Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujWjX-008lbI-T8 for pgadmin-support@arkaria.postgresql.org; Wed, 06 Aug 2025 05:30:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1ujWjW-00Du17-Pf for pgadmin-support@arkaria.postgresql.org; Wed, 06 Aug 2025 05:30:38 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujWjW-00Du0g-9N for pgadmin-support@lists.postgresql.org; Wed, 06 Aug 2025 05:30:38 +0000 Received: from mail-yb1-xb31.google.com ([2607:f8b0:4864:20::b31]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1ujWjR-000z0s-2c for pgadmin-support@lists.postgresql.org; Wed, 06 Aug 2025 05:30:36 +0000 Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-e8fd5c86675so594624276.0 for ; Tue, 05 Aug 2025 22:30:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1754458233; x=1755063033; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=DZogxTJuwPM+G47sDpoxElee46LKABEphT/ssWXdumA=; b=deKruziuzMGJjGl2NdIDeTFPWj5HBVHTBcGDm57sPlEchdkZgevU6dwO7AqEZ5w4Gw UTZLhl9cJSh0HYFqqN0YeaR90e1aahkuY3UqB4r0898aZekbjn5FFlxv6+EY24MF6kT5 OyW4OJj+0FXhDW2nkP3r5j319xq31dDvQ/J4sxiLxTan/QZtGrOC6jXft3D9YW0b1l4L HeYpQS3OsGkoj4xIAgSoUJ+F/hq92ll4PQxK5IeL+C8SFt6QyzaUZDRRPYoAVEf5seme Lff52FZlKDhFX703+UpjZHLOmJbnlquaIgfHPLpJ3LzyG7q0S4br7wOq2xRV2kMfTigc S9bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754458233; x=1755063033; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DZogxTJuwPM+G47sDpoxElee46LKABEphT/ssWXdumA=; b=dRsJJ54YWcbOSzIvKIfxETrI0Da8CX8hDbPvaNIQGoULAsxH2Ovcq55N3f3pCsXicA eLjjFI05Ro1L1tjxZKf3Vz/nmc2BXscyeCH4pGXnVdfIciHj+2iYnoB2QHGpNOU0KWoz MjXuNnTzmTuL3bWEuMuSUPhhdT0zkKFHiouijNKICRBtkudFja3BYI5h/B8qdcLo4Bhb IZ96HXtCkOQ2jmoefWhk7YxVyWdBPzMKWkhTUB7M2VGbQgKn0q0jS2hGAeAhqj3aT2tS Km983jsWdqEE4GsmWl2n2ALJraqKTKLeBnTH0yudwPk3HqVElHkShD8lAyUHARWgzcna H5Wg== X-Forwarded-Encrypted: i=1; AJvYcCWJuSzaiEA4lTkADcUzhUJH5K7KCvRBfmyPTnt9x/xy3q5evxrKyfvFmR1WK1uvAeLIkYIV+XPtt3MLgJbJ698=@lists.postgresql.org X-Gm-Message-State: AOJu0YxE4qQifmDh/fTEQ0MGIpQ6W6ZtTIQRwWTIt15KDwYm5awdY1BY M1b8pwG8ulRfc6VK4sX/S/LL1CtKEra9kcmipTTkaHUElMI9fdYha3xWkga6oaTklmmfRMQWHrS 6h/FBeyLp7cI4dpuMEKfa7Gmwpdy0ID7daIoL8jdW X-Gm-Gg: ASbGncvYe9uXntatAByDbdS63OjQJv9nMYk5KODIL3+4U5qGO8+P9v9epkHwHOq1btm HR/qg2ctfr14V3v1XfjfsUUmLdvam4dQmfWWQ+9pYBu7ucCnSww1LIDWrG/LhakNQgh2cvUP8j7 oCm+hGShEBB1O0048FmMkWyYCO3YjoXblXXyznp/RXRapk8cPmMFSnw5l370F776kfNirhidrdT MlFyKzctrPoTRVj4dFMK8Dbv9QCiGZNX0KqzSd1Nc+xx8ZHxbD0 X-Google-Smtp-Source: AGHT+IG6y2ivpCC10r/yr7MgBr7EYdrRyQ3WaAK5svme7tAFXk7baBi/Hp7obcTPnPkAiobvpVJeM5uvndqqbTbmoXk= X-Received: by 2002:a05:690c:45c1:b0:712:c5f7:1f11 with SMTP id 00721157ae682-71bca975b5bmr17935967b3.10.1754458232959; Tue, 05 Aug 2025 22:30:32 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Khushboo Vashi Date: Wed, 6 Aug 2025 11:00:21 +0530 X-Gm-Features: Ac12FXxq_F0vJk40m-GB4NN8wTgak8Jrob5K2uQ5Wg_NSz6UCtqLUWsAvTtTzb0 Message-ID: Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path To: Shakir Idrisi Cc: Yogesh Mahajan , "pgadmin-support lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000bfc8dd063baba3ac" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000bfc8dd063baba3ac Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Please refer https://www.pgadmin.org/docs/pgadmin4/9.6/server_deployment.html#nginx-conf= iguration-with-gunicorn for nginx configuration. On Wed, Aug 6, 2025 at 10:56=E2=80=AFAM Shakir Idrisi w= rote: > Hi, > > Apologies for the interruption. May I kindly ask if the configuration I > provided in my previous reply is correct? > > On Tue, Aug 5, 2025 at 4:57=E2=80=AFPM Shakir Idrisi = wrote: > >> Hi, >> >> I updated the configuration and it's now working. >> I'm using it *$http_host* instead of *$host* for the *Host *header. >> Just want to confirm =E2=80=94 is this the correct and recommended way? >> >> location ^~ /pgadmin4/ { >>> >>> proxy_pass http://unix:/tmp/pgadmin4.sock; >>> proxy_set_header Host $http_host; # here i have changed $host to >>> $http_host >>> proxy_set_header X-Real-IP $remote_addr; >>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >>> proxy_set_header X-Forwarded-Proto $scheme; >>> proxy_set_header X-Forwarded-Host $host; >>> proxy_set_header X-Script-Name /pgadmin4; >>> proxy_http_version 1.1; >>> >>> >>> proxy_read_timeout 300; >>> proxy_connect_timeout 60; >> >> } >> >> On Tue, Aug 5, 2025 at 2:55=E2=80=AFPM Shakir Idrisi = wrote: >> >>> Hi, >>> >>> Do you have any updates or suggestions that could help me further debug >>> this issue? >>> >>> On Tue, Aug 5, 2025 at 10:23=E2=80=AFAM Shakir Idrisi wrote: >>> >>>> Hi, >>>> >>>> Yes I have tried that conf which you have provided. >>>> I have mentioned that in my last reply that it is not working. >>>> Still getting blank page after login on https. >>>> >>>> On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan < >>>> yogesh.mahajan@enterprisedb.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> I have already provided the nginx configuration. Have you tried it? >>>>> Issues is clearly with Nginx config. >>>>> >>>>> Thanks, >>>>> Yogesh Mahajan >>>>> EnterpriseDB >>>>> >>>>> >>>>> On Mon, Aug 4, 2025 at 4:34=E2=80=AFPM Shakir Idrisi >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> I=E2=80=99ve tried the suggested changes, but I=E2=80=99m still enco= untering the same >>>>>> issue =E2=80=94 a blank page appears after logging in over HTTPS. >>>>>> >>>>>> As a workaround, I modified the config_local.py file and set: >>>>>> *WTF_CSRF_CHECK_DEFAULT =3D False* >>>>>> >>>>>> With this change, pgAdmin works correctly on HTTPS. However, I >>>>>> understand that disabling CSRF protection is not recommended in a >>>>>> production environment, so I=E2=80=99m looking for a more secure sol= ution. >>>>>> >>>>>> Here=E2=80=99s a snippet of my current *config_local.py* for referen= ce: >>>>>> >>>>>> DATA_DIR =3D '/var/lib/pgadmin4' >>>>>> SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin4.db' >>>>>> SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions' >>>>>> STORAGE_DIR =3D '/var/lib/pgadmin4/storage' >>>>>> AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecredentialcac= he' >>>>>> KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberoscache' >>>>>> >>>>>> SCRIPT_NAME =3D '/pgadmin4' >>>>>> >>>>>> LOG_LEVEL =3D 'DEBUG' >>>>>> CONSOLE_LOG_LEVEL =3D 50 # INFO =3D 20, WARNING =3D 30, ERROR =3D 4= 0, >>>>>> CRITICAL =3D 50 >>>>>> FILE_LOG_LEVEL =3D 20 >>>>>> LOG_FILE =3D '/var/lib/pgadmin4/log/pgadmin4.log' >>>>>> >>>>>> Could you please help me identify the correct settings to securely >>>>>> enable CSRF protection while ensuring pgAdmin functions properly ove= r both >>>>>> HTTP and HTTPS under /pgadmin4? >>>>>> >>>>>>> --000000000000bfc8dd063baba3ac Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, Aug 6, 2025 at 10:56=E2=80=AFAM S= hakir Idrisi <shakir@webuzo.com= > wrote:
Hi,

Apologies for the interruption. May I k= indly ask if the configuration I provided in my previous reply is correct?= =C2=A0=C2=A0

On Tue, Aug 5, 2025 at 4:57=E2=80=AFPM Shakir Idrisi <= shakir@webuzo.com> wrote:
Hi,

I updated the configuration and it'= ;s now working.
I'm using it=C2=A0$http_host instead of $host for the Host header.
Just want to confirm =E2=80=94 is this the correct and recommended way?=C2= =A0=C2=A0

location ^~ /pgadmin4/ {
=C2=A0 =C2=A0 proxy_pass http:= //unix:/tmp/pgadmin4.sock;
=C2=A0 =C2=A0 proxy_set_header Host $http_hos= t; # here i have=C2=A0changed=C2=A0$host to $http_host
proxy_set_header= X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_= forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_se= t_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /pgadmi= n4;
proxy_http_version 1.1;

=C2=A0 =C2=A0 proxy_read_timeout 3= 00;
=C2=A0 =C2=A0 proxy_connect_timeout 60;
}
On Tue, A= ug 5, 2025 at 2:55=E2=80=AFPM Shakir Idrisi <shakir@webuzo.com> wrote:
Hi,

<= /div>
Do you have any updates or suggestions that could help me further= debug this issue?=C2=A0=C2=A0

On Tue, Aug 5, 2025 at 10:23=E2=80=AFAM= Shakir Idrisi <s= hakir@webuzo.com> wrote:
Hi,=C2=A0

Yes I have tried that conf which you have provided.=C2=A0
I have mentioned that in my last reply that it is not w= orking.=C2=A0
Still getting blank page after login o= n https.=C2=A0

On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan <yogesh.mahaja= n@enterprisedb.com> wrote:
Hi,

=
I have already=C2=A0provided the nginx configuration. Ha= ve you tried it? Issues is clearly with Nginx config.

Thanks,
Yogesh Mahajan
EnterpriseDB


On Mon, Aug 4, 2025 = at 4:34=E2=80=AFPM Shakir Idrisi <shakir@webuzo.com> wrote:
Hi,
I=E2=80=99ve tried the suggested changes, but I=E2=80=99= m still encountering the same issue =E2=80=94 a blank page appears after lo= gging in over HTTPS.

As a workaround, I modified the config_local.py= file and set:
WTF_CSRF_CHECK_DEFAULT =3D False

With this = change, pgAdmin works correctly on HTTPS. However, I understand that disabl= ing CSRF protection is not recommended in a production environment, so I=E2= =80=99m looking for a more secure solution.

Here=E2=80=99s a snippet= of my current config_local.py for reference:

DATA_DIR =3D &#= 39;/var/lib/pgadmin4'
SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin= 4.db'
SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions'
ST= ORAGE_DIR =3D '/var/lib/pgadmin4/storage'
AZURE_CREDENTIAL_CACHE= _DIR =3D '/var/lib/pgadmin4/azurecredentialcache'
KERBEROS_CCACH= E_DIR =3D '/var/lib/pgadmin4/kerberoscache'

SCRIPT_NAME =3D = '/pgadmin4'

LOG_LEVEL =3D 'DEBUG'
CONSOLE_LOG_LEV= EL =3D 50 =C2=A0# INFO =3D 20, WARNING =3D 30, ERROR =3D 40, CRITICAL =3D 5= 0
FILE_LOG_LEVEL =3D 20
LOG_FILE =3D '/var/lib/pgadmin4/log/pgadm= in4.log'

Could you please help me identify the correct settings = to securely enable CSRF protection while ensuring pgAdmin functions properl= y over both HTTP and HTTPS under /pgadmin4?
=
--000000000000bfc8dd063baba3ac--