From: | Dave Page <dpage(at)pgadmin(dot)org> |
---|---|
To: | Andrew Coleman <penguincoder(at)gmail(dot)com> |
Cc: | "pgadmin-support(at)lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org> |
Subject: | Re: PgAdmin4 behind SSL proxy |
Date: | 2019-06-28 10:45:24 |
Message-ID: | CA+OCxoyrTbRZWrGsyg3fm4vMaEyuNuWdHseL+jTgEx+WXuu+fQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
Hi
On Thu, Jun 27, 2019 at 1:14 PM Andrew Coleman <penguincoder(at)gmail(dot)com>
wrote:
> Has anyone had any success running PgAdmin4 behind a reverse proxy? I am
> using Traefik for routing in my Kubernetes cluster and I am experiencing
> some strange behavior.
>
>
>
> With SSL:
>
>
>
> POST /login, cookie is returned with an empty value, GET /browser redirect
> to /login
>
> Sometimes even requests to /user_management/current_user.js actually
> returns index.html and causes undefined behavior on the page.
>
>
>
> Without SSL, with kubectl port-forward:
>
>
>
> POST /login, cookie is returned with a value, GET to /browser returns page
> contents as expected.
>
Hmm, I wonder if this is similar to
https://redmine.postgresql.org/issues/4254
Do you have sample Traefik config you can share so I can test? Not entirely
sure when as I'm travelling at the moment, but I'd like to take a look.
I assume running it in one container with pgAdmin in another is roughly
what you're doing?
>
>
> I have set X-Forwarded-Proto to https, but that doesn’t do anything. I
> have set X-Scheme to https and that helps, but it’s not all the way.
> Cookies returned do not have the Secure; flag (not sure if that’s
> necessary, though). I have tried setting the values in this blog post both
> in config.py and in the environment to no success:
>
>
>
> https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications
>
>
>
> I really need to expose PgAdmin via https and not http. Is there any way
> to do this without so much hate and discontent?
>
If you take Traefik out of the equation, the container supports https
directly.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Coleman | 2019-06-28 15:38:57 | RE: PgAdmin4 behind SSL proxy |
Previous Message | Fernando Hevia | 2019-06-28 05:46:46 | Re: pgAdmin 4 v4.9 released |