berkay
9530aa4bfd
|
||
|---|---|---|
| config | ||
| environments | ||
| init | ||
| runner | ||
| scripts | ||
| .env.example | ||
| README.md | ||
| docker-compose.yaml | ||
| proxmox-lxc-setup.md | ||
README.md
PostgreSQL Production Setup for Proxmox LXC Container
This repository contains a production-ready PostgreSQL setup using Docker Compose, designed to run on a Proxmox LXC container.
Overview
The configuration includes:
- PostgreSQL 15 with optimized configuration
- Persistent data storage
- Security features
- Health checks
- Resource limits
- Backup and restore capabilities
Prerequisites
- Proxmox VE with LXC container support
- Docker and Docker Compose installed on the LXC container
- Proper network configuration in Proxmox
Configuration Details
docker-compose.yml Explained
services:
postgres:
image: postgres:15 # Using PostgreSQL 15
container_name: postgres
restart: always # Ensures PostgreSQL restarts automatically
environment:
# Environment variables for authentication
- POSTGRES_USER=${POSTGRES_USER:-postgres} # Default: postgres
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} # Default: password
- POSTGRES_DB=${POSTGRES_DB:-postgres} # Default: postgres
- PGDATA=/var/lib/postgresql/data/pgdata
volumes:
# Persistent data storage
- postgres_data:/var/lib/postgresql/data # Database files
- ./config/postgres.conf:/etc/postgresql/postgresql.conf # Configuration file
- ./init:/docker-entrypoint-initdb.d # Initialization scripts
ports:
- "5432:5432" # Expose PostgreSQL port
command: postgres -c config_file=/etc/postgresql/postgresql.conf
healthcheck:
# Regular health checks
test:
[
"CMD-SHELL",
"pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-postgres}",
]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
networks:
- postgres_network
ulimits:
# Increase file descriptor limits for production
nofile:
soft: 64000
hard: 64000
logging:
# Log rotation to prevent disk space issues
driver: "json-file"
options:
max-size: "200m"
max-file: "10"
volumes:
postgres_data: # Persistent volume for database files
driver: local
networks:
postgres_network:
driver: bridge
Security Considerations
- Authentication: PostgreSQL is configured with authentication enabled by default
- Environment Variables: Sensitive information is passed via environment variables
- Network Isolation: Services run on a dedicated bridge network
- Configuration: Optimized PostgreSQL configuration for security and performance
Initialization Script
The initialization scripts in the init/ directory:
- Create default roles and permissions
- Set up sample schemas and tables
- Configure database parameters for optimal performance
Setup and Usage
Initial LXC Container Setup
For detailed instructions on setting up an LXC container in Proxmox specifically for this PostgreSQL service, please refer to the Proxmox LXC Setup Guide.
The guide includes:
- Creating an LXC container with the right specifications
- Configuring the container for Docker
- Setting up networking
- Installing Docker and Docker Compose
- Troubleshooting common issues
Deploy PostgreSQL Service
- Clone this repository to your LXC container:
git clone <repository-url>
cd postgres-service
- Create a
.envfile with your custom credentials:
POSTGRES_USER=your_postgres_username
POSTGRES_PASSWORD=your_secure_password
POSTGRES_DB=your_database_name
- Make the scripts executable:
chmod +x scripts/*.sh
- Start the PostgreSQL service:
docker-compose up -d
- Verify the service is running:
docker-compose ps
- Connect to PostgreSQL:
psql -h your-server-ip -p 5432 -U your_postgres_username -d your_database_name
Backup and Restore
Creating a Backup
./scripts/backup.sh
Restoring from Backup
./scripts/restore.sh <backup-file>
Proxmox LXC Container Configuration
For optimal performance in a Proxmox LXC container:
-
Ensure the container has sufficient resources:
- At least 2 CPU cores
- Minimum 4GB RAM
- At least 20GB storage
-
Enable necessary features in the LXC container:
pct set <container-id> -features nesting=1 -
Configure container for Docker:
echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/unprivileged-userns-clone.conf sysctl -p /etc/sysctl.d/unprivileged-userns-clone.conf
Maintenance
-
Backups: PostgreSQL data is stored in named volumes. Use Docker's volume backup mechanisms:
docker run --rm -v postgres_data:/data -v $(pwd):/backup alpine tar -czf /backup/postgres-data-backup.tar.gz /data -
Monitoring: The service is configured with health checks and can be integrated with monitoring tools like Prometheus and Grafana
-
Updating: To update PostgreSQL version, change the image tag in docker-compose.yml and restart:
docker-compose down # Edit docker-compose.yml to update image version docker-compose up -d
Troubleshooting
- Connection Issues: Ensure ports are not blocked by firewall
- Performance Issues: Check PostgreSQL logs with
docker-compose logs postgres - Resource Problems: Monitor container resource usage and adjust limits if needed
License
This project is licensed under the MIT License - see the LICENSE file for details.