Custom Postgres Port in Docker Compose

Installation/Setup
1

Hi,

I am using Kong / Konga and VMWare Harbor docker images on the same docker host. Both want to use Postgres on port 5432 in their own database services.

I am trying to change the postgres database port from 5432 to 5433 so it does not collide with harbor. I am running kong via docker compose. Everything is good when all ports are set to 5432. However, when I update the docker-compose.yml file to reference 5433, it starts the database fine, but kong cannot connect to it.

kong_migration says:
Error: [postgres error] could not retrieve current migrations: [postgres error] connection refused

kong_1 says:

kong_1 | nginx: [error] init_by_lua error: /usr/local/share/lua/5.1/kong/init.lua:197: [postgres error] could not retrieve server_version: connection refused
kong_1 | stack traceback:
kong_1 | [C]: in function ‘error’
kong_1 | /usr/local/share/lua/5.1/kong/init.lua:197: in function ‘init’
kong_1 | init_by_lua:3: in main chunk

konga-prepare says:
konga-prepare_1 | debug: Preparing database…
konga-prepare_1 | Using postgres DB Adapter.
konga-prepare_1 | Failed to connect to DB { Error: connect ECONNREFUSED 172.21.0.2:5433
konga-prepare_1 | at Object._errnoException (util.js:992:11)
konga-prepare_1 | at _exceptionWithHostPort (util.js:1014:20)
konga-prepare_1 | at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1186:14)
konga-prepare_1 | code: ‘ECONNREFUSED’,
konga-prepare_1 | errno: ‘ECONNREFUSED’,
konga-prepare_1 | syscall: ‘connect’,
konga-prepare_1 | address: ‘172.21.0.2’,
konga-prepare_1 | port: 5433

There are a bunch of other errors - you get the point.

I can open a connection the database running on port 5433 from the host command line using psql.

I am running on Centos 7 docker host and have iptables running.

My docker-compose.yml looks like:

version: “3”

networks:
kong-net:
driver: bridge

services:

#######################################

Postgres: The database used by Kong

#######################################
kong-database:
image: postgres:9.6
restart: “no”
networks:
- kong-net
environment:
POSTGRES_USER: kong
POSTGRES_DB: kong
ports:
- “5433:5432”
healthcheck:
test: [“CMD”, “pg_isready”, “-U”, “kong”]
interval: 5s
timeout: 5s
retries: 5

#######################################

Kong database migration

#######################################
kong-migration:
image: kong:latest
command: “kong migrations up”
networks:
- kong-net
restart: “no”
environment:
KONG_PG_HOST: kong-database
KONG_PG_PORT: 5433
links:
- kong-database
depends_on:
- kong-database

#######################################

Kong: The API Gateway

#######################################
kong:
image: kong:latest
restart: “no”
networks:
- kong-net
environment:
KONG_PG_HOST: kong-database
KONG_PG_PORT: 5433
KONG_PROXY_LISTEN: 0.0.0.0:8000
KONG_ADMIN_LISTEN: 0.0.0.0:8001
depends_on:
- kong-migration
- kong-database
healthcheck:
test: [“CMD”, “curl”, “-f”, “http://kong:8001”]
interval: 5s
timeout: 2s
retries: 15
ports:
- “8001:8001”
- “8000:8000”

#######################################

Konga database prepare

#######################################
konga-prepare:
image: pantsel/konga:next
command: “-c prepare -a postgres -u postgresql://kong@kong-database:5433/konga_db”
networks:
- kong-net
environment:
DB_ADAPTER: postgres
DB_HOST: kong-database
DB_PORT: 5433
DB_USER: kong
DB_DATABASE: konga_db
DB_PASSWORD: kong
restart: “no”
links:
- kong-database
depends_on:
- kong-database

#######################################

Konga: Kong GUI

#######################################
konga:
image: pantsel/konga:next
restart: “no”
networks:
- kong-net
environment:
DB_ADAPTER: postgres
DB_HOST: kong-database
DB_PORT: 5433
DB_USER: kong
TOKEN_SECRET: km1GUr4RkcQD7DewhJPNXrCuZwcKmqjb
DB_DATABASE: konga_db
NODE_ENV: production
depends_on:
- kong-database
ports:
- “1337:1337”

I added an iptables entry for port 5433:

iptables -A DOCKER -p tcp --dport 5433 -j ACCEPT

Output from iptables -vL is:
Chain INPUT (policy ACCEPT 173 packets, 49385 bytes)
pkts bytes target prot opt in out source destination
2338 173K ACCEPT tcp – any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
60 3500 DOCKER-USER all – any any anywhere anywhere
60 3500 DOCKER-ISOLATION-STAGE-1 all – any any anywhere anywhere
30 1660 ACCEPT all – any br-675b9fcf4b0c anywhere anywhere ctstate RELATED,ESTABLISHED
22 1320 DOCKER all – any br-675b9fcf4b0c anywhere anywhere
8 520 ACCEPT all – br-675b9fcf4b0c !br-675b9fcf4b0c anywhere anywhere
0 0 ACCEPT all – br-675b9fcf4b0c br-675b9fcf4b0c anywhere anywhere
0 0 ACCEPT all – any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 DOCKER all – any docker0 anywhere anywhere
0 0 ACCEPT all – docker0 !docker0 anywhere anywhere
0 0 ACCEPT all – docker0 docker0 anywhere anywhere
0 0 ACCEPT all – any br-82b66d6dc659 anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 DOCKER all – any br-82b66d6dc659 anywhere anywhere
0 0 ACCEPT all – br-82b66d6dc659 !br-82b66d6dc659 anywhere anywhere
0 0 ACCEPT all – br-82b66d6dc659 br-82b66d6dc659 anywhere anywhere
0 0 ACCEPT all – any br-c2ac7b45db85 anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 DOCKER all – any br-c2ac7b45db85 anywhere anywhere
0 0 ACCEPT all – br-c2ac7b45db85 !br-c2ac7b45db85 anywhere anywhere
0 0 ACCEPT all – br-c2ac7b45db85 br-c2ac7b45db85 anywhere anywhere

Chain OUTPUT (policy ACCEPT 24 packets, 3012 bytes)
pkts bytes target prot opt in out source destination

Chain DOCKER (4 references)
** pkts bytes target prot opt in out source destination**
** 22 1320 ACCEPT tcp – any any anywhere anywhere tcp dpt:pyrrho**

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
8 520 DOCKER-ISOLATION-STAGE-2 all – br-675b9fcf4b0c !br-675b9fcf4b0c anywhere anywhere
0 0 DOCKER-ISOLATION-STAGE-2 all – docker0 !docker0 anywhere anywhere
0 0 DOCKER-ISOLATION-STAGE-2 all – br-82b66d6dc659 !br-82b66d6dc659 anywhere anywhere
0 0 DOCKER-ISOLATION-STAGE-2 all – br-c2ac7b45db85 !br-c2ac7b45db85 anywhere anywhere
1918 477K RETURN all – any any anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
pkts bytes target prot opt in out source destination
0 0 DROP all – any br-675b9fcf4b0c anywhere anywhere
0 0 DROP all – any docker0 anywhere anywhere
0 0 DROP all – any br-82b66d6dc659 anywhere anywhere
0 0 DROP all – any br-c2ac7b45db85 anywhere anywhere
309 20252 RETURN all – any any anywhere anywhere

Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
1918 477K RETURN all – any any anywhere anywhere

I am stumped at this point. Any thoughts on what the problem is?