Username and password for postgresql - changing password from default does not work

maikenp1 · April 23, 2021, 1:29pm

My version of HedgeDoc is: 1.7.2

Running hedgedoc in docker container. Using the installation instructions on the web pages.

I want now to change the postgresql password.

What I expected to happen:
postgresql and hedgedoc works with non-default password

What actually happened:
The docker-compose example file here: https://docs.hedgedoc.org/setup/docker/ uses “hedgedoc” as username and “password” as password.

If I instead use “somepwd” as password like here:

Screen Shot 2021-04-23 at 15.24.22

I get errors and hedgedoc will not start properly:

    [root@hedgedoc ~]# cat /var/lib/docker/containers.  /2dd7a65e01757a723968807280ba6fa1d7895bdfa6a326ec3b781ac08d855672/2dd7a65e01757a723968807280ba6fa1d7895bdfa6a326ec3b781ac08d855672-json.log 
{"log":"2021/04/23 13:19:53 Waiting for: tcp://database:5432\n","stream":"stderr","time":"2021-04-23T13:19:53.958972872Z"}
{"log":"2021/04/23 13:19:53 Connected to tcp://database:5432\n","stream":"stderr","time":"2021-04-23T13:19:53.965566367Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:54.482455176Z"}
{"log":"\u001b[4mSequelize CLI [Node: 12.22.1, CLI: 5.5.1, ORM: 5.22.3]\u001b[24m\n","stream":"stdout","time":"2021-04-23T13:19:54.482497537Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:54.482504454Z"}
{"log":"Parsed url postgres://hedgedocuser:*****@database:5432/hedgedoc\n","stream":"stdout","time":"2021-04-23T13:19:54.502403067Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:54.587817263Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:54.587834524Z"}
{"log":"\u001b[31mERROR:\u001b[39m password authentication failed for user \"hedgedocuser\"\n","stream":"stderr","time":"2021-04-23T13:19:54.58784765Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:57.914435231Z"}
{"log":"\u003e HedgeDoc@1.7.2 start /hedgedoc\n","stream":"stdout","time":"2021-04-23T13:19:57.914477907Z"}
{"log":"\u003e sequelize db:migrate \u0026\u0026 node app.js\n","stream":"stdout","time":"2021-04-23T13:19:57.91448227Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:57.914485634Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:58.351438397Z"}
{"log":"\u001b[4mSequelize CLI [Node: 12.22.1, CLI: 5.5.1, ORM: 5.22.3]\u001b[24m\n","stream":"stdout","time":"2021-04-23T13:19:58.358410166Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:58.358452954Z"}
{"log":"Parsed url postgres://hedgedocuser:*****@database:5432/hedgedoc\n","stream":"stdout","time":"2021-04-23T13:19:58.38242646Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:58.451022418Z"}
{"log":"\n","stream":"stdout","time":"2021-04-23T13:19:58.451058892Z"}
{"log":"\u001b[31mERROR:\u001b[39m password authentication failed for user \"hedgedocuser\"\n","stream":"stderr","time":"2021-04-23T13:19:58.451071608Z"}

What am I missing to be able to change from the default suggested “password” to something more secure?

Edited by Erik Michelson, 2021-04-24 21:30, Formatted log as codeblock

DerMolly · April 24, 2021, 4:58pm

Hello @maikenp1,

Welcome to the community.

I guess you already used your HedgeDoc instance for some time, before trying to change the password?

If so, the database has a user hedgedoc with the old password already and simply changing the POSTGRES_PASSWORD environment variable in the docker compose file won’t work.
see https://hub.docker.com/_/postgres/ under POSTGRES_PASSWORD

You need to log into the database inside the container and change the hedgedoc user’s password.

This can be done with the psql command:
psql -U hedgedoc -c “alter user hedgedoc with password ‘<new_password>’;”

This can be done in the container by using:
docker exec -it <container name> <command>

Greetings
DerMolly

maikenp1 · April 24, 2021, 7:45pm

Hi thanks so much for your answer.

Well, this was the first test-setup, after having done

docker-compose up --detach

once, I brought it down with

docker-compose down
docker system prune -a

I was assuming that firing up a new container I would be able to set the password as I wanted with the docker-compose.yml edited with new password set.

But your advice worked well, thanks. Probably I do not quite understand how the containers work/keep persistent.

Maiken