Enable HTTPS on pgAdmin in Server Mode
Hi I am working on deployment of pgAdmin 4 as part of a postgreSQL package in our enterprise environment. I have currently installed pgAdmin in server mode on a Windows Server, but running into problems configuring OAUTH2 authentication. I have enabled Azure AD/Entra ID authentication based on the following guide by Asmita How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal | Medium<https://medium.com/@asmita.thapliyal/how-to-configure-oauth-2-0-with-azure-ad-in-pgadmin4-2c1500d52d9d> But redirect URI in Azure app registration requires a HTTPS link and I have not found a way to specify a server certificate (currently selfsigned for testing purposes). I have not been able to find anything on config file and only references I have found online involves NGINX or similar, but I would prefer not introducing further complications if possible. Know of any way to natively enabling HTTPS connection to pgAdmin? Morten Bonnerup Rasmussen TECH Reliability Services / Specialist BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK [cid:36db829f-2335-444d-b681-53cfd5158df6]
Re: Enable HTTPS on pgAdmin in Server Mode
Thanks for the reply, Yogesh
But you need to run a separate webserver like Apache to configure this?
When I set 'SERVER_MODE = True' in pgAdmin config, I am able to access pgAdmin
from a browser by :
So I asumed that it was running an embedded webserver and was hoping to
configure SSL settings directly in pgAdmin instead of having to add further
complexity (webserver, reverse proxy etc).
But that is not possible?
Morten Bonnerup Rasmussen
TECH Reliability Services / Specialist
BESTSELLER A/S
FREDSKOVVEJ 1, 7330 BRANDE
DENMARK
From: Yogesh Mahajan
Sent: Monday, January 1, 2024 05:39
To: Morten Bonnerup Rasmussen
Cc: pgadmin-support@lists.postgresql.org
Subject: Re: Enable HTTPS on pgAdmin in Server Mode
You don't often get email from yogesh.maha...@enterprisedb.com. Learn why this
is important<https://aka.ms/LearnAboutSenderIdentification>
CAUTION: This email comes from outside BESTSELLER.
Hi Morten,
You need to adjust settings with your webserver configuration to setup SSL
enabled pgadmin. Here is configuration for apache webserver with SSL.
WSGIDaemonProcess pgadmin processes=1 threads=25 python-home=/usr/pgadmin4/venv
WSGIScriptAlias / /usr/pgadmin4/web/pgAdmin4.wsgi
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
Require all granted
ServerName pgadmin.yourdomain.com<http://pgadmin.yourdomain.com/>
SSLEngine on
SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
SSLCertificateKeyFile /etc/apache2/certificate/apache.key
You can mention the redirect url
<https://pgadmin.yourdomain.com<http://pgadmin.yourdomain.com/>> for
configuration above.
Thanks,
Yogesh Mahajan
EnterpriseDB
On Mon, Dec 18, 2023 at 5:43 PM Morten Bonnerup Rasmussen
mailto:morten.rasmus...@bestseller.com>> wrote:
Hi
I am working on deployment of pgAdmin 4 as part of a postgreSQL package in our
enterprise environment.
I have currently installed pgAdmin in server mode on a Windows Server, but
running into problems configuring OAUTH2 authentication. I have enabled Azure
AD/Entra ID authentication based on the following guide by Asmita
How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal |
Medium<https://medium.com/@asmita.thapliyal/how-to-configure-oauth-2-0-with-azure-ad-in-pgadmin4-2c1500d52d9d>
But redirect URI in Azure app registration requires a HTTPS link and I have not
found a way to specify a server certificate (currently selfsigned for testing
purposes).
I have not been able to find anything on config file and only references I have
found online involves NGINX or similar, but I would prefer not introducing
further complications if possible.
Know of any way to natively enabling HTTPS connection to pgAdmin?
Morten Bonnerup Rasmussen
TECH Reliability Services / Specialist
BESTSELLER A/S
FREDSKOVVEJ 1, 7330 BRANDE
DENMARK
[cid:ii_18cc34d08fad45bf8291]
Re: Enable HTTPS on pgAdmin in Server Mode
Thanks for the input, Yogesh.
That may be helpful if/when we migrate to a full Linux environment.
But for now, I am working on a Windows installation, and I have not been able
to find the anything matching this.
Does the web server work differently on Windows?
Morten Bonnerup Rasmussen
TECH Reliability Services / Specialist
P
+4599423174
M
+4530853174
E
morten.rasmus...@bestseller.com<mailto:morten.rasmus...@bestseller.com>
W
BESTSELLER.COM<http://bestseller.com/>
BESTSELLER A/S
FREDSKOVVEJ 1, 7330 BRANDE
DENMARK
[cid:38ce8984-dd7a-4824-beda-b23a4c3c9b75]
From: Yogesh Mahajan
Sent: Friday, January 5, 2024 17:14
To: Morten Bonnerup Rasmussen
Cc: pgadmin-support@lists.postgresql.org
Subject: Re: Enable HTTPS on pgAdmin in Server Mode
You don't often get email from yogesh.maha...@enterprisedb.com. Learn why this
is important<https://aka.ms/LearnAboutSenderIdentification>
CAUTION: This email comes from outside BESTSELLER.
Hi Morten,
When pgadmin is installed in server mode, it installs and configures apache2
web server.
File location used by apache is - /etc/apache2/sites-available/pgadmin4.conf
which by default configures non-ssl web server settings.
You need to edit this file to add valid ssl certificates path and other couple
of parameters as shown above.
Thanks,
Yogesh Mahajan
EnterpriseDB
On Wed, Jan 3, 2024 at 6:07 PM Morten Bonnerup Rasmussen
mailto:morten.rasmus...@bestseller.com>> wrote:
Thanks for the reply, Yogesh
But you need to run a separate webserver like Apache to configure this?
When I set 'SERVER_MODE = True' in pgAdmin config, I am able to access pgAdmin
from a browser by :
So I asumed that it was running an embedded webserver and was hoping to
configure SSL settings directly in pgAdmin instead of having to add further
complexity (webserver, reverse proxy etc).
But that is not possible?
Morten Bonnerup Rasmussen
TECH Reliability Services / Specialist
BESTSELLER A/S
FREDSKOVVEJ 1, 7330 BRANDE
DENMARK
From: Yogesh Mahajan
mailto:yogesh.maha...@enterprisedb.com>>
Sent: Monday, January 1, 2024 05:39
To: Morten Bonnerup Rasmussen
mailto:morten.rasmus...@bestseller.com>>
Cc:
pgadmin-support@lists.postgresql.org<mailto:pgadmin-support@lists.postgresql.org>
mailto:pgadmin-support@lists.postgresql.org>>
Subject: Re: Enable HTTPS on pgAdmin in Server Mode
You don't often get email from
yogesh.maha...@enterprisedb.com<mailto:yogesh.maha...@enterprisedb.com>. Learn
why this is important<https://aka.ms/LearnAboutSenderIdentification>
CAUTION: This email comes from outside BESTSELLER.
Hi Morten,
You need to adjust settings with your webserver configuration to setup SSL
enabled pgadmin. Here is configuration for apache webserver with SSL.
WSGIDaemonProcess pgadmin processes=1 threads=25 python-home=/usr/pgadmin4/venv
WSGIScriptAlias / /usr/pgadmin4/web/pgAdmin4.wsgi
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
Require all granted
ServerName pgadmin.yourdomain.com<http://pgadmin.yourdomain.com/>
SSLEngine on
SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
SSLCertificateKeyFile /etc/apache2/certificate/apache.key
You can mention the redirect url
<https://pgadmin.yourdomain.com<http://pgadmin.yourdomain.com/>> for
configuration above.
Thanks,
Yogesh Mahajan
EnterpriseDB
On Mon, Dec 18, 2023 at 5:43 PM Morten Bonnerup Rasmussen
mailto:morten.rasmus...@bestseller.com>> wrote:
Hi
I am working on deployment of pgAdmin 4 as part of a postgreSQL package in our
enterprise environment.
I have currently installed pgAdmin in server mode on a Windows Server, but
running into problems configuring OAUTH2 authentication. I have enabled Azure
AD/Entra ID authentication based on the following guide by Asmita
How to Configure OAuth 2.0 with Azure AD in pgAdmin4 | by Asmita Thapliyal |
Medium<https://medium.com/@asmita.thapliyal/how-to-configure-oauth-2-0-with-azure-ad-in-pgadmin4-2c1500d52d9d>
But redirect URI in Azure app registration requires a HTTPS link and I have not
found a way to specify a server certificate (currently selfsigned for testing
purposes).
I have not been able to find anything on config file and only references I have
found online involves NGINX or similar, but I would prefer not introducing
further complications if possible.
Know of any way to natively enabling HTTPS connection to pgAdmin?
Morten Bonnerup Rasmussen
TECH Reliability Services / Specialist
BESTSELLER A/S
FREDSKOVVEJ 1, 7330 BRANDE
DENMARK
[cid:ii_18cda63ff71d45bf8291]
pgAdmin in Kubernetes vs master password
Hi We are working on offering pgAdmin as a centrally managed tool to our developers. It is deployed in Kubernetes, based on this guide, with OAUTH2 enabled (Entra ID): Deploying pgAdmin on Kubernetes | EDB (enterprisedb.com)<https://www.enterprisedb.com/blog/how-deploy-pgadmin-kubernetes> But when the service is restarted, we get the master password prompt. I get this and can provide it. But if one of our developers is the first one to connect and they are prompted, this becomes problematic. They have no idea what the master password is. What is the best way to manage this challenge? We could disable usage of master password, but it looks like this would reduce security. Is it not possible to save it as a secret and provide as a parameter during startup, similar to the default pgadmin user/password? MORTEN BONNERUP RASMUSSEN TECH RELIABILITY SERVICES / SPECIALIST P +4599423174 M +4530853174 E morten.rasmus...@bestseller.com<mailto:morten.rasmus...@bestseller.com> W BESTSELLER.COM<http://bestseller.com> BESTSELLER A/S FREDSKOVVEJ 1, 7330 BRANDE DENMARK [cid:eefe2496-3470-4a4d-867c-cf56bae1f259]
