información Geográfica
e-mail: jose.atyus at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the geonode-users