From 2a362fbd2e0a1a9fb4128cdb5a091199d7996077 Mon Sep 17 00:00:00 2001 From: Daniel Tschinder <231804+danez@users.noreply.github.com> Date: Wed, 9 Jul 2025 13:12:32 +0200 Subject: [PATCH 1/2] Add doc to make Postgres only available local --- postgres_15/README.md | 9 +++++++++ postgres_17/README.md | 11 +++++++++++ 2 files changed, 20 insertions(+) diff --git a/postgres_15/README.md b/postgres_15/README.md index 489d36db5..7a88120bd 100644 --- a/postgres_15/README.md +++ b/postgres_15/README.md @@ -58,6 +58,15 @@ The installation of this add-on is pretty straightforward and not different in c 1. Check the logs of the add-on to see if everything went well. 1. Use any Postgres client to connect, e.g. to `homeassistant.local:5432` +## Security + +By default, Postgres will be reachable on the local network of your host system. To improve security, you can disable this behavior and make Postgres available only to other Add-ons within Home Assistant. + +1. Configure all Add-ons that use Postgres to connect via the internal DNS name: `db21ed7f-postgres:5432`. +2. Go to **Settings → Add-ons → Postgres 15 → Configuration**, and under **Network**, remove port `5432` by clearing the text field. +3. Click **Save** and restart the Add-on. +4. Postgres is now only accessible from other Add-ons and no longer reachable from your local network (e.g., laptop, IoT devices, etc.). + ## Support Create an issue on github diff --git a/postgres_17/README.md b/postgres_17/README.md index 26a2002f2..6fced5acc 100644 --- a/postgres_17/README.md +++ b/postgres_17/README.md @@ -66,6 +66,17 @@ Migration from postgres 15 : - use the Filebrowser addon to copy the database folder from /addon_configs/xxx-postgres to /addon_configs/xxx-postgres_latest - start the postgres 17 addon. Upgrade of the database should proceed. In case it doesn't, your data is anyway safe in the postgres 15 addon +Sure! Here's the improved version in Markdown format for easy copy-pasting: + +## Security + +By default, Postgres will be reachable on the local network of your host system. To improve security, you can disable this behavior and make Postgres available only to other Add-ons within Home Assistant. + +1. Configure all Add-ons that use Postgres to connect via the internal DNS name: `db21ed7f-postgres-latest:5432`. +2. Go to **Settings → Add-ons → Postgres 17 → Configuration**, and under **Network**, remove port `5432` by clearing the text field. +3. Click **Save** and restart the Add-on. +4. Postgres is now only accessible from other Add-ons and no longer reachable from your local network (e.g., laptop, IoT devices, etc.). + ## Support Create an issue on github From 042877c32a3fe7ab52d003bcf0c5cd0bb6112165 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Wed, 9 Jul 2025 13:31:24 +0200 Subject: [PATCH 2/2] Clean text --- postgres_17/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/postgres_17/README.md b/postgres_17/README.md index 6fced5acc..900d3faf8 100644 --- a/postgres_17/README.md +++ b/postgres_17/README.md @@ -66,8 +66,6 @@ Migration from postgres 15 : - use the Filebrowser addon to copy the database folder from /addon_configs/xxx-postgres to /addon_configs/xxx-postgres_latest - start the postgres 17 addon. Upgrade of the database should proceed. In case it doesn't, your data is anyway safe in the postgres 15 addon -Sure! Here's the improved version in Markdown format for easy copy-pasting: - ## Security By default, Postgres will be reachable on the local network of your host system. To improve security, you can disable this behavior and make Postgres available only to other Add-ons within Home Assistant.