That does sound a lot like the issue I am experiencing. I am using as little
Traefik configuration as possible, using Kubernetes labels for most of the
heavy lifting. Here is the relevant bits of traefik.toml file:
# traefik.toml
logLevel = "INFO"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
regex = "^http://(.*)"
replacement = "https://$1";
[kubernetes]
[traefikLog]
format = "json"
[accessLog]
format = "common"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
Because I am running this in a cluster, my ELB is routing all traffic into …
Traefik, so I have to use some sort of service mesh to handle routing packets
to backend containers. That and the ELB handles SSL termination with my Route53
certificate.
Thanks,
Andrew
From: Dave Page
Sent: Friday, June 28, 2019 6:45 AM
To: Andrew Coleman
Cc: pgadmin-support@lists.postgresql.org
Subject: Re: PgAdmin4 behind SSL proxy
Hi
On Thu, Jun 27, 2019 at 1:14 PM Andrew Coleman <penguinco...@gmail.com> wrote:
Has anyone had any success running PgAdmin4 behind a reverse proxy? I am using
Traefik for routing in my Kubernetes cluster and I am experiencing some strange
behavior.
With SSL:
POST /login, cookie is returned with an empty value, GET /browser redirect to
/login
Sometimes even requests to /user_management/current_user.js actually returns
index.html and causes undefined behavior on the page.
Without SSL, with kubectl port-forward:
POST /login, cookie is returned with a value, GET to /browser returns page
contents as expected.
Hmm, I wonder if this is similar to https://redmine.postgresql.org/issues/4254
Do you have sample Traefik config you can share so I can test? Not entirely
sure when as I'm travelling at the moment, but I'd like to take a look.
I assume running it in one container with pgAdmin in another is roughly what
you're doing?
I have set X-Forwarded-Proto to https, but that doesn’t do anything. I have set
X-Scheme to https and that helps, but it’s not all the way. Cookies returned do
not have the Secure; flag (not sure if that’s necessary, though). I have tried
setting the values in this blog post both in config.py and in the environment
to no success:
https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications
I really need to expose PgAdmin via https and not http. Is there any way to do
this without so much hate and discontent?
If you take Traefik out of the equation, the container supports https directly.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
