TL;DR

1. 使用 172.17.0.0/16 作为 IP 地址范围，而不是 172.17.0.0/32.
2. 不要使用 localhost 连接到主机上的 PostgreSQL 数据库，而是使用主机的 IP.为了保持容器的可移植性，请使用 --add-host=database:<host-ip> 标志启动容器，并使用 database 作为连接到 PostgreSQL 的主机名.
3. 确保将 PostgreSQL 配置为侦听所有 IP 地址上的连接，而不仅仅是 localhost.在 PostgreSQL 的配置文件中查找设置 listen_addresses，通常可以在 /etc/postgresql/9.3/main/postgresql.conf 中找到(归功于 @DazmoNorton).

1. Use 172.17.0.0/16 as IP address range, not 172.17.0.0/32.
2. Don't use localhost to connect to the PostgreSQL database on your host, but the host's IP instead. To keep the container portable, start the container with the --add-host=database:<host-ip> flag and use database as hostname for connecting to PostgreSQL.
3. Make sure PostgreSQL is configured to listen for connections on all IP addresses, not just on localhost. Look for the setting listen_addresses in PostgreSQL's configuration file, typically found in /etc/postgresql/9.3/main/postgresql.conf (credits to @DazmoNorton).

长版

172.17.0.0/32 不是 IP 地址的范围，而是单个地址(即 172.17.0.0).任何 Docker 容器都不会获得分配的地址，因为它是 Docker 网桥 (docker0) 接口的网络地址.

Long version

172.17.0.0/32 is not a range of IP addresses, but a single address (namly 172.17.0.0). No Docker container will ever get that address assigned, because it's the network address of the Docker bridge (docker0) interface.

Docker 启动时会创建一个新的桥接网络接口，在调用ip a时很容易看到:

When Docker starts, it will create a new bridge network interface, that you can easily see when calling ip a:

$ ip a
...
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever

如您所见，在我的例子中，docker0 接口的 IP 地址为 172.17.42.1，网络掩码为 /16(或 255.255.0.0).这意味着网络地址是172.17.0.0/16.

As you can see, in my case, the docker0 interface has the IP address 172.17.42.1 with a netmask of /16 (or 255.255.0.0). This means that the network address is 172.17.0.0/16.

IP 地址是随机分配的，但无需任何额外配置，它将始终位于 172.17.0.0/16 网络中.对于每个 Docker 容器，将从该范围内随机分配一个地址.

The IP address is randomly assigned, but without any additional configuration, it will always be in the 172.17.0.0/16 network. For each Docker container, a random address from that range will be assigned.

这意味着，如果您想从所有可能的容器中授予对数据库的访问权限，请使用 172.17.0.0/16.

This means, if you want to grant access from all possible containers to your database, use 172.17.0.0/16.