RE: PgAdmin4 behind SSL proxy
| От | Andrew Coleman |
|---|---|
| Тема | RE: PgAdmin4 behind SSL proxy |
| Дата | |
| Msg-id | 5d163488.1c69fb81.bc877.a52f@mx.google.com обсуждение исходный текст |
| Ответ на | Re: PgAdmin4 behind SSL proxy (Dave Page <dpage@pgadmin.org>) |
| Ответы |
Re: PgAdmin4 behind SSL proxy
|
| Список | pgadmin-support |
That does sound a lot like the issue I am experiencing. I am using as little Traefik configuration as possible, using Kubernetes labels for most of the heavy lifting. Here is the relevant bits of traefik.toml file:
# traefik.toml
logLevel = "INFO"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
regex = "^http://(.*)"
replacement = "https://$1"
[kubernetes]
[traefikLog]
format = "json"
[accessLog]
format = "common"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
Because I am running this in a cluster, my ELB is routing all traffic into … Traefik, so I have to use some sort of service mesh to handle routing packets to backend containers. That and the ELB handles SSL termination with my Route53 certificate.
Thanks,
Andrew
From: Dave Page
Sent: Friday, June 28, 2019 6:45 AM
To: Andrew Coleman
Cc: pgadmin-support@lists.postgresql.org
Subject: Re: PgAdmin4 behind SSL proxy
Hi
On Thu, Jun 27, 2019 at 1:14 PM Andrew Coleman <penguincoder@gmail.com> wrote:
Has anyone had any success running PgAdmin4 behind a reverse proxy? I am using Traefik for routing in my Kubernetes cluster and I am experiencing some strange behavior.
With SSL:
POST /login, cookie is returned with an empty value, GET /browser redirect to /login
Sometimes even requests to /user_management/current_user.js actually returns index.html and causes undefined behavior on the page.
Without SSL, with kubectl port-forward:
POST /login, cookie is returned with a value, GET to /browser returns page contents as expected.
Hmm, I wonder if this is similar to https://redmine.postgresql.org/issues/4254
Do you have sample Traefik config you can share so I can test? Not entirely sure when as I'm travelling at the moment, but I'd like to take a look.
I assume running it in one container with pgAdmin in another is roughly what you're doing?
I have set X-Forwarded-Proto to https, but that doesn’t do anything. I have set X-Scheme to https and that helps, but it’s not all the way. Cookies returned do not have the Secure; flag (not sure if that’s necessary, though). I have tried setting the values in this blog post both in config.py and in the environment to no success:
https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications
I really need to expose PgAdmin via https and not http. Is there any way to do this without so much hate and discontent?
If you take Traefik out of the equation, the container supports https directly.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
В списке pgadmin-support по дате отправления: