The built-in Data Explorer is fine for quick queries, but if you want to use a real GUI like DBeaver or TablePlus, you have to jump through a few hoops since Discourse’s Postgres is locked inside the Docker bridge.
Here is how to expose it safely over a private network (like Tailscale) so you aren’t leaving your DB open to the internet.
1. Map a custom port
Discourse usually eats up the standard ports, so I used 5434. Edit your containers/app.yml:
YAML
expose:
- "80:80"
- "443:443"
- "5434:5432" # Host 5434 -> Container 5432
Then rebuild: ./launcher rebuild app
2. Firewall
Don’t open this port to the public. If you’re using Tailscale or some others tunnels, restrict access to that interface only:
Bash
sudo ufw allow in on tailscale0 to any port 5434 proto tcp
3. Fix the Auth (The annoying part)
Discourse uses peer auth by default, which blocks external password logins. So you need to tell Postgres to allow scram-sha-256
Inside the container (./launcher enter app):
Bash
echo "host all all 0.0.0.0/0 scram-sha-256" >> /shared/postgres_data/pg_hba.conf
sudo -u postgres psql -c "SELECT pg_reload_conf();"
4. Set a password
The discourse user doesn’t have a password by default. Set one so app like DBeaver can actually log in to it
Bash
sudo -u postgres psql -c "ALTER USER discourse WITH PASSWORD 'your_password_here';"
5. Connection Details
-
Host: Your IP
-
Port:
5434 -
Database:
discourse -
User:
discourse