Thread: Enable HTTPS on pgAdmin in Server Mode

Hi

I am working on deployment of pgAdmin 4 as part of a postgreSQL package in our enterprise environment.

I have currently installed pgAdmin in server mode on a Windows Server, but running into problems configuring OAUTH2 authentication. I have enabled Azure AD/Entra ID authentication based on the following guide by Asmita

How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal | Medium

But redirect URI in Azure app registration requires a HTTPS link and I have not found a way to specify a server certificate (currently selfsigned for testing purposes).

I have not been able to find anything on config file and only references I have found online involves NGINX or similar, but I would prefer not introducing further complications if possible.

Know of any way to natively enabling HTTPS connection to pgAdmin?

Morten Bonnerup Rasmussen TECH Reliability Services   /   Specialist BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK

Thanks for the reply, Yogesh

But you need to run a separate webserver like Apache to configure this?

When I set 'SERVER_MODE = True' in pgAdmin config, I am able to access pgAdmin from a browser by <hostname>:<port>

So I asumed that it was running an embedded webserver and was hoping to configure SSL settings directly in pgAdmin instead of having to add further complexity (webserver, reverse proxy etc).

But that is not possible?

Morten Bonnerup Rasmussen TECH Reliability Services   /   Specialist BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK

---

From: Yogesh Mahajan <yogesh.mahajan@enterprisedb.com>
Sent: Monday, January 1, 2024 05:39
To: Morten Bonnerup Rasmussen <morten.rasmussen@bestseller.com>
Cc: pgadmin-support@lists.postgresql.org <pgadmin-support@lists.postgresql.org>
Subject: Re: Enable HTTPS on pgAdmin in Server Mode

 

You don't often get email from yogesh.mahajan@enterprisedb.com. Learn why this is important

CAUTION: This email comes from outside BESTSELLER.

Hi Morten,

You need to adjust settings with your webserver configuration to setup SSL enabled pgadmin. Here is configuration for apache webserver with SSL. 

<VirtualHost *:443>

WSGIDaemonProcess pgadmin processes=1 threads=25 python-home=/usr/pgadmin4/venv

WSGIScriptAlias / /usr/pgadmin4/web/pgAdmin4.wsgi

<Directory /usr/pgadmin4/web/>

WSGIProcessGroup pgadmin

WSGIApplicationGroup %{GLOBAL}

Require all granted

</Directory>

ServerName pgadmin.yourdomain.com

SSLEngine on

SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt

SSLCertificateKeyFile /etc/apache2/certificate/apache.key

</VirtualHost>

You can mention the redirect url <https://pgadmin.yourdomain.com> for configuration above.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Mon, Dec 18, 2023 at 5:43 PM Morten Bonnerup Rasmussen <morten.rasmussen@bestseller.com> wrote:

Hi

I am working on deployment of pgAdmin 4 as part of a postgreSQL package in our enterprise environment.

I have currently installed pgAdmin in server mode on a Windows Server, but running into problems configuring OAUTH2 authentication. I have enabled Azure AD/Entra ID authentication based on the following guide by Asmita

How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal | Medium

But redirect URI in Azure app registration requires a HTTPS link and I have not found a way to specify a server certificate (currently selfsigned for testing purposes).

I have not been able to find anything on config file and only references I have found online involves NGINX or similar, but I would prefer not introducing further complications if possible.

Know of any way to natively enabling HTTPS connection to pgAdmin?

Morten Bonnerup Rasmussen TECH Reliability Services   /   Specialist BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK

Thanks for the input, Yogesh.

That may be helpful if/when we migrate to a full Linux environment.

But for now, I am working on a Windows installation, and I have not been able to find the anything matching this.

Does the web server work differently on Windows?

Morten Bonnerup Rasmussen TECH Reliability Services   /   Specialist P +4599423174 M +4530853174 E morten.rasmussen@bestseller.com W BESTSELLER.COM BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK

---

From: Yogesh Mahajan <yogesh.mahajan@enterprisedb.com>
Sent: Friday, January 5, 2024 17:14
To: Morten Bonnerup Rasmussen <morten.rasmussen@bestseller.com>
Cc: pgadmin-support@lists.postgresql.org <pgadmin-support@lists.postgresql.org>
Subject: Re: Enable HTTPS on pgAdmin in Server Mode

 

You don't often get email from yogesh.mahajan@enterprisedb.com. Learn why this is important

CAUTION: This email comes from outside BESTSELLER.

Hi Morten,

When pgadmin is installed in server mode, it installs and configures apache2 web server.

File location used by apache is - /etc/apache2/sites-available/pgadmin4.conf which by default configures non-ssl web server settings.

You need to edit this file to add valid ssl certificates path and other couple of parameters as shown above.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Wed, Jan 3, 2024 at 6:07 PM Morten Bonnerup Rasmussen <morten.rasmussen@bestseller.com> wrote:

Thanks for the reply, Yogesh

But you need to run a separate webserver like Apache to configure this?

When I set 'SERVER_MODE = True' in pgAdmin config, I am able to access pgAdmin from a browser by <hostname>:<port>

So I asumed that it was running an embedded webserver and was hoping to configure SSL settings directly in pgAdmin instead of having to add further complexity (webserver, reverse proxy etc).

But that is not possible?

Morten Bonnerup Rasmussen TECH Reliability Services   /   Specialist BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK

---

From: Yogesh Mahajan <yogesh.mahajan@enterprisedb.com>
Sent: Monday, January 1, 2024 05:39
To: Morten Bonnerup Rasmussen <morten.rasmussen@bestseller.com>
Cc: pgadmin-support@lists.postgresql.org <pgadmin-support@lists.postgresql.org>
Subject: Re: Enable HTTPS on pgAdmin in Server Mode

 

You don't often get email from yogesh.mahajan@enterprisedb.com. Learn why this is important

CAUTION: This email comes from outside BESTSELLER.

Hi Morten,

You need to adjust settings with your webserver configuration to setup SSL enabled pgadmin. Here is configuration for apache webserver with SSL. 

<VirtualHost *:443>

WSGIDaemonProcess pgadmin processes=1 threads=25 python-home=/usr/pgadmin4/venv

WSGIScriptAlias / /usr/pgadmin4/web/pgAdmin4.wsgi

<Directory /usr/pgadmin4/web/>

WSGIProcessGroup pgadmin

WSGIApplicationGroup %{GLOBAL}

Require all granted

</Directory>

ServerName pgadmin.yourdomain.com

SSLEngine on

SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt

SSLCertificateKeyFile /etc/apache2/certificate/apache.key

</VirtualHost>

You can mention the redirect url <https://pgadmin.yourdomain.com> for configuration above.

Thanks,

Yogesh Mahajan

EnterpriseDB

On Mon, Dec 18, 2023 at 5:43 PM Morten Bonnerup Rasmussen <morten.rasmussen@bestseller.com> wrote:

Hi

I am working on deployment of pgAdmin 4 as part of a postgreSQL package in our enterprise environment.

I have currently installed pgAdmin in server mode on a Windows Server, but running into problems configuring OAUTH2 authentication. I have enabled Azure AD/Entra ID authentication based on the following guide by Asmita

How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal | Medium

But redirect URI in Azure app registration requires a HTTPS link and I have not found a way to specify a server certificate (currently selfsigned for testing purposes).

I have not been able to find anything on config file and only references I have found online involves NGINX or similar, but I would prefer not introducing further complications if possible.

Know of any way to natively enabling HTTPS connection to pgAdmin?

Morten Bonnerup Rasmussen TECH Reliability Services   /   Specialist BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK