Can't connect to Postgres container from Windows 10, but can from WSL

The docker container starts without complain:

❯ docker run --name pg14 -e POSTGRES_PASSWORD=postgres --detach --publish 5432:5432 postgres:14

and seems to publish the ports correctly:

❯ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49b69b9eaaf9 postgres:14 "docker-entrypoint.s…" 8 minutes ago Up 8 minutes 0.0.0.0:5432->5432/tcp pg14

but while I connect from WSL to that container without any issues:

❯ PGPASSWORD="postgres" psql --host=localhost --username=postgres postgres -c "SELECT version();"

----------------------------------------------------------------------------------------------------------------------------- PostgreSQL 14.5 (Debian 14.5-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit (1 row)
The windows command line (powershell) fails connecting to the same container with:

❯ $env:PGPASSWORD="postgres"; psql --host=localhost --username=postgres --command="SELECT version();" psql: error: FATAL: password authentication failed for user "postgres"

I am using Docker Desktop v4.11.1, Docker version 20.10.12, build 20.10.12-0ubuntu4 and Docker version 20.10.17, build 100c701 on Windows.

Does anybody have any idea what could be the issue?
Thank you.

Docker Desktop needs to forward ports from your Windows host to the virtual machine (WSL). I guess it will not do it on every interfaces on Windows and inside the VM as well. If you want to use “localhost”, try forwarding the port from 127.0.0.1 like:

docker run --name pg14 -e POSTGRES_PASSWORD=postgres --detach --publish 127.0.0.1:5432:5432 postgres:14

That will give me

docker: Error response from daemon: Ports are not available: exposing port TCP 127.0.0.1:5432 -> 0.0.0.0:0: listen tcp 127.0.0.1:5432: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

Okay, I tried it and the port forwardig works even without specifying the source IP address. If I use a specific source IP, that works too.

Your current error message says the port is not available, but when I use a port that is already used, it shows me “already used”. I don1t understand that “0.0.0.0:0” either.

Maybe I misundersood you. Where exactly do you execute docker run? In your PowerShell or in the WSL distribution?

Please, share the output of docker version and docker info running on on Windows and in the WSL distribution, because I don’t understand where you got the build version. I can’t find "build <version>-0ubuntu4 in my output as it was in yours:

I did it both ways: starting docker from PowerShell or starting it from WSL sh. Either way I can connect from WSL (sh) but can NOT from Windows (PowerShell). Windows keep complaining:

psql: error: FATAL:  password authentication failed for user "postgres"

while WSL works fine.
Here is the docker output on Windows:

❯ docker version
Client:
 Cloud integration: v1.0.28
 Version:           20.10.17
 API version:       1.41
 Go version:        go1.17.11
 Git commit:        100c701
 Built:             Mon Jun  6 23:09:02 2022
 OS/Arch:           windows/amd64
 Context:           default
 Experimental:      true

Server: Docker Desktop 4.11.1 (84025)
 Engine:
  Version:          20.10.17
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.11
  Git commit:       a89b842
  Built:            Mon Jun  6 23:01:23 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.6
  GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc:
  Version:          1.1.2
  GitCommit:        v1.1.2-0-ga916309
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

❯ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2)
  compose: Docker Compose (Docker Inc., v2.7.0)
  extension: Manages Docker extensions (Docker Inc., v0.2.8)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 3
  Running: 3
  Paused: 0
  Stopped: 0
 Images: 13
 Server Version: 20.10.17
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc version: v1.1.2-0-ga916309
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.102.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 24.83GiB
 Name: docker-desktop
 ID: B2XQ:X3E2:32IS:726C:4Q3E:D5NO:KDVX:PB6I:AOWW:6DHZ:XCN2:UP3Z
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

and here it is from WSL:

❯ docker version
Client:
 Version:           20.10.12
 API version:       1.41
 Go version:        go1.17.3
 Git commit:        20.10.12-0ubuntu4
 Built:             Mon Mar  7 17:10:06 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Desktop
 Engine:
  Version:          20.10.17
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.11
  Git commit:       a89b842
  Built:            Mon Jun  6 23:01:23 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.6
  GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc:
  Version:          1.1.2
  GitCommit:        v1.1.2-0-ga916309
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

❯ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2)
  compose: Docker Compose (Docker Inc., v2.7.0)
  extension: Manages Docker extensions (Docker Inc., v0.2.8)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 3
  Running: 3
  Paused: 0
  Stopped: 0
 Images: 13
 Server Version: 20.10.17
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc version: v1.1.2-0-ga916309
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.102.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 24.83GiB
 Name: docker-desktop
 ID: B2XQ:X3E2:32IS:726C:4Q3E:D5NO:KDVX:PB6I:AOWW:6DHZ:XCN2:UP3Z
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Username: bprager
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

I found it! It looks like it has something to do with my Windows firewall setting, I assume. When I forward the PostgreSQL port to 8080 it suddenly works:

❯ docker run --rm --name pg14 -e POSTGRES_PASSWORD=postgres --detach --publish 8080:5432 postgres:14
65cd469db38bb467c1a2a1ea6f6db66dbdcd3859e2d5df44ac7360ab8119be7f
❯ & 'C:\Program Files\PostgreSQL\13\bin\psql.exe' --host=localhost --port 8080 --username=postgres --command "SELECT version();" --password
Password:
                                                           version
-----------------------------------------------------------------------------------------------------------------------------
 PostgreSQL 14.5 (Debian 14.5-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
(1 row)

I guess you installed Docker in that WSL distribution from the Ubuntu repository and not the official repository from Docker, and also enabled WSL integration. This is why it looked strange for me. That “0ubuntu4” suffix should not be there and the version should be “20.10.17” from everywhere. Doesn’t matter now, because psql works for you from WSL and the problem is with Windows, but you should use the repository from Docker’s official documentation when you install it on Linux and you don’t need to install it when you want to use Docker Desktop from WSL. WSL integration makes the Docker client available from the WSL distribution automatically.

I also misunderstood your problem, because I thought you had an issue with accessing the port, but the error message complained about wrong password.

On the other hand you wrote in your last post:

So I am confused. Or did you mean that you solved the other error message?

So I don’t really understand what happened, but ths is what I can recommend:

  • If you want to use Docker Desktop, don’t install the Docker client in the WSL distribution. If you have installed it, remove it.
  • If you need docker in the WSL distribution and not just the client
    • Follow the official documentation of Docker and install it from Docker’s own repository. If you installed Docker from snap, that is worse.
    • Use the client provided by Docker Desktop:
      "/mnt/c/Program Files/Docker/Docker/resources/bin/docker" info
      
  • Make sure you don’t have an other container using the same port external port
  • Make sure you don’t have anything running on that port, for example an other postgres directly on the host, not in containers.
  • If you have problem with passwords, that could mean you are actually trying to connect to a different database.

now that I wrote my recommendation, I have an idea what happened. Maybe not exactly, but something similar.

  • You installed a Postgresql server on your host in the past, but forgot about that
  • You ran a container forwarding the same port from the host that was already used and somehow Docker did not complain about that. (I have theories, but it doesn’t matter at this point)
  • Then you tried to login from WSL, and it worked, because localhost is localhost inside the WSL and Windows forwarded WSLs localhost to the WSL distribution of Docker.
  • You tried to login from PowerShell and you just connected to the Postgresql server running on your Windows host.

Second Idea after writing the previous one, maybe more likely:

  • Your password didn’t work, because the fact that you use “localhost” to connect to postgres, doesn’t mean postgres will see you coming from localhost. Sou you will have two different IP address and it has a user allowed to connect from one, which is the IP address of WSL

This second idea can be tested easily if you have experience administrating Postgres. Connect to the database from WSL, where it worked, and checked the users and where they can connect from. If you don’t know how to do that, try to create a user that can connect from anywhere and use that just for testing. I could do it only in MySQL, so I can’t tell you how you should do it. I hope Google helps if you don’t know that either.

1 Like

Thank you so much for all you help.

You were right with your assumption of another PostgreSQL instance running (I got my laptop pre-installed). I disabled that. I also made sure that port 5432 is explicitly allowed for in- and out-coming connections.

Now I can also connect from Windows (after some annoying reboots) and everything works fine.

Thanks again . I really appreciate your help. I am a happy camper again.