Closed Garbee closed 9 years ago
Hi. You could use nginx as a proxy in front of pgweb, configuration in this case would super simple if you already have your ssl certificate. The reason why ssl is not supported out of the box is because of the same lack of ssl support in gin web framework used by pgweb.
ah, nginx proxy! I was looking for some way to handle it with my current stack, forgot it does proxying. Thanks for the recommendation.
This issue may help others too searching at least. Will close up since that handles what I need.
For anyone else wanting this, I setup an nginx site with this config:
server {
listen [::]443 ssl spdy;
listen 443 ssl spdy;
servername sub.site.com;
include h5bp/directive-only/ssl.conf; # From the H5BP Nginx Server Configs, very handy stuff.
location / {
proxy_pass http://localhost:9999; # set port/domain to whatever you run pgweb bound to.
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr; # Not even sure if these last two are needed, just pulled from the nginx wiki example.
}
}
Boom, nginx proxying to pgweb just fine with full SSL!
Thanks! I will add that to wiki
Any idea how to do it using apache2?
@kurotsukikaitou Just search for Apache reverse proxy instructions. That's all my nginx config is doing.
@kurotsukikaitou also keep in mind that running pgweb on your production servers is not recommended for security reasons.
Well.. I planning just running it only when I need to access it. Otherwise, I'll kill the process.
There are a couple of options to consider if you need to connect to your production database:
Protect it with a password (htaccess) and it should be fine unless it gets brute forced. Otherwise I don't see any other potential hole from it in this context as to any other part of your server getting attacked.
I would love to leave pgweb running for quick access any-time I need it. However, I don't see a way to secure the connection to the web interface using HTTPS. In my case I have a wildcard cert that will work perfect if I could just tell pgweb to use it somehow.
Is there any current way to secure the connection to pgweb with HTTPS?
Any possibility of this being added in the future?