Hi,
Apologies for the interruption. May I kindly ask if the configuration I
provided in my previous reply is correct?
On Tue, Aug 5, 2025 at 4:57 PM Shakir Idrisi <sha...@webuzo.com> wrote:
> Hi,
>
> I updated the configuration and it's now working.
> I'm using it *$http_host* instead of *$host* for the *Host *header.
> Just want to confirm — is this the correct and recommended way?
>
> location ^~ /pgadmin4/ {
>>
>> proxy_pass http://unix:/tmp/pgadmin4.sock;
>> proxy_set_header Host $http_host; # here i have changed $host to
>> $http_host
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> proxy_set_header X-Forwarded-Proto $scheme;
>> proxy_set_header X-Forwarded-Host $host;
>> proxy_set_header X-Script-Name /pgadmin4;
>> proxy_http_version 1.1;
>>
>>
>> proxy_read_timeout 300;
>> proxy_connect_timeout 60;
>
> }
>
> On Tue, Aug 5, 2025 at 2:55 PM Shakir Idrisi <sha...@webuzo.com> wrote:
>
>> Hi,
>>
>> Do you have any updates or suggestions that could help me further debug
>> this issue?
>>
>> On Tue, Aug 5, 2025 at 10:23 AM Shakir Idrisi <sha...@webuzo.com> wrote:
>>
>>> Hi,
>>>
>>> Yes I have tried that conf which you have provided.
>>> I have mentioned that in my last reply that it is not working.
>>> Still getting blank page after login on https.
>>>
>>> On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan <
>>> yogesh.maha...@enterprisedb.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I have already provided the nginx configuration. Have you tried it?
>>>> Issues is clearly with Nginx config.
>>>>
>>>> Thanks,
>>>> Yogesh Mahajan
>>>> EnterpriseDB
>>>>
>>>>
>>>> On Mon, Aug 4, 2025 at 4:34 PM Shakir Idrisi <sha...@webuzo.com> wrote:
>>>>
>>>>> Hi,
>>>>> I’ve tried the suggested changes, but I’m still encountering the same
>>>>> issue — a blank page appears after logging in over HTTPS.
>>>>>
>>>>> As a workaround, I modified the config_local.py file and set:
>>>>> *WTF_CSRF_CHECK_DEFAULT = False*
>>>>>
>>>>> With this change, pgAdmin works correctly on HTTPS. However, I
>>>>> understand that disabling CSRF protection is not recommended in a
>>>>> production environment, so I’m looking for a more secure solution.
>>>>>
>>>>> Here’s a snippet of my current *config_local.py* for reference:
>>>>>
>>>>> DATA_DIR = '/var/lib/pgadmin4'
>>>>> SQLITE_PATH = '/var/lib/pgadmin4/pgadmin4.db'
>>>>> SESSION_DB_PATH = '/var/lib/pgadmin4/sessions'
>>>>> STORAGE_DIR = '/var/lib/pgadmin4/storage'
>>>>> AZURE_CREDENTIAL_CACHE_DIR = '/var/lib/pgadmin4/azurecredentialcache'
>>>>> KERBEROS_CCACHE_DIR = '/var/lib/pgadmin4/kerberoscache'
>>>>>
>>>>> SCRIPT_NAME = '/pgadmin4'
>>>>>
>>>>> LOG_LEVEL = 'DEBUG'
>>>>> CONSOLE_LOG_LEVEL = 50 # INFO = 20, WARNING = 30, ERROR = 40,
>>>>> CRITICAL = 50
>>>>> FILE_LOG_LEVEL = 20
>>>>> LOG_FILE = '/var/lib/pgadmin4/log/pgadmin4.log'
>>>>>
>>>>> Could you please help me identify the correct settings to securely
>>>>> enable CSRF protection while ensuring pgAdmin functions properly over both
>>>>> HTTP and HTTPS under /pgadmin4?
>>>>>
>>>>>>
