Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path

Hi,

I have shared my nginx.conf, please help me to debug this.
Nginx.conf

*server { listen 2005 ssl; listen 2004; include
/usr/local/web_app/conf/web_app/test/admin_port*; server_name localhost;
ssl_certificate /var/web_app/certs/web_app-combined.pem;
ssl_certificate_key /var/web_app/certs/web_app.key; ssl_session_timeout
5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on; # The Document Root root
/usr/local/web_app/web/admin; rewrite "/sess([0-9a-zA-Z]{16})/(.*)" /$2; #
Redirect server error pages to the static pages error_page 404
/nginx/404.html; error_page 497 /nginx/497.html; error_page 500 502 503
504 /nginx/50x.html; # For proxy from user domains set $web_app_https '';
set $web_app_port ''; set $web_app_real_ip ''; include
/usr/local/web_app/conf/web_app/test/admin_proxy_security*; # Any other
locations include
/usr/local/web_app/conf/web_app/test/admin_locations_pgadmin4.conf; # Pass
the INDEX.PHP OR PHP script OR "/" to FastCGI location ~
^(/index.php|install.php|/filemanager/elfinder.php|/)$ { fastcgi_pass
unix:/usr/local/test/var/fpm-root.sock; fastcgi_read_timeout 3600;
fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME
$fastcgi_script_name; include fastcgi_params; } # Pass the regular PHP
scripts to test FastCGI location ~ \.php$ { fastcgi_pass
unix:/usr/local/test/var/fpm-web_app.sock; fastcgi_read_timeout 3600;
fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME
$fastcgi_script_name; include fastcgi_params; } # TTY / User Shell include
/usr/local/web_app/conf/web_app/test/ttyd.conf; # Custom conf if any !
include /usr/local/test/etc/nginx/conf.d/*;}*Above is my nginx.conf and in
my nginx.conf I have included admin_location_pgadmin4.conf.
This is the conf saved under the file admin_location_pgadmin4.conf

*location = /pgadmin4 { rewrite ^ /pgadmin4/; }location ^~ /pgadmin4/ {
proxy_pass http://unix:/tmp/pgadmin4.sock; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Script-Name
/pgadmin4/; proxy_http_version 1.1; proxy_read_timeout 300;
proxy_connect_timeout 60;}*When I access domain:2004/pgadmin4 then it works.
But when I access it on SSL port using domain:2005 or IP:2005, it will show
a blank page after login.

On Mon, Aug 4, 2025 at 1:35 PM Yogesh Mahajan <
yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:

> Hi,
>
> Typical reason for the 401 while redirection from Non-SSL to SSL is
> because the authentication credentials (like cookies, tokens, or headers)
> are not preserved correctly.
> Unless you provide your configuration, its difficult to help further.
>
> Thanks,
> Yogesh Mahajan
> EnterpriseDB
>
>
> On Mon, Aug 4, 2025 at 1:02 PM Shakir Idrisi <shakir(at)webuzo(dot)com> wrote:
>
>> HI,
>>
>> When I access the URL, it will load the SSL certificate properly on the
>> domain, but why do three requests get a 401 error?
>>
>> Any idea?
>>
>>
>>
>> On Mon, Aug 4, 2025 at 12:46 PM Yogesh Mahajan <
>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>
>>> Hi,
>>>
>>> So the issue is with SSL. I guess this has to do with the nginx
>>> configuration, not the pgadmin one.
>>> Generic redirection for non-SSL to SSL should look as below -
>>>
>>> server {
>>> listen 80;
>>> return 301 https://$host$request_uri;
>>> }
>>>
>>> server {
>>> listen 443 ssl;
>>> server_name _;
>>> ssl_certificate /etc/nginx/server.crt;
>>> ssl_certificate_key /etc/nginx/server.key;
>>> ........
>>>
>>> location /pgadmin4/ {
>>> proxy_pass http://unix:/tmp/pgadmin4.sock:/<scripnt_name>/;
>>>
>>> .........
>>>
>>>
>>> }
>>> }
>>>
>>>
>>> Thanks,
>>> Yogesh Mahajan
>>> EnterpriseDB
>>>
>>>
>>> On Mon, Aug 4, 2025 at 12:31 PM Shakir Idrisi <shakir(at)webuzo(dot)com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I have tried the above solution, but it is still not working.
>>>> I have monitored the log, and it shows that the user is logged in.
>>>> *2025-08-04 12:23:33,777: INFO pgadmin: Internal user
>>>> shakir(at)xyz(dot)com <shakir(at)xyz(dot)com> logged in.*
>>>>
>>>> However, after logging in, the page appears blank.
>>>>
>>>> In the browser’s *Network tab*, most requests return *200*, but about *3
>>>> requests return 401 Unauthorized*.
>>>> [image: image.png]
>>>>
>>>>
>>>> conf I'm using, this works when accessed on http, but when I access it
>>>> on https, it shows a blank page,
>>>> certificate is installed on the domain.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *location = /pgadmin4 { rewrite ^ /pgadmin4/; }location ^~ /pgadmin4/
>>>> { proxy_pass http://unix:/tmp/pgadmin4.sock; proxy_set_header Host
>>>> $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header
>>>> X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header
>>>> X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host;
>>>> proxy_set_header X-Script-Name /pgadmin4/; proxy_http_version 1.1;
>>>> proxy_read_timeout 300; proxy_connect_timeout 60;}*
>>>>
>>>> On Mon, Aug 4, 2025 at 10:38 AM Yogesh Mahajan <
>>>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Can you please try changing proxy_pass to
>>>>>
>>>>> proxy_pass http://unix:/tmp/pgadmin4.sock:/<scripnt_name>/;
>>>>>
>>>>> As you are setting the script name. If it does not work, please paste
>>>>> the complete configuration for nginx, and service file to debug more.
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Yogesh Mahajan
>>>>> EnterpriseDB
>>>>>
>>>>>
>>>>> On Sun, Aug 3, 2025 at 10:21 PM Shakir Idrisi <shakir(at)webuzo(dot)com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Any update on this?
>>>>>>
>>>>>> On Thu, Jul 31, 2025, 7:27 PM Shakir Idrisi <shakir(at)webuzo(dot)com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am facing an issue when I try to access the pgadmin of https after
>>>>>>> logging in; it shows a blank page. Can you please help me figure it out?
>>>>>>>
>>>>>>> This is the config I am using.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *location = /pgadmin4 { return 301 /pgadmin4/;}*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *location ^~ /pgadmin4/ { proxy_pass
>>>>>>> http://unix:/tmp/pgadmin4.sock; proxy_set_header Host
>>>>>>> $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header
>>>>>>> X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header
>>>>>>> X-Forwarded-Proto $scheme;proxy_set_header X-Forwarded-Host
>>>>>>> $host;proxy_set_header X-Script-Name /pgadmin4;proxy_http_version 1.1;
>>>>>>> proxy_read_timeout 300; proxy_connect_timeout 60;}*
>>>>>>>
>>>>>>> In the browser console of I am getting this error.
>>>>>>> *Object { message: "Request failed with status code
>>>>>>> 401", name: "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request: XMLHttpRequest, response: {…}, status: 401, stack: "".....*
>>>>>>>
>>>>>>> On Mon, Jun 23, 2025 at 9:12 AM Yogesh Mahajan <
>>>>>>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Can you please try modifying '/pgadmin4' like below -
>>>>>>>> `location = /pgadmin4 {
>>>>>>>> return 301 /pgadmin4/;
>>>>>>>> }`
>>>>>>>>
>>>>>>>> You can use webserver /kerberos authentication method for automatic
>>>>>>>> login. With internal authentication method, you will required to enter your
>>>>>>>> userid/password. You may also use OAuth2.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Yogesh Mahajan
>>>>>>>> EnterpriseDB
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Jun 20, 2025 at 1:24 PM Shakir Idrisi <shakir(at)webuzo(dot)com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> One more question, can I use autologin in pgAdmin4? I am using the
>>>>>>>>> internal method for authentication.
>>>>>>>>>
>>>>>>>>> On Fri, Jun 20, 2025 at 11:38 AM Shakir Idrisi <shakir(at)webuzo(dot)com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Thanks, it worked.
>>>>>>>>>>
>>>>>>>>>> I am facing an issue when I try to access the pgadmin of https
>>>>>>>>>> after logging in; it shows a blank page. Can you please help me figure it
>>>>>>>>>> out?
>>>>>>>>>>
>>>>>>>>>> This is the config I am using for the proxy in HTTPS and HTTP
>>>>>>>>>> vhblock
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> *location = /pgadmin4 { rewrite ^ /pgadmin4/; }location ^~
>>>>>>>>>> /pgadmin4/ { proxy_pass http://unix:/tmp/pgadmin4.sock;
>>>>>>>>>> proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
>>>>>>>>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>>>>>>>>> proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header
>>>>>>>>>> X-Forwarded-Host $host; proxy_set_header X-Script-Name /pgadmin4;
>>>>>>>>>> proxy_http_version 1.1; proxy_read_timeout 300; proxy_connect_timeout
>>>>>>>>>> 60;}*
>>>>>>>>>>
>>>>>>>>>> In the browser console of I am getting this error.
>>>>>>>>>> *Object { message: "Request failed with status code 401", name:
>>>>>>>>>> "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request:
>>>>>>>>>> XMLHttpRequest, response: {…}, status: 401, stack: "".....*
>>>>>>>>>>
>>>>>>>>>> On Mon, Jun 16, 2025 at 9:56 AM Yogesh Mahajan <
>>>>>>>>>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> You can use the command 'update-user' for user update.
>>>>>>>>>>>
>>>>>>>>>>> To explore more options, you can use the command below with
>>>>>>>>>>> pgadmin venv.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> `python3.12 setup.py update-user --help `
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Typical command would be -
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> `python3.12 setup.py update-user <user_id> --password
>>>>>>>>>>> <new_password> --role Administrator --sqlite-path <pgadmin_db_path>`
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Yogesh Mahajan
>>>>>>>>>>> EnterpriseDB
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Sat, Jun 14, 2025 at 5:09 PM Shakir Idrisi <shakir(at)webuzo(dot)com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> I hope you're doing well.
>>>>>>>>>>>>
>>>>>>>>>>>> pgAdmin is now working properly. Earlier, I ran the setup-db
>>>>>>>>>>>> command and set the admin username and password.
>>>>>>>>>>>>
>>>>>>>>>>>> Now, after reinstalling pgAdmin, I noticed that the data
>>>>>>>>>>>> directory (including pgadmin.db) was not removed. I would like to either
>>>>>>>>>>>> reuse the old admin password or reset it if needed.
>>>>>>>>>>>>
>>>>>>>>>>>> Is there a way to reset the admin user's password using a
>>>>>>>>>>>> command in this case?
>>>>>>>>>>>> Your guidance would be greatly appreciated.
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you for your help.
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Jun 10, 2025, 9:57 PM Shakir Idrisi <shakir(at)webuzo(dot)com>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Ok, I will check.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Jun 10, 2025, 5:26 PM Yogesh Mahajan <
>>>>>>>>>>>>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I could reproduce the error when I have multiple workers.
>>>>>>>>>>>>>> Maybe you can try restarting the Guicorn service.
>>>>>>>>>>>>>> Can you please try once in the private browser window?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>> Yogesh Mahajan
>>>>>>>>>>>>>> EnterpriseDB
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Jun 10, 2025 at 3:54 PM Shakir Idrisi <
>>>>>>>>>>>>>> shakir(at)webuzo(dot)com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> HI,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I have used this command, and I have created a systemd file
>>>>>>>>>>>>>>> to start and stop the service.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> *ExecStart=/var/w-data/pgadmin4/pgadmin_venv/bin/gunicorn \*
>>>>>>>>>>>>>>> * --workers 1 \*
>>>>>>>>>>>>>>> * --threads=25 \*
>>>>>>>>>>>>>>> * --bind unix:/tmp/pgadmin4.sock \*
>>>>>>>>>>>>>>> * --chdir
>>>>>>>>>>>>>>> /var/w-data/pgadmin4/pgadmin_venv/lib/python3.11/site-packages/pgadmin4 \*
>>>>>>>>>>>>>>> * --umask 007 \*
>>>>>>>>>>>>>>> * pgAdmin4:app*
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Also, when I try multiple times then it will log in and show
>>>>>>>>>>>>>>> a blank dashboard, or sometimes it will show a dashboard but not work
>>>>>>>>>>>>>>> properly. In the console log, I see the following error
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Jun 10, 2025 at 3:26 PM Yogesh Mahajan <
>>>>>>>>>>>>>>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Can you please share your guicorn command?
>>>>>>>>>>>>>>>> How many workers are you spawning? It should be 1.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>> Yogesh Mahajan
>>>>>>>>>>>>>>>> EnterpriseDB
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Tue, Jun 10, 2025 at 12:34 PM Shakir Idrisi <
>>>>>>>>>>>>>>>> shakir(at)webuzo(dot)com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I've installed *pgAdmin 4* on my Linux server and
>>>>>>>>>>>>>>>>> configured it behind *Gunicorn and NGINX*, accessible at:
>>>>>>>>>>>>>>>>> https://domain.com/pgadmin4/.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> The login page loads correctly. However, after entering
>>>>>>>>>>>>>>>>> valid credentials, I'm redirected back to the login page without any error
>>>>>>>>>>>>>>>>> message. Occasionally, I see a *CSRF token* error, which
>>>>>>>>>>>>>>>>> disappears after a page refresh, but the login still fails.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> In the browser console or network tab, I sometimes see 401
>>>>>>>>>>>>>>>>> errors or issues loading static assets.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Here's the NGINX configuration I'm currently using to
>>>>>>>>>>>>>>>>> reverse proxy pgAdmin via a Unix socket:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> *nginx*
>>>>>>>>>>>>>>>>> location /pgadmin4/ {
>>>>>>>>>>>>>>>>> proxy_pass http://unix:/tmp/pgadmin4.sock:/;
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> # Proxy headers
>>>>>>>>>>>>>>>>> proxy_set_header Host $host;
>>>>>>>>>>>>>>>>> proxy_set_header X-Real-IP $remote_addr;
>>>>>>>>>>>>>>>>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>>>>>>>>>>>>>>>> proxy_set_header X-Forwarded-Proto $scheme;
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> # Inform pgAdmin it's served under a subpath
>>>>>>>>>>>>>>>>> proxy_set_header X-Script-Name /pgadmin4;
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> # Optional: timeouts and static asset handling
>>>>>>>>>>>>>>>>> proxy_read_timeout 300;
>>>>>>>>>>>>>>>>> proxy_connect_timeout 60;
>>>>>>>>>>>>>>>>> }
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Could you please advise:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 1.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Is there something wrong with the proxy setup?
>>>>>>>>>>>>>>>>> 2.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Do I need to handle static assets or cookies
>>>>>>>>>>>>>>>>> differently when using a subpath (/pgadmin4)?
>>>>>>>>>>>>>>>>> 3.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Are there any additional settings required in the
>>>>>>>>>>>>>>>>> pgAdmin config to work correctly behind a sub-URI with NGINX?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks in advance for your guidance.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>