⚠️ Breaking change (PostgreSQL 18+): Default VOLUME path changed to /var/lib/postgresql

The postgis/postgis image provides tags for running Postgres with PostGIS extensions installed. This image is based on the official postgres image and provides Debian and Alpine variants for PostGIS 3.5.x and 3.6.x that are compatible with PostgreSQL versions 13, 14, 15, 16, 17 and 18. Additionally, image variants are provided for PostgreSQL 16 and 17, built with PostGIS (and its dependencies) from their respective master branches. These are tagged as 16-master and 17-master.

This image ensures that the default database created by the parent postgres image will have the following extensions installed:

Unless -e POSTGRES_DB is passed to the container at startup time, this database will be named after the admin user (either postgres or the user specified with -e POSTGRES_USER). If you would prefer to use the older template database mechanism for enabling PostGIS, the image also provides a PostGIS-enabled template database called template_postgis.

Supported architecture: amd64 (x86-64)

Recommended versions for new users are:

• postgis/postgis:18-3.6
  • ⚠️ Uses VOLUME path /var/lib/postgresql (changed in PostgreSQL 18+)
• postgis/postgis:17-3.5
  • Uses legacy VOLUME path /var/lib/postgresql/data

• This Docker-PostGIS image has a cautious release cycle to guarantee high stability.
  • By "cautious", we mean it does not always have the latest versions of geos, proj, gdal, and sfcgal packages.
• We use PostGIS, geos, proj, gdal, and sfcgal packages from the Debian repository.
  • In the Debian Bullseye repository (for PostgreSQL 13 to 17), the versions are:
    • geos=3.9
    • gdal=3.2
    • proj=7.2
    • sfcgal=1.3.9
  • In the Debian Trixie repository (for PostgreSQL 18+), the versions are:
    • geos=3.13
    • gdal=3.10
    • proj=9.6
    • sfcgal2=2.0
• This version is easy to extend and has matured over time.

• The base operating system is Alpine Linux. It is designed to be small, simple, and secure, and it's based on musl libc.
• In the Alpine 3.22 version, the package versions are:
  • geos=3.13.1
  • gdal=3.10.2
  • proj=9.6.0
  • sfcgal=2.0.0
• PostGIS is compiled from source, making it a bit more challenging to extend.

• We provide alpha, beta, release candidate (rc), and development (identified as ~master) versions.
• The template for the *-master images is updated manually, which might lead to a delay of a few weeks sometimes.

In order to run a basic container capable of serving a PostGIS-enabled database, start a container as follows:

docker run --name some-postgis -e POSTGRES_PASSWORD=mysecretpassword -d postgis/postgis

For more detailed instructions about how to start and control your Postgres container, see the documentation for the postgres image.

Once you have started a database container, you can then connect to the database either directly on the running container:

docker exec -ti some-postgis psql -U postgres

... or starting a new container to run as a client. In this case you can use a user-defined network to link both containers:

docker network create some-network

# Server container
docker run --name some-postgis --network some-network -e POSTGRES_PASSWORD=mysecretpassword -d postgis/postgis

# Client container
docker run -it --rm --network some-network postgis/postgis psql -h some-postgis -U postgres

Check the documentation on the postgres image and Docker networking for more details and alternatives on connecting different containers.

See the PostGIS documentation for more details on your options for creating and using a spatially-enabled database.

Since the docker-postgis repository is an extension of the official Docker PostgreSQL repository, all environment variables supported there are also supported here:

• POSTGRES_PASSWORD
• POSTGRES_USER
• POSTGRES_DB
• POSTGRES_INITDB_ARGS
• POSTGRES_INITDB_WALDIR
• POSTGRES_HOST_AUTH_METHOD
• PGDATA ⚠️ Changed in Docker PostgreSQL >=18 ! ⚠️

Read more in the docker-postgres README page

Starting from PostgreSQL 18, the default data directory (VOLUME) path has changed. This affects all corresponding postgis/postgis:18-* and newer images.

Summary of volume paths:

Please adjust your volume mounts for 18+ images. For more details, see the upstream change.

Docker-specific environment variables (for example, POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD) take effect only when the container is started with an empty data directory. Any pre-existing database will be left untouched on container startup.

If you need to re-initialize or change settings, make sure to remove or re-create the volume first.

Please note that Docker environment variables are different from those used by the libpq — C Library. These include: PGDATABASE, PGUSER, PGPASSWORD, and others used by client tools.

Troubleshooting can often be challenging. It's important to know that the docker-postgis repository is an extension of the official Docker PostgreSQL repository. Therefore, if you encounter any issues, it's worth testing whether the problem can be reproduced with the official PostgreSQL Docker images. If so, it's recommended to search for solutions based on this. The following websites are suggested:

• Upstream docker postgres repo: https://github.com/docker-library/postgres
  • search for the open or closed issues !
• Docker Community Forums: https://forums.docker.com
• Docker Community Slack: https://dockr.ly/slack
• Stack Overflow: https://stackoverflow.com/questions/tagged/docker+postgresql

If your problem is PostGIS related:

• Stack Overflow : docker + postgis https://stackoverflow.com/questions/tagged/docker+postgis
• PostGIS issue tracker: https://trac.osgeo.org/postgis/report

And if you don't have a postgres docker experience - read this blog post:

• https://www.docker.com/blog/how-to-use-the-postgres-docker-official-image/

It's crucial to be aware that in a cloud environment, with default settings, these images are vulnerable, and there's a high risk of cryptominer infection if the ports are left open. ( Read More )

• Note that ports which are not bound to the host (i.e., -p 5432:5432 instead of -p 127.0.0.1:5432:5432) will be accessible from the outside. This also applies if you configured UFW to block this specific port, as Docker manages its own iptables rules. ( Read More )

Every postgis/postgis:18-* image includes io_uring capabilities for asynchronous I/O. However, some container runtimes (for example, containerd) have disabled io_uring support in the past due to security concerns. If you wish to experiment with this feature, please do so at your own risk, and only after explicitly enabling io_uring in your seccomp profile.

• You can add options for using SSL ( see postgres example )
  • -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key
• Or you can use SSH Tunnels with -p 127.0.0.1:5432:5432

• Please also scan the base postgres Docker image for potential security issues. If your security scanner reports vulnerabilities (CVEs), check the Docker Library FAQ — especially the section “Why does my security scanner show that an image has CVEs?” For more specific issues related to the Postgres Docker image, you can search using these links:

  • search for repo:docker-library/postgres trivy
  • search for repo:docker-library/postgres CVE

• Optimizing Security Scans: It's advisable to focus on scanning and fixing issues that can be resolved. Use this command to scan for fixable issues only:

  • trivy image --ignore-unfixed postgis/postgis:18-3.6-alpine
  • trivy image --ignore-unfixed postgres:18-alpine For more details, you can read this article

Unfortunately, we don't have control over updates to Debian and Alpine distributions or the upstream postgres image. Because of this, there might be some issues that we cannot fix right away. On the positive side, the postgis/postgis images are regenerated every Monday. This process is to ensure they include the latest changes and improvements. As a result, these images are consistently kept up-to-date.

We are always open to suggestions to enhance security. If you have any ideas, please let us know.

When you encounter errors due to PostGIS update OperationalError: could not access file "$libdir/postgis-X.X, run:

docker exec some-postgis update-postgis.sh

It will update to your newest PostGIS. Update is idempotent, so it won't hurt when you run it more than once. You will get a notification like:

Updating PostGIS extensions template_postgis to X.X.X
NOTICE:  version "X.X.X" of extension "postgis" is already installed
NOTICE:  version "X.X.X" of extension "postgis_topology" is already installed
NOTICE:  version "X.X.X" of extension "postgis_tiger_geocoder" is already installed
ALTER EXTENSION
Updating PostGIS extensions docker to X.X.X
NOTICE:  version "X.X.X" of extension "postgis" is already installed
NOTICE:  version "X.X.X" of extension "postgis_topology" is already installed
NOTICE:  version "X.X.X" of extension "postgis_tiger_geocoder" is already installed
ALTER EXTENSION

This Docker-PostGIS project is part of the PostGIS group and follows more flexible contributor rules.

• Please take a moment to review the current issues, discussions, and pull requests before you start.
• If you have a major change in mind, we kindly ask you to start a discussion about it first.
• After making changes to the templates, please run the ./update.sh script.
• The README.md must be written in plain and platform-compatible Markdown that renders correctly on both GitHub and Docker Hub.

Link to the code of conduct