The postgis/postgis
image provides tags for running Postgres with PostGIS extensions installed. This image is based on the official postgres
image and provides debian and alpine variants for PostGIS 3.4.x, which is compatible with PostgreSQL versions 12, 13, 14, 15, 16 and 17. Additionally, an image version is provided which is built from the latest two versions of Postgres (16, 17) with versions of PostGIS and its dependencies built from their respective master branches.
This image ensures that the default database created by the parent postgres
image will have the following extensions installed:
installed extensions | initialized |
---|---|
postgis |
yes |
postgis_topology |
yes |
postgis_tiger_geocoder |
yes |
postgis_raster |
|
postgis_sfcgal |
|
address_standardizer |
|
address_standardizer_data_us |
Unless -e POSTGRES_DB
is passed to the container at startup time, this database will be named after the admin user (either postgres
or the user specified with -e POSTGRES_USER
). If you would prefer to use the older template database mechanism for enabling PostGIS, the image also provides a PostGIS-enabled template database called template_postgis
.
Supported architecture: amd64
(also known as X86-64)"
Recommended versions for new users are: postgis/postgis:17-3.4
, postgis/postgis:16-3.4
- This Docker-PostGIS version has a cautious release cycle to guarantee high stability.
- By "cautious", we mean it does not always have the latest versions of geos, proj, gdal, and sfcgal packages.
- We use PostGIS, geos, proj, gdal, and sfcgal packages from the Debian repository.
- In the Debian Bullseye repository, the versions are: geos=3.9, gdal=3.2, proj=7.2, and sfcgal=1.3.9.
- This version is easy to extend and has matured over time.
DockerHub image | Dockerfile | OS | Postgres | PostGIS |
---|---|---|---|---|
postgis/postgis:12-3.4 | Dockerfile | debian:bullseye | 12 | 3.4.3 |
postgis/postgis:13-3.4 | Dockerfile | debian:bullseye | 13 | 3.4.3 |
postgis/postgis:14-3.4 | Dockerfile | debian:bullseye | 14 | 3.4.3 |
postgis/postgis:15-3.4 | Dockerfile | debian:bullseye | 15 | 3.4.3 |
postgis/postgis:16-3.4 | Dockerfile | debian:bullseye | 16 | 3.4.3 |
postgis/postgis:17-3.4 | Dockerfile | debian:bullseye | 17 | 3.4.3 |
- The base operating system is Alpine Linux. It is designed to be small, simple, and secure, and it's based on musl libc.
- In the Alpine 3.20 version, the package versions are: geos=3.12.2, gdal=3.9.2, proj=9.4, and sfcgal=1.5.1
- PostGIS is compiled from source, making it a bit more challenging to extend.
DockerHub image | Dockerfile | OS | Postgres | PostGIS |
---|---|---|---|---|
postgis/postgis:12-3.4-alpine | Dockerfile | alpine:3.20 | 12 | 3.4.3 |
postgis/postgis:13-3.4-alpine | Dockerfile | alpine:3.20 | 13 | 3.4.3 |
postgis/postgis:14-3.4-alpine | Dockerfile | alpine:3.20 | 14 | 3.4.3 |
postgis/postgis:15-3.4-alpine | Dockerfile | alpine:3.20 | 15 | 3.4.3 |
postgis/postgis:16-3.4-alpine | Dockerfile | alpine:3.20 | 16 | 3.4.3 |
postgis/postgis:16-3.5-alpine | Dockerfile | alpine:3.20 | 16 | 3.5.0 |
postgis/postgis:17-3.4-alpine | Dockerfile | alpine:3.20 | 17 | 3.4.3 |
postgis/postgis:17-3.5-alpine | Dockerfile | alpine:3.20 | 17 | 3.5.0 |
- We provide alpha, beta, release candidate (rc), and development (identified as ~master) versions.
- The template for the
*-master
images is updated manually, which might lead to a delay of a few weeks sometimes. - The ~master SFCGAL version is 1.5.1 or higher. The cgal version is locked on the 5.6.x-branch.
DockerHub image | Dockerfile | OS | Postgres | PostGIS |
---|---|---|---|---|
postgis/postgis:16-master | Dockerfile | debian:bullseye | 16 | development: postgis, geos, proj, gdal |
postgis/postgis:17-master | Dockerfile | debian:bullseye | 17 | development: postgis, geos, proj, gdal |
In order to run a basic container capable of serving a PostGIS-enabled database, start a container as follows:
docker run --name some-postgis -e POSTGRES_PASSWORD=mysecretpassword -d postgis/postgis
For more detailed instructions about how to start and control your Postgres container, see the documentation for the postgres
image here.
Once you have started a database container, you can then connect to the database either directly on the running container:
docker exec -ti some-postgis psql -U postgres
... or starting a new container to run as a client. In this case you can use a user-defined network to link both containers:
docker network create some-network
# Server container
docker run --name some-postgis --network some-network -e POSTGRES_PASSWORD=mysecretpassword -d postgis/postgis
# Client container
docker run -it --rm --network some-network postgis/postgis psql -h some-postgis -U postgres
Check the documentation on the postgres
image and Docker networking for more details and alternatives on connecting different containers.
See the PostGIS documentation for more details on your options for creating and using a spatially-enabled database.
Since the docker-postgis repository is an extension of the official Docker PostgreSQL repository, all environment variables supported there are also supported here:
POSTGRES_PASSWORD
POSTGRES_USER
POSTGRES_DB
POSTGRES_INITDB_ARGS
POSTGRES_INITDB_WALDIR
POSTGRES_HOST_AUTH_METHOD
PGDATA
Read more: https://github.com/docker-library/docs/blob/master/postgres/README.md
Warning: the Docker specific variables will only have an effect if you start the container with a data directory that is empty; any pre-existing database will be left untouched on container startup.
It's important to note that the environment variables for the Docker image are different from those of the libpq — C Library (PGDATABASE
,PGUSER
,PGPASSWORD
)
Troubleshooting can often be challenging. It's important to know that the docker-postgis repository is an extension of the official Docker PostgreSQL repository. Therefore, if you encounter any issues, it's worth testing whether the problem can be reproduced with the official PostgreSQL Docker images. If so, it's recommended to search for solutions based on this. The following websites are suggested:
- Upstream docker postgres repo: https://github.com/docker-library/postgres
- search for the open or closed issues !
- Docker Community Forums: https://forums.docker.com
- Docker Community Slack: https://dockr.ly/slack
- Stack Overflow: https://stackoverflow.com/questions/tagged/docker+postgresql
If your problem is Postgis related:
- Stack Overflow : docker + postgis https://stackoverflow.com/questions/tagged/docker+postgis
- Postgis issue tracker: https://trac.osgeo.org/postgis/report
And if you don't have a postgres docker experience - read this blog post:
It's crucial to be aware that in a cloud environment, with default settings, these images are vulnerable, and there's a high risk of cryptominer infection if the ports are left open. ( Read More )
- Note that ports which are not bound to the host (i.e.,
-p 5432:5432
instead of-p 127.0.0.1:5432:5432
) will be accessible from the outside. This also applies if you configured UFW to block this specific port, as Docker manages its own iptables rules. ( Read More )
- You can add options for using SSL ( see postgres example )
-c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key
- Or you can use SSH Tunnels with
-p 127.0.0.1:5432:5432
-
Please also scan the base
postgres
docker Image: It's important to also scan the basepostgres
Docker image for potential security issues. If your security scanner reports vulnerabilities (known as CVEs) in the image, you may wonder why. To get a better understanding, please read the Docker Library FAQ, especially the section titled "Why does my security scanner show that an image has CVEs?" For more specific issues related to the postgres docker image, you can search using these links: -
Optimizing Security Scans: It's advisable to focus on scanning and fixing issues that can be resolved. Use this command to scan for fixable issues only:
trivy image --ignore-unfixed postgis/postgis:16-3.4-alpine
trivy image --ignore-unfixed postgres:16-alpine
For more details, you can read this article: https://pythonspeed.com/articles/docker-security-scanner/
Unfortunately, we don't have control over updates to Debian and Alpine distributions or the upstream postgres
image.
Because of this, there might be some issues that we cannot fix right away.
On the positive side, the postgis/postgis
images are regenerated every Monday. This process is to ensure they include the latest changes and improvements. As a result, these images are consistently kept up-to-date.
We are always open to suggestions to enhance security. If you have any ideas, please let us know.
When You encouter errors due to PostGIS update OperationalError: could not access file "$libdir/postgis-X.X
, run:
docker exec some-postgis update-postgis.sh
It will update to Your newest PostGIS. Update is idempotent, so it won't hurt when You run it more than once, You will get notification like:
Updating PostGIS extensions template_postgis to X.X.X
NOTICE: version "X.X.X" of extension "postgis" is already installed
NOTICE: version "X.X.X" of extension "postgis_topology" is already installed
NOTICE: version "X.X.X" of extension "postgis_tiger_geocoder" is already installed
ALTER EXTENSION
Updating PostGIS extensions docker to X.X.X
NOTICE: version "X.X.X" of extension "postgis" is already installed
NOTICE: version "X.X.X" of extension "postgis_topology" is already installed
NOTICE: version "X.X.X" of extension "postgis_tiger_geocoder" is already installed
ALTER EXTENSION
This Docker-PostGIS project is part of the PostGIS group and follows more flexible contributor rules.
- Please take a moment to review the current issues, discussions, and pull requests before you start.
- If you have a major change in mind, we kindly ask you to start a discussion about it first.
- After making changes to the templates, please run the
./update.sh
script.