AW: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

Hi Khushboo,

Thank you for your reply. I have permission and company-proxy problem with the image dpage/pgadmin4 from Docker. When I tried to change the permission of work/session directory, it is not allowed, and sudo is not installed.
sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted
sudo: no valid sudoers sources found, quitting
sudo: setresuid() [0, 0, 0] -> [1003600000, -1, -1]: Operation not permitted
sudo: error initializing audit plugin sudoers_audit
[INFO] Starting gunicorn 20.1.0
[INFO] Listening at: http://[::]:443
[INFO] Using worker: gthreads
[INFO] Booting worker with pid: 22

Would it be possible if I could change the config of NGINX on the image on OpenShift (Red Hat)? https://catalog.redhat.com/software/containers/crunchydata/crunchy-pgadmin4/595e643a4b339a35612c077d?container-tabs=overview

Best regards,
Boon

Von: Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com>
Gesendet: Dienstag, 7. Juni 2022 07:01
An: Choo, Boon Hooi <Boon-Hooi(dot)Choo(at)t-systems(dot)com>
Cc: pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Betreff: Re: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

On Tue, Jun 7, 2022 at 10:29 AM Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com<mailto:khushboo(dot)vashi(at)enterprisedb(dot)com>> wrote:
Hello,

On Tue, Jun 7, 2022 at 1:58 AM <Boon-Hooi(dot)Choo(at)t-systems(dot)com<mailto:Boon-Hooi(dot)Choo(at)t-systems(dot)com>> wrote:
Hello everyone,

I am trying to encrypt the connection from client side to the pod of pgAdmin 4 (container) on OpenShift. I have included a certificate (server.cert) and a key (server.key), which are extracted from the PFX file from our certificate operator on OpenShift. I have succeeded to encrypt the connection with TLS termination type “edge”, which is defined in YAML file for route for pgAdmin 4. With type “edge”, we only encrypt until the HA-Proxy (Router of OpenShift).
However, when I tried to change the TLS termination type to “reencrypt”, with destination CA certificate provided, I have received a TLS handshake problem. I have tried to research online, and I believed that it is because I am trying to do a SSL connection to a non-SSL pod of pgAdmin 4. Do you know how could we change the config file of pod (NGINX?) and add the line of “host 443 ssl” to the server? (P.S.: I use the image of pgAdmin from crunchydata registry in my deployment YAML file.)

You can get the idea regarding NGINX settings at https://www.pgadmin.org/download/pgadmin-4-container/, and this document supports the pgAdmin container image<https://www.pgadmin.org/download/pgadmin-4-container/> (not the crunchy data registry.).

NGINX settings document link: https://www.pgadmin.org/docs/pgadmin4/6.10/container_deployment.html

Thanks,
Khushboo

Thank you so much for your attention, any help would be much appreciated!

Many thanks and best regards,

Boon Hooi Choo

Consultant Digital Integration
PU Digital Solutions/Products & Solutions

T-Systems International GmbH