Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujXKM-008snG-W5 for pgadmin-support@arkaria.postgresql.org; Wed, 06 Aug 2025 06:08:43 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1ujXKL-00E4pu-OD for pgadmin-support@arkaria.postgresql.org; Wed, 06 Aug 2025 06:08:41 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ujXKL-00E4pi-8X for pgadmin-support@lists.postgresql.org; Wed, 06 Aug 2025 06:08:41 +0000 Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1ujXKI-000zSr-09 for pgadmin-support@lists.postgresql.org; Wed, 06 Aug 2025 06:08:40 +0000 Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-ae6f8d3bcd4so1281473866b.1 for ; Tue, 05 Aug 2025 23:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=webuzo-com.20230601.gappssmtp.com; s=20230601; t=1754460517; x=1755065317; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mMPleoyzeJPEloo231+UFRDZKD6T5KNVN2LlIC02o8k=; b=gf5IAgAOf9tVcThLqQZv2ob7B6n0cUXEQSTeyUB8imfavnguQh3wLx7gFYHi3+3Wu/ FwsaDVMv+Qt/oIn3QPWIEvRKPmiUW3pL8B6uql2wHktboGus9AiFe44P9wDSAoyn064Q bN7s93kMPJVi92I3B+608i9Xy5o6eIkW+rnWhhX/po58pH+TzTSzZ1fqoaMS87xXsMCp PfkklYVmXGjLEb7ii6Y7K1YDER3bC2euWrVPdCcLJugiUZSIqyf0FdR4/j3KKXjCmdla Z2rZBEyXzX37RmAPzhVNQuyxz9KLFhRQ84BFcSay47TlFctN9HILj8hxvsj+U2mgcE+T r6zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754460517; x=1755065317; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mMPleoyzeJPEloo231+UFRDZKD6T5KNVN2LlIC02o8k=; b=NNw4ZzGZohETw+/rr2dDIXOQXkCvnTW1oruXLx46mFlAYuaIoDcSUdj0PhcqXqLKw8 0qqIeKZhKQqZtkTrPLz/Zew9gQfTPRhn1g7P5vtaJYLS/gEzwaXJ6taQZABlND4rzkBl narSeauRAigTQU6xg5C1Lp13S+U3MUdyDwuhK1LEO+eE+aUd3tGAPi9aU9OZBCrIG1o0 59x86ABEGJNzwq5mU2CdgTKG/DAi3x7If+i8lCYju0hwU11TmHnOGEqihgpXd/dc4HlK FJzZU7q/wWit2tYgkDgD6it6K7tygqbVlsGXlZcdbEcPe+/FXJtxc4aJV1JaP9ttf43W km9Q== X-Forwarded-Encrypted: i=1; AJvYcCWjBcNMRX7jDiYPOa65CboL+5TcyFkPht/+05+mdCMt5rRc4yiyD2aMwXbPHEw7d8zjw45ZmDNrAMQF9J0c7EM=@lists.postgresql.org X-Gm-Message-State: AOJu0Yy7Jrtfs4ZvjFKkmcTQkeKKyERVMB13yFqEQkspjeQ8o2vmnub6 9PYdGSJnJWvK/HiZiWOAH7fdrETI4mHqiM06rrv9j7FwUxio3hxIrRJYxp+bwpHMKEVOOK8PCsk SphVdVS1/0Ycs4A5IeWNHF/iwJpFaE27IaA4D/OX1oA== X-Gm-Gg: ASbGncvz/OgS76VZgCgO0903ZRSWBNtzMlRrGvHtuuwDAkh8O9BkXWzPbXWmRmRiV7M VFto+6psKk+3AQkWsCa5U87Xsr5BUdbHHeCaMRma0PhMLlTeNe5b8hjworl+aWZUSe2T8jQypFv XbmeXuYguh8HQgSdTRg4U5Xb4uzdvVdhPZ6HGr3uFFKqVSdo13joo9K0ViC2pxLEPyeIzRxuR48 gXB5X2F X-Google-Smtp-Source: AGHT+IHnl+xNj7rLq1dXuelqreE7mAXi/obXVn5buS+GhXuoDwrArHpBotUAY8dlrmVPmIoyhoidL8dDsvOtBUViTvg= X-Received: by 2002:a17:907:72cc:b0:af2:91c7:f2f8 with SMTP id a640c23a62f3a-af9903d2719mr132032266b.50.1754460517544; Tue, 05 Aug 2025 23:08:37 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shakir Idrisi Date: Wed, 6 Aug 2025 11:38:26 +0530 X-Gm-Features: Ac12FXyhOyaaQlzFcMGT-FGSDphmWhVkLuTFIGpgVfgUqkO0BSaaNONSllc9yy0 Message-ID: Subject: Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path To: Khushboo Vashi Cc: Yogesh Mahajan , "pgadmin-support lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000ebd39e063bac2bf7" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000ebd39e063bac2bf7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I referred to the documentation, but my Nginx setup doesn=E2=80=99t have th= e proxy_params file. So I manually added the proxy_set_header lines. However, after logging in, pgAdmin4 was showing a blank page. *To fix it, I changed: proxy_set_header Host $host*; *to: proxy_set_header Host $http_host;* After this change, it began to work. I just want to confirm =E2=80=94 is th= is the correct approach, or is it working by chance due to a header mismatch? On Wed, Aug 6, 2025 at 11:00=E2=80=AFAM Khushboo Vashi < khushboo.vashi@enterprisedb.com> wrote: > Hi, > > Please refer > https://www.pgadmin.org/docs/pgadmin4/9.6/server_deployment.html#nginx-co= nfiguration-with-gunicorn > for nginx configuration. > > > On Wed, Aug 6, 2025 at 10:56=E2=80=AFAM Shakir Idrisi = wrote: > >> Hi, >> >> Apologies for the interruption. May I kindly ask if the configuration I >> provided in my previous reply is correct? >> >> On Tue, Aug 5, 2025 at 4:57=E2=80=AFPM Shakir Idrisi = wrote: >> >>> Hi, >>> >>> I updated the configuration and it's now working. >>> I'm using it *$http_host* instead of *$host* for the *Host *header. >>> Just want to confirm =E2=80=94 is this the correct and recommended way? >>> >>> location ^~ /pgadmin4/ { >>>> >>>> proxy_pass http://unix:/tmp/pgadmin4.sock; >>>> proxy_set_header Host $http_host; # here i have changed $host to >>>> $http_host >>>> proxy_set_header X-Real-IP $remote_addr; >>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >>>> proxy_set_header X-Forwarded-Proto $scheme; >>>> proxy_set_header X-Forwarded-Host $host; >>>> proxy_set_header X-Script-Name /pgadmin4; >>>> proxy_http_version 1.1; >>>> >>>> >>>> proxy_read_timeout 300; >>>> proxy_connect_timeout 60; >>> >>> } >>> >>> On Tue, Aug 5, 2025 at 2:55=E2=80=AFPM Shakir Idrisi wrote: >>> >>>> Hi, >>>> >>>> Do you have any updates or suggestions that could help me further debu= g >>>> this issue? >>>> >>>> On Tue, Aug 5, 2025 at 10:23=E2=80=AFAM Shakir Idrisi >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> Yes I have tried that conf which you have provided. >>>>> I have mentioned that in my last reply that it is not working. >>>>> Still getting blank page after login on https. >>>>> >>>>> On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan < >>>>> yogesh.mahajan@enterprisedb.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I have already provided the nginx configuration. Have you tried it? >>>>>> Issues is clearly with Nginx config. >>>>>> >>>>>> Thanks, >>>>>> Yogesh Mahajan >>>>>> EnterpriseDB >>>>>> >>>>>> >>>>>> On Mon, Aug 4, 2025 at 4:34=E2=80=AFPM Shakir Idrisi >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> I=E2=80=99ve tried the suggested changes, but I=E2=80=99m still enc= ountering the >>>>>>> same issue =E2=80=94 a blank page appears after logging in over HTT= PS. >>>>>>> >>>>>>> As a workaround, I modified the config_local.py file and set: >>>>>>> *WTF_CSRF_CHECK_DEFAULT =3D False* >>>>>>> >>>>>>> With this change, pgAdmin works correctly on HTTPS. However, I >>>>>>> understand that disabling CSRF protection is not recommended in a >>>>>>> production environment, so I=E2=80=99m looking for a more secure so= lution. >>>>>>> >>>>>>> Here=E2=80=99s a snippet of my current *config_local.py* for refere= nce: >>>>>>> >>>>>>> DATA_DIR =3D '/var/lib/pgadmin4' >>>>>>> SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin4.db' >>>>>>> SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions' >>>>>>> STORAGE_DIR =3D '/var/lib/pgadmin4/storage' >>>>>>> AZURE_CREDENTIAL_CACHE_DIR =3D '/var/lib/pgadmin4/azurecredentialca= che' >>>>>>> KERBEROS_CCACHE_DIR =3D '/var/lib/pgadmin4/kerberoscache' >>>>>>> >>>>>>> SCRIPT_NAME =3D '/pgadmin4' >>>>>>> >>>>>>> LOG_LEVEL =3D 'DEBUG' >>>>>>> CONSOLE_LOG_LEVEL =3D 50 # INFO =3D 20, WARNING =3D 30, ERROR =3D = 40, >>>>>>> CRITICAL =3D 50 >>>>>>> FILE_LOG_LEVEL =3D 20 >>>>>>> LOG_FILE =3D '/var/lib/pgadmin4/log/pgadmin4.log' >>>>>>> >>>>>>> Could you please help me identify the correct settings to securely >>>>>>> enable CSRF protection while ensuring pgAdmin functions properly ov= er both >>>>>>> HTTP and HTTPS under /pgadmin4? >>>>>>> >>>>>>>> --000000000000ebd39e063bac2bf7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

I referred to the documentation, but my Nginx = setup doesn=E2=80=99t have the proxy_params file. So I manually added the p= roxy_set_header lines. However, after logging in, pgAdmin4 was showing a bl= ank page.

To fix it, I changed: proxy_set_header Host $host;<= br>to: proxy_set_header Host $http_host;

After this change, = it began to work. I just want to confirm =E2=80=94 is this the correct appr= oach, or is it working by chance due to a header mismatch?

On Wed, Aug 6, 2025 at 11:00=E2=80=AFAM Khushboo Vashi <= ;khushboo.vashi@enterpri= sedb.com> wrote:

=
On Wed, Aug 6, 2025 at 10:56=E2=80=AF= AM Shakir Idrisi <shakir@webuzo.com> wrote:
Hi,

Apologies for the= interruption. May I kindly ask if the configuration I provided in my previ= ous reply is correct?=C2=A0=C2=A0

On Tue, Aug 5, 2025 at 4:57=E2=80=AF= PM Shakir Idrisi <shakir@webuzo.com> wrote:
Hi,

I updated the con= figuration and it's now working.
I'm using it=C2=A0$http_host instead of $host for the Host header.
Just want to confirm =E2=80=94 is this the correct and recommended way?=C2= =A0=C2=A0

location ^~ /pgadmin4/ {
=C2=A0 =C2=A0 proxy_pass http:= //unix:/tmp/pgadmin4.sock;
=C2=A0 =C2=A0 proxy_set_header Host $http_hos= t; # here i have=C2=A0changed=C2=A0$host to $http_host
proxy_set_header= X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_= forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_se= t_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /pgadmi= n4;
proxy_http_version 1.1;

=C2=A0 =C2=A0 proxy_read_timeout 3= 00;
=C2=A0 =C2=A0 proxy_connect_timeout 60;
}
On Tue, A= ug 5, 2025 at 2:55=E2=80=AFPM Shakir Idrisi <shakir@webuzo.com> wrote:
Hi,

<= /div>
Do you have any updates or suggestions that could help me further= debug this issue?=C2=A0=C2=A0

On Tue, Aug 5, 2025 at 10:23=E2=80=AFAM= Shakir Idrisi <s= hakir@webuzo.com> wrote:
Hi,=C2=A0

Yes I have tried that conf which you have provided.=C2=A0
I have mentioned that in my last reply that it is not w= orking.=C2=A0
Still getting blank page after login o= n https.=C2=A0

On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan <yogesh.mahaja= n@enterprisedb.com> wrote:
Hi,

=
I have already=C2=A0provided the nginx configuration. Ha= ve you tried it? Issues is clearly with Nginx config.

Thanks,
Yogesh Mahajan
EnterpriseDB


On Mon, Aug 4, 2025 = at 4:34=E2=80=AFPM Shakir Idrisi <shakir@webuzo.com> wrote:
Hi,
I=E2=80=99ve tried the suggested changes, but I=E2=80=99= m still encountering the same issue =E2=80=94 a blank page appears after lo= gging in over HTTPS.

As a workaround, I modified the config_local.py= file and set:
WTF_CSRF_CHECK_DEFAULT =3D False

With this = change, pgAdmin works correctly on HTTPS. However, I understand that disabl= ing CSRF protection is not recommended in a production environment, so I=E2= =80=99m looking for a more secure solution.

Here=E2=80=99s a snippet= of my current config_local.py for reference:

DATA_DIR =3D &#= 39;/var/lib/pgadmin4'
SQLITE_PATH =3D '/var/lib/pgadmin4/pgadmin= 4.db'
SESSION_DB_PATH =3D '/var/lib/pgadmin4/sessions'
ST= ORAGE_DIR =3D '/var/lib/pgadmin4/storage'
AZURE_CREDENTIAL_CACHE= _DIR =3D '/var/lib/pgadmin4/azurecredentialcache'
KERBEROS_CCACH= E_DIR =3D '/var/lib/pgadmin4/kerberoscache'

SCRIPT_NAME =3D = '/pgadmin4'

LOG_LEVEL =3D 'DEBUG'
CONSOLE_LOG_LEV= EL =3D 50 =C2=A0# INFO =3D 20, WARNING =3D 30, ERROR =3D 40, CRITICAL =3D 5= 0
FILE_LOG_LEVEL =3D 20
LOG_FILE =3D '/var/lib/pgadmin4/log/pgadm= in4.log'

Could you please help me identify the correct settings = to securely enable CSRF protection while ensuring pgAdmin functions properl= y over both HTTP and HTTPS under /pgadmin4?
=
--000000000000ebd39e063bac2bf7--