Re: Enable HTTPS on pgAdmin in Server Mode

Hi Morten,

When pgadmin is installed in server mode, it installs and configures
apache2 web server.
File location used by apache is -
/etc/apache2/sites-available/pgadmin4.conf which by default configures
non-ssl web server settings.
You need to edit this file to add valid ssl certificates path and other
couple of parameters as shown above.

Thanks,
Yogesh Mahajan
EnterpriseDB

On Wed, Jan 3, 2024 at 6:07 PM Morten Bonnerup Rasmussen <
morten(dot)rasmussen(at)bestseller(dot)com> wrote:

> Thanks for the reply, Yogesh
>
> But you need to run a separate webserver like Apache to configure this?
>
> When I set 'SERVER_MODE = True' in pgAdmin config, I am able to access
> pgAdmin from a browser by <hostname>:<port>
> So I asumed that it was running an embedded webserver and was hoping to
> configure SSL settings directly in pgAdmin instead of having to add further
> complexity (webserver, reverse proxy etc).
> But that is not possible?
>
>
>
> Morten Bonnerup Rasmussen
>
> TECH Reliability Services / Specialist
>
>
> BESTSELLER A/S
>
> FREDSKOVVEJ 1, 7330 BRANDE
>
> DENMARK
>
>
> ------------------------------
> *From:* Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com>
> *Sent:* Monday, January 1, 2024 05:39
> *To:* Morten Bonnerup Rasmussen <morten(dot)rasmussen(at)bestseller(dot)com>
> *Cc:* pgadmin-support(at)lists(dot)postgresql(dot)org <
> pgadmin-support(at)lists(dot)postgresql(dot)org>
> *Subject:* Re: Enable HTTPS on pgAdmin in Server Mode
>
> You don't often get email from yogesh(dot)mahajan(at)enterprisedb(dot)com(dot) Learn why
> this is important <https://aka.ms/LearnAboutSenderIdentification>
>
> *CAUTION:* This email comes from outside BESTSELLER.
> Hi Morten,
>
> You need to adjust settings with your webserver configuration to setup SSL
> enabled pgadmin. Here is configuration for apache webserver with SSL.
>
>
> <VirtualHost *:443>
>
> WSGIDaemonProcess pgadmin processes=1 threads=25
> python-home=/usr/pgadmin4/venv
>
> WSGIScriptAlias / /usr/pgadmin4/web/pgAdmin4.wsgi
>
> <Directory /usr/pgadmin4/web/>
>
> WSGIProcessGroup pgadmin
>
> WSGIApplicationGroup %{GLOBAL}
>
> Require all granted
>
> </Directory>
>
>
> ServerName pgadmin.yourdomain.com
>
> SSLEngine on
>
> SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
>
> SSLCertificateKeyFile /etc/apache2/certificate/apache.key
>
>
> </VirtualHost>
>
> You can mention the redirect url <https://pgadmin.yourdomain.com> for
> configuration above.
>
> Thanks,
> Yogesh Mahajan
> EnterpriseDB
>
>
> On Mon, Dec 18, 2023 at 5:43 PM Morten Bonnerup Rasmussen <
> morten(dot)rasmussen(at)bestseller(dot)com> wrote:
>
> Hi
>
> I am working on deployment of pgAdmin 4 as part of a postgreSQL package in
> our enterprise environment.
>
> I have currently installed pgAdmin in server mode on a Windows Server, but
> running into problems configuring OAUTH2 authentication. I have enabled
> Azure AD/Entra ID authentication based on the following guide by Asmita
> How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal
> | Medium
> <https://medium.com/@asmita.thapliyal/how-to-configure-oauth-2-0-with-azure-ad-in-pgadmin4-2c1500d52d9d>
>
> But redirect URI in Azure app registration requires a HTTPS link and I
> have not found a way to specify a server certificate (currently selfsigned
> for testing purposes).
> I have not been able to find anything on config file and only references I
> have found online involves NGINX or similar, but I would prefer not
> introducing further complications if possible.
> Know of any way to natively enabling HTTPS connection to pgAdmin?
>
>
> *Morten Bonnerup Rasmussen*
>
> TECH Reliability Services / Specialist
>
> BESTSELLER A/S
>
> FREDSKOVVEJ 1, 7330 BRANDE
>
> DENMARK
>
>
>
>
>