Re: Issue with pgAdmin 4 Login Behind NGINX Reverse Proxy at /pgadmin4 Path - Mailing list pgadmin-support

Hi,

I have shared my nginx.conf, please help me to debug this.

Nginx.conf

server {

listen   2005 ssl;
listen   2004;
include /usr/local/web_app/conf/web_app/test/admin_port*;
server_name  localhost;

ssl_certificate /var/web_app/certs/web_app-combined.pem;
ssl_certificate_key /var/web_app/certs/web_app.key;
ssl_session_timeout  5m;
ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers   HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

# The Document Root
root /usr/local/web_app/web/admin;

rewrite "/sess([0-9a-zA-Z]{16})/(.*)" /$2;

# Redirect server error pages to the static pages
error_page  404 /nginx/404.html;
error_page  497 /nginx/497.html;
error_page  500 502 503 504 /nginx/50x.html;

# For proxy from user domains
set $web_app_https '';
set $web_app_port '';
set $web_app_real_ip '';
include /usr/local/web_app/conf/web_app/test/admin_proxy_security*;

# Any other locations
include /usr/local/web_app/conf/web_app/test/admin_locations_pgadmin4.conf;

# Pass the INDEX.PHP OR PHP script OR "/" to FastCGI
location ~ ^(/index.php|install.php|/filemanager/elfinder.php|/)$ {
fastcgi_pass unix:/usr/local/test/var/fpm-root.sock;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME  $fastcgi_script_name;
include fastcgi_params;
}

# Pass the regular PHP scripts to test FastCGI
location ~ \.php$ {
fastcgi_pass unix:/usr/local/test/var/fpm-web_app.sock;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}

# TTY / User Shell
include /usr/local/web_app/conf/web_app/test/ttyd.conf;

# Custom conf if any !
include /usr/local/test/etc/nginx/conf.d/*;
}

Above is my nginx.conf and in my nginx.conf I have included admin_location_pgadmin4.conf.
This is the conf saved under the file admin_location_pgadmin4.conf

location = /pgadmin4 { rewrite ^ /pgadmin4/; }
location ^~ /pgadmin4/ {
    proxy_pass http://unix:/tmp/pgadmin4.sock;

    proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /pgadmin4/;
proxy_http_version 1.1;

    proxy_read_timeout 300;
    proxy_connect_timeout 60;
}

When I access domain:2004/pgadmin4 then it works.
But when I access it on SSL port using domain:2005 or IP:2005, it will show a blank page after login.

On Mon, Aug 4, 2025 at 1:35 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

Typical reason for the 401 while redirection from Non-SSL to SSL is because the authentication credentials (like cookies, tokens, or headers) are not preserved correctly.

Unless you provide your configuration, its difficult to help further.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Mon, Aug 4, 2025 at 1:02 PM Shakir Idrisi <shakir@webuzo.com> wrote:

HI,

When I access the URL, it will load the SSL certificate properly on the domain, but why do three requests get a 401 error?

Any idea?

On Mon, Aug 4, 2025 at 12:46 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

So the issue is with SSL. I guess this has to do with the nginx configuration, not the pgadmin one. 

Generic redirection for non-SSL to SSL should look as below - 

server {    listen 80;    return 301 https://$host$request_uri;
}

server {    listen 443 ssl;    server_name _;    ssl_certificate /etc/nginx/server.crt;    ssl_certificate_key /etc/nginx/server.key;    ........
    location /pgadmin4/ {        proxy_pass http://unix:/tmp/pgadmin4.sock:/<scripnt_name>/;

.........

    }
}

Thanks,

Yogesh Mahajan

EnterpriseDB

On Mon, Aug 4, 2025 at 12:31 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi,

I have tried the above solution, but it is still not working.
I have monitored the log, and it shows that the user is logged in. 
2025-08-04 12:23:33,777: INFO   pgadmin:        Internal user shakir@xyz.com logged in.

However, after logging in, the page appears blank.

In the browser’s Network tab, most requests return 200, but about 3 requests return 401 Unauthorized.

conf I'm using, this works when accessed on http, but when I access it on https, it shows a blank page,

certificate is installed on the domain.
location = /pgadmin4 { rewrite ^ /pgadmin4/; }
location ^~ /pgadmin4/ {
    proxy_pass http://unix:/tmp/pgadmin4.sock;

    proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /pgadmin4/;
proxy_http_version 1.1;

    proxy_read_timeout 300;
    proxy_connect_timeout 60;
}

On Mon, Aug 4, 2025 at 10:38 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

Can you please try changing proxy_pass to 

proxy_pass http://unix:/tmp/pgadmin4.sock:/<scripnt_name>/;

As you are setting the script name. If it does not work, please paste the complete configuration for nginx, and service file to debug more.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Sun, Aug 3, 2025 at 10:21 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi, 

Any update on this?

On Thu, Jul 31, 2025, 7:27 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi,

I am facing an issue when I try to access the pgadmin of https after logging in; it shows a blank page. Can you please help me figure it out?

This is the config I am using.

location = /pgadmin4 {
    return 301 /pgadmin4/;
}
location ^~ /pgadmin4/ {
    proxy_pass http://unix:/tmp/pgadmin4.sock;

    proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /pgadmin4;
proxy_http_version 1.1;

    proxy_read_timeout 300;
    proxy_connect_timeout 60;
}

In the browser console of I am getting this error.
Object { message: "Request failed with status code 401", name: "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request: XMLHttpRequest, response: {…}, status: 401, stack: "".....

On Mon, Jun 23, 2025 at 9:12 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

Can you please try modifying '/pgadmin4' like below - 

`location = /pgadmin4 {

    return 301 /pgadmin4/;
}`

You can use webserver /kerberos authentication method for automatic login. With internal authentication method, you will required to enter your userid/password. You may also use OAuth2.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Fri, Jun 20, 2025 at 1:24 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi,

One more question, can I use autologin in pgAdmin4? I am using the internal method for authentication. 

On Fri, Jun 20, 2025 at 11:38 AM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi,

Thanks, it worked. 

I am facing an issue when I try to access the pgadmin of https after logging in; it shows a blank page. Can you please help me figure it out?

This is the config I am using for the proxy in HTTPS and HTTP vhblock 

location = /pgadmin4 { rewrite ^ /pgadmin4/; }
location ^~ /pgadmin4/ {
    proxy_pass http://unix:/tmp/pgadmin4.sock;

    proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /pgadmin4;
proxy_http_version 1.1;

    proxy_read_timeout 300;
    proxy_connect_timeout 60;
}

In the browser console of I am getting this error.
Object { message: "Request failed with status code 401", name: "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request: XMLHttpRequest, response: {…}, status: 401, stack: "".....

On Mon, Jun 16, 2025 at 9:56 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

You can use the command 'update-user' for user update.

To explore more options, you can use the command below with pgadmin venv.

`python3.12 setup.py update-user --help `

Typical command would be - 

`python3.12 setup.py update-user <user_id> --password <new_password> --role Administrator --sqlite-path <pgadmin_db_path>`

Thanks,

Yogesh Mahajan

EnterpriseDB

On Sat, Jun 14, 2025 at 5:09 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi,

I hope you're doing well.

pgAdmin is now working properly. Earlier, I ran the setup-db command and set the admin username and password.

Now, after reinstalling pgAdmin, I noticed that the data directory (including pgadmin.db) was not removed. I would like to either reuse the old admin password or reset it if needed.

Is there a way to reset the admin user's password using a command in this case?

Your guidance would be greatly appreciated.

Thank you for your help.

On Tue, Jun 10, 2025, 9:57 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Ok, I will check.

On Tue, Jun 10, 2025, 5:26 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

I could reproduce the error when I have multiple workers. Maybe you can try restarting the Guicorn service.

Can you please try once in the private browser window?

Thanks,

Yogesh Mahajan

EnterpriseDB

On Tue, Jun 10, 2025 at 3:54 PM Shakir Idrisi <shakir@webuzo.com> wrote:

HI,

I have used this command, and I have created a systemd file to start and stop the service.

ExecStart=/var/w-data/pgadmin4/pgadmin_venv/bin/gunicorn \
    --workers 1 \
--threads=25 \
    --bind unix:/tmp/pgadmin4.sock \
    --chdir /var/w-data/pgadmin4/pgadmin_venv/lib/python3.11/site-packages/pgadmin4 \
--umask 007 \
    pgAdmin4:app

Also, when I try multiple times then it will log in and show a blank dashboard, or sometimes it will show a dashboard but not work properly. In the console log, I see the following error

On Tue, Jun 10, 2025 at 3:26 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:

Hi,

Can you please share your guicorn command? 

How many workers are you spawning? It should be 1.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Tue, Jun 10, 2025 at 12:34 PM Shakir Idrisi <shakir@webuzo.com> wrote:

Hi,

I've installed pgAdmin 4 on my Linux server and configured it behind Gunicorn and NGINX, accessible at:
https://domain.com/pgadmin4/.

The login page loads correctly. However, after entering valid credentials, I'm redirected back to the login page without any error message. Occasionally, I see a CSRF token error, which disappears after a page refresh, but the login still fails.

In the browser console or network tab, I sometimes see 401 errors or issues loading static assets.

Here's the NGINX configuration I'm currently using to reverse proxy pgAdmin via a Unix socket:

nginx
location /pgadmin4/ {    proxy_pass http://unix:/tmp/pgadmin4.sock:/;
    # Proxy headers    proxy_set_header Host $host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    proxy_set_header X-Forwarded-Proto $scheme;
    # Inform pgAdmin it's served under a subpath    proxy_set_header X-Script-Name /pgadmin4;
    # Optional: timeouts and static asset handling    proxy_read_timeout 300;    proxy_connect_timeout 60;
}

Could you please advise:

1. Is there something wrong with the proxy setup?

2. Do I need to handle static assets or cookies differently when using a subpath (/pgadmin4)?

3. Are there any additional settings required in the pgAdmin config to work correctly behind a sub-URI with NGINX?

Thanks in advance for your guidance.