Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Khushboo Vashi <[email protected]>
To: Shakir Idrisi <[email protected]>
Cc: Yogesh Mahajan <[email protected]>
Cc: pgadmin-support lists.postgresql.org <[email protected]>
Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path
Date: Wed, 6 Aug 2025 15:40:29 +0530
Message-ID: <CAFOhELfcm=COzGmptAaEaZvQULovjxOswLee2yTzMdat_WaW+Q@mail.gmail.com> (raw)
In-Reply-To: <CAKZfs-q1ZS-bz8R11+YOo4isfXUyqavUx+ZBK9vgaoE1xPPD4w@mail.gmail.com>
References: <CAKZfs-q0xwvyL5mQ5-Q5cMSzK0bHa03VjeNRzyCBVze-fa_CeQ@mail.gmail.com>
	<CAMa=N=PgeekhtrE+bJn2atLui8sqqSDxdD3ScqSCMws+WenjOQ@mail.gmail.com>
	<CAKZfs-rJF=D5JBfcuRpYLrYQTmbHJ9eGJf4ShDzbp34Wq7ewVA@mail.gmail.com>
	<CAMa=N=Pa2shPSCNoCjWh2YXUJQ0n0dHOJrrzkHCpwj5p_hW8Hg@mail.gmail.com>
	<CAKZfs-rM_x+N0Uf6xM8cmyzCzrm6R=kw-iXRNxFhnJmoGfvrKQ@mail.gmail.com>
	<CAKZfs-rQ_MHhKynKTAh4U1mEvBH_DsfV=+7KQLLSm9wmdqYF+w@mail.gmail.com>
	<CAMa=N=OV5yPe7uacbH1bqZAp40kd505HhFFX+a4ACocVS6CWBw@mail.gmail.com>
	<CAKZfs-o-H6wg5NqQzaMNf_oUu45mN9XuUAuShCLmtCFNiScXLw@mail.gmail.com>
	<CAKZfs-o+JgJ81EW+32=U20XdDnZswdQ6v5XbiqxWMmrUSy6Wpw@mail.gmail.com>
	<CAMa=N=Me-QjTnrjzor3sePBeCzTcNiQh+FEdYJup8oevtvxNOg@mail.gmail.com>
	<CAKZfs-qnoXgPCssReVoFzWTfr4C8QhdZRPX34SiRfNpbqhmruA@mail.gmail.com>
	<CAKZfs-ryzv8EZufktnkhqA7kxKjy-rqy=VXVR8Q-2rkYwW+B5w@mail.gmail.com>
	<CAMa=N=PNmGTtZaJEOPRxkefCCDxJ5BQz_kLT04dWDThaSZXz8w@mail.gmail.com>
	<CAKZfs-oHpU24auCzuAS2SHFibfuL6bCbR8=A0uv92a1x3ZKHKQ@mail.gmail.com>
	<CAMa=N=NVt5reNoQjzt5KgzzpYPd2GSHDSbH0gWV1M7xoGTfCFA@mail.gmail.com>
	<CAKZfs-qznRPppd+-m_2fbkp=hW=QSujQ2D8j+BUmSMcREq2-Dw@mail.gmail.com>
	<CAMa=N=OEy=rMwXB4o1Fknj=-EUXNxha3Vvp8-defORCk6Np17w@mail.gmail.com>
	<CAKZfs-qeZc2PVc_5c61JMu+u0gzJm2jn7DaWMn24ZZvb4ZmskQ@mail.gmail.com>
	<CAMa=N=Nc1GLxWsgLZYkbA+PDZY2Ya0x0hkS6btTOL_=ceOwiAg@mail.gmail.com>
	<CAKZfs-rhhGwQ7-6J1AVnf7-_EikSnheEGkcjiNWgkO8oqnuFRg@mail.gmail.com>
	<CAMa=N=O3CyEMsgYXMq67D6bi2h_jNEBBPAM26y3t-6fzz2oyjw@mail.gmail.com>
	<CAKZfs-pqg3nR4hOKR2uZbDZ67WaiFqDXMPtANNobqi32_rbj2w@mail.gmail.com>
	<CAKZfs-o-bQFP5jq=b44q7_bjxNGXz6K3m2xfkvKufuCcm82S2A@mail.gmail.com>
	<CAKZfs-q8aeEoSMEp6daHYr2iTPuz=mdGGsmj+T2hW9p9ODXydA@mail.gmail.com>
	<CAKZfs-rJwoF17qhoSZJHJpOVgi+B2=sMoid5kPq=R12wZKOV=w@mail.gmail.com>
	<CAFOhELdqmb1M=ATi3XYe40BoN-70HgTe8VYT8+o-LD_9MBMS-w@mail.gmail.com>
	<CAKZfs-q1ZS-bz8R11+YOo4isfXUyqavUx+ZBK9vgaoE1xPPD4w@mail.gmail.com>

On Wed, Aug 6, 2025 at 11:38 AM Shakir Idrisi <[email protected]> wrote:

> Hi,
>
> I referred to the documentation, but my Nginx setup doesn’t have the
> proxy_params file. So I manually added the proxy_set_header lines. However,
> after logging in, pgAdmin4 was showing a blank page.
>
> *To fix it, I changed: proxy_set_header Host $host*;
> *to: proxy_set_header Host $http_host;*
>
> After this change, it began to work. I just want to confirm — is this the
> correct approach, or is it working by chance due to a header mismatch?
>

Both are different, and $host should be used. You can refer
https://stackoverflow.com/questions/39715510/nginx-when-to-use-proxy-set-header-host-host-vs-proxy-h...
for more understanding.


>
> On Wed, Aug 6, 2025 at 11:00 AM Khushboo Vashi <
> [email protected]> wrote:
>
>> Hi,
>>
>> Please refer
>> https://www.pgadmin.org/docs/pgadmin4/9.6/server_deployment.html#nginx-configuration-with-gunicorn
>> for nginx configuration.
>>
>>
>> On Wed, Aug 6, 2025 at 10:56 AM Shakir Idrisi <[email protected]> wrote:
>>
>>> Hi,
>>>
>>> Apologies for the interruption. May I kindly ask if the configuration I
>>> provided in my previous reply is correct?
>>>
>>> On Tue, Aug 5, 2025 at 4:57 PM Shakir Idrisi <[email protected]> wrote:
>>>
>>>> Hi,
>>>>
>>>> I updated the configuration and it's now working.
>>>> I'm using it *$http_host* instead of *$host* for the *Host *header.
>>>> Just want to confirm — is this the correct and recommended way?
>>>>
>>>> location ^~ /pgadmin4/ {
>>>>>
>>>>>     proxy_pass http://unix:/tmp/pgadmin4.sock;
>>>>>     proxy_set_header Host $http_host; # here i have changed $host to
>>>>> $http_host
>>>>> proxy_set_header X-Real-IP $remote_addr;
>>>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>>>> proxy_set_header X-Forwarded-Proto $scheme;
>>>>> proxy_set_header X-Forwarded-Host $host;
>>>>> proxy_set_header X-Script-Name /pgadmin4;
>>>>> proxy_http_version 1.1;
>>>>>
>>>>>
>>>>>     proxy_read_timeout 300;
>>>>>     proxy_connect_timeout 60;
>>>>
>>>> }
>>>>
>>>> On Tue, Aug 5, 2025 at 2:55 PM Shakir Idrisi <[email protected]> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Do you have any updates or suggestions that could help me further
>>>>> debug this issue?
>>>>>
>>>>> On Tue, Aug 5, 2025 at 10:23 AM Shakir Idrisi <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Yes I have tried that conf which you have provided.
>>>>>> I have mentioned that in my last reply that it is not working.
>>>>>> Still getting blank page after login on https.
>>>>>>
>>>>>> On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have already provided the nginx configuration. Have you tried it?
>>>>>>> Issues is clearly with Nginx config.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Yogesh Mahajan
>>>>>>> EnterpriseDB
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 4, 2025 at 4:34 PM Shakir Idrisi <[email protected]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>> I’ve tried the suggested changes, but I’m still encountering the
>>>>>>>> same issue — a blank page appears after logging in over HTTPS.
>>>>>>>>
>>>>>>>> As a workaround, I modified the config_local.py file and set:
>>>>>>>> *WTF_CSRF_CHECK_DEFAULT = False*
>>>>>>>>
>>>>>>>> With this change, pgAdmin works correctly on HTTPS. However, I
>>>>>>>> understand that disabling CSRF protection is not recommended in a
>>>>>>>> production environment, so I’m looking for a more secure solution.
>>>>>>>>
>>>>>>>> Here’s a snippet of my current *config_local.py* for reference:
>>>>>>>>
>>>>>>>> DATA_DIR = '/var/lib/pgadmin4'
>>>>>>>> SQLITE_PATH = '/var/lib/pgadmin4/pgadmin4.db'
>>>>>>>> SESSION_DB_PATH = '/var/lib/pgadmin4/sessions'
>>>>>>>> STORAGE_DIR = '/var/lib/pgadmin4/storage'
>>>>>>>> AZURE_CREDENTIAL_CACHE_DIR =
>>>>>>>> '/var/lib/pgadmin4/azurecredentialcache'
>>>>>>>> KERBEROS_CCACHE_DIR = '/var/lib/pgadmin4/kerberoscache'
>>>>>>>>
>>>>>>>> SCRIPT_NAME = '/pgadmin4'
>>>>>>>>
>>>>>>>> LOG_LEVEL = 'DEBUG'
>>>>>>>> CONSOLE_LOG_LEVEL = 50  # INFO = 20, WARNING = 30, ERROR = 40,
>>>>>>>> CRITICAL = 50
>>>>>>>> FILE_LOG_LEVEL = 20
>>>>>>>> LOG_FILE = '/var/lib/pgadmin4/log/pgadmin4.log'
>>>>>>>>
>>>>>>>> Could you please help me identify the correct settings to securely
>>>>>>>> enable CSRF protection while ensuring pgAdmin functions properly over both
>>>>>>>> HTTP and HTTPS under /pgadmin4?
>>>>>>>>
>>>>>>>>>

view thread (26+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path
  In-Reply-To: <CAFOhELfcm=COzGmptAaEaZvQULovjxOswLee2yTzMdat_WaW+Q@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox