Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujDvD-004e5T-3f for pgadmin-support@arkaria.postgresql.org; Tue, 05 Aug 2025 09:25:27 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1ujDvB-008eDT-94 for pgadmin-support@arkaria.postgresql.org; Tue, 05 Aug 2025 09:25:25 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujDvA-008eCP-Rf for pgadmin-support@lists.postgresql.org; Tue, 05 Aug 2025 09:25:25 +0000 Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1ujDv8-000qmE-0p for pgadmin-support@lists.postgresql.org; Tue, 05 Aug 2025 09:25:24 +0000 Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-af949891d3aso410068366b.1 for ; Tue, 05 Aug 2025 02:25:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=webuzo-com.20230601.gappssmtp.com; s=20230601; t=1754385921; x=1754990721; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uBy0hDqpCAS3KKMK9qPZmGwh5ErnV+JcIHkY2/DPWPs=; b=PQdkduoG7atWq9Q47X4ALnVg8f72Zyf5BebbW3ZQk5L7ivsz6nxe4Ty0lk5s8rGkFC GyRF5Dj9+6czIvCb9rtxYJjeED+wZsKmQ/Adbn3fhS1mMadf50T8wsoztzJX+48AGUAE FaBg1v4A2CtYF9AiEj/P+m/jK9tk/14/sMJcMAENP01C1JWIPfntZ2Dc5Pscbfr7Oe9e H3DmDEZHTRAQLL1jub5LxUkt0d4+K5920o8GS76LRixdmvQAxz4V8UjsnF3ny5CycP/T n4osXs+HiwCqYSUHuoHyIO7Omvx8Lms4kKVzq4TQHAjPkwtFy3IJuIISC+2+y69vTkkS rygA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754385921; x=1754990721; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uBy0hDqpCAS3KKMK9qPZmGwh5ErnV+JcIHkY2/DPWPs=; b=HI3SBNPzsxKQMBkcGkZm3tF4lgHdjryFY0nSIJmI6oiZ5aE5qfxOUGe15QnqFz9yHW DbleiaZ0iZjdKLvXu3AeUNUEueN30C83RPJ6CFU8sDswHcUP9Auy9hBwp7BQJLqRLFpR BpqGK+eKQ5nZO/eNqgomIsGOP7OdyEuYj4aDc7O7Qb2KN3rLPS7w0hSENKrt3IpV17xB uqcBHJQ7yDdb/W7EDQUTSd9MjazulGQR5LQqwH1jresRB7iuPX+3ZFCFYFnCgWiMHV9M mdv6KUrvzmb6MSIrTfb157vnkuP5cvsK3qU+o4K5fvRUnsVsQBGdQ26Y5EMF7Oau2/OZ GTKQ== X-Gm-Message-State: AOJu0YzYcoFePuBdB+oyEu+Mh3cxnQUYEsWiD8bw5unTf+MDa3L73Ooy 0+dWURC7PSnL0wMdVTC2tHham6uQBjMM9RrA7H219OorCOmpCvMBjrjYyQJYJYbKHrdX6MEzsJi iD2Ec4FQ7GYPLLDNrKRWMe1Fo/UFhQl6lHFBQe6wQRezcPnzM1pnVy7w= X-Gm-Gg: ASbGncu5qrvq0owYrN638+IdE+4SrvDVSvJw/40cI3RTzLiMKtnB/wfwzHDloHBV89g S6S0uMexHNeGnd1Snr/PDGe04opTnz57Kr2GhWS5LuYQAS46MjtB4HwUmiSKan7tbajGAmwpaT7 56ih9ZQmTa5yCP3W5Ph4k/garJt2/eJti6Q+LGQu7k9BRRpJTi4abn/u01f4KiVvDuYMI5Uk1KY USwC7Jl X-Google-Smtp-Source: AGHT+IGg6rk+D3scmAItPGf8xew5tLxirptb2amzGCq7oSilWeaM+8e7T4ItcLv76aOIb4K1GYl67EvX4eKraZUo+zc= X-Received: by 2002:a17:907:2d27:b0:ae0:a359:a95c with SMTP id a640c23a62f3a-af9401adbf6mr1394278666b.34.1754385921091; Tue, 05 Aug 2025 02:25:21 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shakir Idrisi Date: Tue, 5 Aug 2025 14:55:10 +0530 X-Gm-Features: Ac12FXw6s29DRm1TWYGtGNklqJeKMTtaE9za5mAU13Io8yZEm7oURway13d98aQ Message-ID: Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path To: Yogesh Mahajan Cc: "pgadmin-support lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000a03dbc063b9acdc0" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000a03dbc063b9acdc0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Do you have any updates or suggestions that could help me further debug this issue? On Tue, Aug 5, 2025 at 10:23=E2=80=AFAM Shakir Idrisi w= rote: > Hi, > > Yes I have tried that conf which you have provided. > I have mentioned that in my last reply that it is not working. > Still getting blank page after login on https. > > On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan < > yogesh.mahajan@enterprisedb.com> wrote: > >> Hi, >> >> I have already provided the nginx configuration. Have you tried it? >> Issues is clearly with Nginx config. >> >> Thanks, >> Yogesh Mahajan >> EnterpriseDB >> >> >> On Mon, Aug 4, 2025 at 4:34=E2=80=AFPM Shakir Idrisi = wrote: >> >>> Hi, >>> I=E2=80=99ve tried the suggested changes, but I=E2=80=99m still encount= ering the same >>> issue =E2=80=94 a blank page appears after logging in over HTTPS. >>> >>> As a workaround, I modified the config_local.py file and set: >>> *WTF_CSRF_CHECK_DEFAULT =3D False* >>> >>> With this change, pgAdmin works correctly on HTTPS. However, I >>> understand that disabling CSRF protection is not recommended in a >>> production environment, so I=E2=80=99m looking for a more secure soluti= on. >>> >>> Here=E2=80=99s a snippet of my current *config_local.py* for reference: >>> >>> DATA_DIR =3D '/var/lib/pgadmin4' >>> SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin4.db' >>> SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions' >>> STORAGE_DIR =3D '/var/lib/pgadmin4/storage' >>> AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecredentialcache' >>> KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberoscache' >>> >>> SCRIPT_NAME =3D '/pgadmin4' >>> >>> LOG_LEVEL =3D 'DEBUG' >>> CONSOLE_LOG_LEVEL =3D 50 # INFO =3D 20, WARNING =3D 30, ERROR =3D 40, = CRITICAL >>> =3D 50 >>> FILE_LOG_LEVEL =3D 20 >>> LOG_FILE =3D '/var/lib/pgadmin4/log/pgadmin4.log' >>> >>> Could you please help me identify the correct settings to securely >>> enable CSRF protection while ensuring pgAdmin functions properly over b= oth >>> HTTP and HTTPS under /pgadmin4? >>> >>>> --000000000000a03dbc063b9acdc0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

Do you have any updates or suggesti= ons that could help me further debug this issue?=C2=A0=C2=A0
On Tue, Aug 5, 2025 at 10:23=E2=80=AFAM Shakir Idrisi <shakir@webuzo.com> wrote:
=
Hi,=C2= =A0

Yes I have tried that conf= which you have provided.=C2=A0
I have mentioned tha= t in my last reply that it is not working.=C2=A0
Sti= ll getting blank page after login on https.=C2=A0

On Tue, Aug 5, 2025,= 9:53 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:
=
Hi,

I have already=C2=A0pro= vided the nginx configuration. Have you tried it? Issues is clearly with Ng= inx config.

Thanks,
Yogesh Mahajan
EnterpriseDB


On Mon, Aug 4, 2025 at 4:34=E2=80=AFPM Shakir Idrisi <shakir= @webuzo.com> wrote:
Hi,
I=E2=80=99ve tried the = suggested changes, but I=E2=80=99m still encountering the same issue =E2=80= =94 a blank page appears after logging in over HTTPS.

As a workaroun= d, I modified the config_local.py file and set:
WTF_CSRF_CHECK_DEFAUL= T =3D False

With this change, pgAdmin works correctly on HTTPS. = However, I understand that disabling CSRF protection is not recommended in = a production environment, so I=E2=80=99m looking for a more secure solution= .

Here=E2=80=99s a snippet of my current config_local.py for = reference:

DATA_DIR =3D '/var/lib/pgadmin4'
SQLITE_PATH = =3D '/var/lib/pgadmin4/pgadmin4.db'
SESSION_DB_PATH =3D '/va= r/lib/pgadmin4/sessions'
STORAGE_DIR =3D '/var/lib/pgadmin4/stor= age'
AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecred= entialcache'
KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberos= cache'

SCRIPT_NAME =3D '/pgadmin4'

LOG_LEVEL =3D = 'DEBUG'
CONSOLE_LOG_LEVEL =3D 50 =C2=A0# INFO =3D 20, WARNING = =3D 30, ERROR =3D 40, CRITICAL =3D 50
FILE_LOG_LEVEL =3D 20
LOG_FILE = =3D '/var/lib/pgadmin4/log/pgadmin4.log'

Could you please he= lp me identify the correct settings to securely enable CSRF protection whil= e ensuring pgAdmin functions properly over both HTTP and HTTPS under /pgadm= in4?
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">
--000000000000a03dbc063b9acdc0--