Re: PgAdmin4 behind SSL proxy

Hi

On Thu, Jun 27, 2019 at 1:14 PM Andrew Coleman <penguincoder(at)gmail(dot)com>
wrote:

> Has anyone had any success running PgAdmin4 behind a reverse proxy? I am
> using Traefik for routing in my Kubernetes cluster and I am experiencing
> some strange behavior.
>
>
>
> With SSL:
>
>
>
> POST /login, cookie is returned with an empty value, GET /browser redirect
> to /login
>
> Sometimes even requests to /user_management/current_user.js actually
> returns index.html and causes undefined behavior on the page.
>
>
>
> Without SSL, with kubectl port-forward:
>
>
>
> POST /login, cookie is returned with a value, GET to /browser returns page
> contents as expected.
>

Hmm, I wonder if this is similar to
https://redmine.postgresql.org/issues/4254

Do you have sample Traefik config you can share so I can test? Not entirely
sure when as I'm travelling at the moment, but I'd like to take a look.

I assume running it in one container with pgAdmin in another is roughly
what you're doing?

>
>
> I have set X-Forwarded-Proto to https, but that doesn’t do anything. I
> have set X-Scheme to https and that helps, but it’s not all the way.
> Cookies returned do not have the Secure; flag (not sure if that’s
> necessary, though). I have tried setting the values in this blog post both
> in config.py and in the environment to no success:
>
>
>
> https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications
>
>
>
> I really need to expose PgAdmin via https and not http. Is there any way
> to do this without so much hate and discontent?
>

If you take Traefik out of the equation, the container supports https
directly.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company