Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path

Hi,

I updated the configuration and it's now working.
I'm using it *$http_host* instead of *$host* for the *Host *header.
Just want to confirm — is this the correct and recommended way?

location ^~ /pgadmin4/ {
>
> proxy_pass http://unix:/tmp/pgadmin4.sock;
> proxy_set_header Host $http_host; # here i have changed $host to
> $http_host
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Script-Name /pgadmin4;
> proxy_http_version 1.1;
>
>
> proxy_read_timeout 300;
> proxy_connect_timeout 60;

}

On Tue, Aug 5, 2025 at 2:55 PM Shakir Idrisi <shakir(at)webuzo(dot)com> wrote:

> Hi,
>
> Do you have any updates or suggestions that could help me further debug
> this issue?
>
> On Tue, Aug 5, 2025 at 10:23 AM Shakir Idrisi <shakir(at)webuzo(dot)com> wrote:
>
>> Hi,
>>
>> Yes I have tried that conf which you have provided.
>> I have mentioned that in my last reply that it is not working.
>> Still getting blank page after login on https.
>>
>> On Tue, Aug 5, 2025, 9:53 AM Yogesh Mahajan <
>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>
>>> Hi,
>>>
>>> I have already provided the nginx configuration. Have you tried it?
>>> Issues is clearly with Nginx config.
>>>
>>> Thanks,
>>> Yogesh Mahajan
>>> EnterpriseDB
>>>
>>>
>>> On Mon, Aug 4, 2025 at 4:34 PM Shakir Idrisi <shakir(at)webuzo(dot)com> wrote:
>>>
>>>> Hi,
>>>> I’ve tried the suggested changes, but I’m still encountering the same
>>>> issue — a blank page appears after logging in over HTTPS.
>>>>
>>>> As a workaround, I modified the config_local.py file and set:
>>>> *WTF_CSRF_CHECK_DEFAULT = False*
>>>>
>>>> With this change, pgAdmin works correctly on HTTPS. However, I
>>>> understand that disabling CSRF protection is not recommended in a
>>>> production environment, so I’m looking for a more secure solution.
>>>>
>>>> Here’s a snippet of my current *config_local.py* for reference:
>>>>
>>>> DATA_DIR = '/var/lib/pgadmin4'
>>>> SQLITE_PATH = '/var/lib/pgadmin4/pgadmin4.db'
>>>> SESSION_DB_PATH = '/var/lib/pgadmin4/sessions'
>>>> STORAGE_DIR = '/var/lib/pgadmin4/storage'
>>>> AZURE_CREDENTIAL_CACHE_DIR = '/var/lib/pgadmin4/azurecredentialcache'
>>>> KERBEROS_CCACHE_DIR = '/var/lib/pgadmin4/kerberoscache'
>>>>
>>>> SCRIPT_NAME = '/pgadmin4'
>>>>
>>>> LOG_LEVEL = 'DEBUG'
>>>> CONSOLE_LOG_LEVEL = 50 # INFO = 20, WARNING = 30, ERROR = 40, CRITICAL
>>>> = 50
>>>> FILE_LOG_LEVEL = 20
>>>> LOG_FILE = '/var/lib/pgadmin4/log/pgadmin4.log'
>>>>
>>>> Could you please help me identify the correct settings to securely
>>>> enable CSRF protection while ensuring pgAdmin functions properly over both
>>>> HTTP and HTTPS under /pgadmin4?
>>>>
>>>>>