Thread: Bad Cookies with reverse proxy
Hello,
I've been trying to setup a pgadmin on Kubernetes behind an nginx ingress that handles the TLS termination. I cannot modify the configuration of that ingress, so I've deployed an additional nginx to handle the reverse proxy config for pgadmin:
nginx ingress (tls termination) -> nginx -> pgadmin
The config of my reverse proxy is:
upstream http_backend {
server localhost:8080;
keepalive 16;
}
server {
listen 5050;
server_name _;
location / {
proxy_set_header X-Scheme https;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Original-Forwarded-For "";
proxy_set_header Host $host;
proxy_pass http://http_backend/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
It works, all the Location headers are good, the problem is that the returned Cookies are not valid. If I curl the root of the server, and then save the returned cookie and use it again on a subsequent request, a new cookie is issued instead of keepking the previous one (so I guess the server doesn't like it).
The outcome is that in a browser there's an infinite loop of redirects, trying to get a good cookie with no success.
I've been looking this thread: https://www.postgresql.org/message-id/flat/5d14f954.1c69fb81.e188f.9c5b%40mx.google.com but the config used by them is already in my config, my redirects are good, but the cookies still are bad.
I was thinking: what can make a pgadmin server discard a cooke?
Thanks.
Hi,
If you are using latest version then could you please try setting ENHANCED_COOKIE_PROTECTION = False in your config_local.py file?
We have recently added this config parameter for similar kind of issue.
--
Regards,
On Wed, Sep 4, 2019 at 4:33 PM Albert Serrallé <albert.serralle@adevinta.com> wrote:
Hello,I've been trying to setup a pgadmin on Kubernetes behind an nginx ingress that handles the TLS termination. I cannot modify the configuration of that ingress, so I've deployed an additional nginx to handle the reverse proxy config for pgadmin:nginx ingress (tls termination) -> nginx -> pgadminThe config of my reverse proxy is:upstream http_backend {server localhost:8080;keepalive 16;}server {listen 5050;server_name _;location / {proxy_set_header X-Scheme https;proxy_set_header X-Forwarded-Proto https;proxy_set_header X-Forwarded-Port 443;proxy_set_header X-Original-Forwarded-For "";proxy_set_header Host $host;proxy_pass http://http_backend/;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Connection "";}}It works, all the Location headers are good, the problem is that the returned Cookies are not valid. If I curl the root of the server, and then save the returned cookie and use it again on a subsequent request, a new cookie is issued instead of keepking the previous one (so I guess the server doesn't like it).The outcome is that in a browser there's an infinite loop of redirects, trying to get a good cookie with no success.I've been looking this thread: https://www.postgresql.org/message-id/flat/5d14f954.1c69fb81.e188f.9c5b%40mx.google.com but the config used by them is already in my config, my redirects are good, but the cookies still are bad.I was thinking: what can make a pgadmin server discard a cooke?Thanks.
It works like a charm :) Thanks a lot for the fast reply, you saved my day!
On Wed, 4 Sep 2019 at 13:29, Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com> wrote:
Hi,If you are using latest version then could you please try setting ENHANCED_COOKIE_PROTECTION = False in your config_local.py file?We have recently added this config parameter for similar kind of issue.--Regards,On Wed, Sep 4, 2019 at 4:33 PM Albert Serrallé <albert.serralle@adevinta.com> wrote:Hello,I've been trying to setup a pgadmin on Kubernetes behind an nginx ingress that handles the TLS termination. I cannot modify the configuration of that ingress, so I've deployed an additional nginx to handle the reverse proxy config for pgadmin:nginx ingress (tls termination) -> nginx -> pgadminThe config of my reverse proxy is:upstream http_backend {server localhost:8080;keepalive 16;}server {listen 5050;server_name _;location / {proxy_set_header X-Scheme https;proxy_set_header X-Forwarded-Proto https;proxy_set_header X-Forwarded-Port 443;proxy_set_header X-Original-Forwarded-For "";proxy_set_header Host $host;proxy_pass http://http_backend/;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Connection "";}}It works, all the Location headers are good, the problem is that the returned Cookies are not valid. If I curl the root of the server, and then save the returned cookie and use it again on a subsequent request, a new cookie is issued instead of keepking the previous one (so I guess the server doesn't like it).The outcome is that in a browser there's an infinite loop of redirects, trying to get a good cookie with no success.I've been looking this thread: https://www.postgresql.org/message-id/flat/5d14f954.1c69fb81.e188f.9c5b%40mx.google.com but the config used by them is already in my config, my redirects are good, but the cookies still are bad.I was thinking: what can make a pgadmin server discard a cooke?Thanks.