Install (and secure) pgAdmin4 on Ubuntu20.04 using Docker

Step 1: Install Docker if it is not done yet

This part comes directly from the official website: https://docs.docker.com/engine/install/ubuntu

# Uninstall older versions just in case
sudo apt-get remove docker docker-engine docker.io containerd runc

# Set up the repository
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release

# Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Set up the stable repository
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker Engine
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

Personally I don’t like to have to type sudo everytime I run a docker command, so this will add your user to the ones who can run docker commands. If it still doesn’t work you may want to reload your terminal

# to run docker without sudo
sudo usermod -aG docker $USER

 

Step 2: Install pgAdmin4

This part looks like magic

# Pull the image
docker pull dpage/pgadmin4

# Of course you need to replace user@email.com and StrongPassword to your own values
sudo docker run -p 5050:80 -e "PGADMIN_DEFAULT_EMAIL=user@email.com" -e "PGADMIN_DEFAULT_PASSWORD=StrongPassword" -d dpage/pgadmin4

That’s it. Visit http://localhost:5050/ on your browser

What if you want to get rid of the :5050 in the URL?: The -p option of docker run works like this docker run -p host-port:docker-port. In our current case, we have  docker run -p 5050:80, but you can change 5050 to be any port on your machine that’s available.

 

Securing PgAdmin

You will need to (you *really should*) do this if your plan is to run PgAdmin on a server that’s publicly available through a domain name. For some reason I couldn’t find the full recipe online, so there you go. I am assuming that you have already bought your .crt (signed certificate) and .key (private key) files that are associated to the hostname that you are trying to secure.

 

# create a directory in your $HOME that pgadmin docker can use
mkdir ~/home/docker_volumes/
mkdir ~/home/docker_volumes/certs/
mkdir ~/home/docker_volumes/pgadmin/

# copy your certificates in the certs/ directory
cp /path/to/hostname.crt  ~/home/docker_volumes/certs/
cp /path/to/hostname.key  ~/home/docker_volumes/certs/

# make both directories owned by the docker id (=5050), run $ docker run -it --rm --entrypoint /usr/bin/id dpage/pgadmin4 to convince yourself
sudo chown -R 5050:5050 ~/home/docker_volumes/certs/
sudo chown -R 5050:5050 ~/home/docker_volumes/pgadmin/

# THE command
docker run -p 5050:443 \
-v ~/home/docker_volumes/pgadmin:/var/lib/pgadmin \ 
-v ~/home/docker_volumes/certs/hostname.crt:/certs/server.cert \ 
-v ~/home/docker_volumes/certs/hostname.key:/certs/server.key \ 
-v /tmp/servers.json:/pgadmin4/servers.json \ 
-e 'PGADMIN_DEFAULT_EMAIL=user@email.com' \ 
-e 'PGADMIN_DEFAULT_PASSWORD=StrongPassword' \ 
-e 'PGADMIN_ENABLE_TLS=True' \ 
-d dpage/pgadmin4

Then you can visit https://your-hostname:5050 on your browser. If for some reason it is not working as you wish, you can check the docker log with

# Replace CONTAINER_ID with your PgAdmin's container ID (you can find it with docker ps)
docker logs CONTAINER_ID