Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Set Up PostgreSQL in a Google Cloud VM using Docker Compose

1. Google Cloud Prep

  • Make sure you have a Google Cloud Project set up.
  • Enable Billing, Compute Engine, and Cloud SQL Admin API.
  • Create a VM instance (Debian, obviously).

2. Generate SSH key locally:

ssh-keygen -t rsa -b 4096 -C "pwatpwat@yourdomain.dev"

Hit Enter a few times to use default paths (~/.ssh/id_rsa).

3. Connect to the VM instance

Connect

gcloud config set project pwatgres

pwatgres = project name.

  • Check if the first connection worked:
gcloud config list
  • Add your SSH key to the project:
gcloud compute os-login ssh-keys add --key-file=~/.ssh/id_rsa.pub
  • Confirm access:
gcloud compute ssh pwat-db-vm --zone=europe-west1-b

Basic Post-Boot Hardening

Firewall with ufw:

sudo apt update && sudo apt upgrade -y
sudo apt install ufw -y
sudo ufw allow OpenSSH
sudo ufw enable

Fail2Ban (basic brute-force protection)

sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

4. Docker Setup

sudo apt update && sudo apt install docker.io -y
sudo systemctl enable docker
sudo systemctl start docker
  • Test if the daemon hears your call:
docker --version
  • Install Docker Compose:
sudo apt install docker-compose -y
docker-compose --version
  • Let Yourself Command the Docker Army
sudo usermod -aG docker $USER
newgrp docker

You now have Docker privileges without needing sudo every time like a mortal.

5. Create Docker Compose Project

mkdir ~/pwatgres && cd ~/pwatgres
nano docker-compose.yml

version: '3.8'
services:
  postgres:
    image: postgres:16
    restart: always
    container_name: pwatgres
    env_file:
      - .env
    ports:
      - "5432:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data
volumes:
  pgdata:
  • Create the .env file

Inside ~/pwatgres/:

nano .env

Example contents:

POSTGRES_DB=mydb
POSTGRES_USER=admin
POSTGRES_PASSWORD=changemepls

Save and close. DO NOT commit this if you ever sync this repo.

You can lock this .env file down with:

chmod 600 .env

Deploy that beast

docker-compose up -d

Misc

  • To shut down gracefully:
sudo shutdown +1 "The API layer dreams tonight. Goodnight, sweet daemon."

Security: Avoid Paying for Google’s Mistakes

  • Set up a billing alert. If your database starts scaling up unnecessarily, you will get charged.
  • Limit instance size in Compute Engine (e.g., ec2-nano).