Setting Up pgAdmin4 Web-Based with Nginx Reverse Proxy
After I migrated from Microsoft SQL Server to PostgreSQL, I faced a problem: how to manage my databases without having to SSH to the server all the time and prevent the database engine from being publicly accessible.
pgAdmin4 is a powerful desktop and web-based administration tool for PostgreSQL databases. In this guide, we'll walk through setting up pgAdmin4 in web mode inside a Docker container with Nginx as a reverse proxy.
Prerequisites
Before we begin, ensure you have:
Step 1: Setting up Docker-Compose.yml file
version: '3.8'
services:
pgadmin:
image: dpage/pgadmin4:latest
container_name: pgadmin4
restart: unless-stopped
environment:
PGADMIN_DEFAULT_EMAIL: admin@yourdomain.com
PGADMIN_DEFAULT_PASSWORD: YourSecurePassword123
PGADMIN_LISTEN_PORT: 80
PGADMIN_CONFIG_SERVER_MODE: 'True'
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
ports:
- "5050:80"
volumes:
- ./pgadmin-data:/var/lib/pgadmin
restart: unless-stopped
networks:
- pgadmin-network
networks:
pgadmin-network:
driver: bridge
Step 2: Run the pgAdmin container
sudo docker compose up -d
Step 3: Configure Nginx as a Reverse Proxy
Create a new Nginx configuration file for pgAdmin4:
sudo nano /etc/nginx/sites-available/pgadmin4
Add the following configuration:
upstream pgadmin {
server 127.0.0.1:5050;
}
server {
listen 80;
server_name pgadmin.yourdomain.com localhost;
# Logging
access_log /var/log/nginx/pgadmin4-access.log;
error_log /var/log/nginx/pgadmin4-error.log;
# Increase buffer sizes for large queries
client_max_body_size 50M;
location / {
proxy_pass http://pgadmin;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /;
# Buffering
proxy_buffering off;
proxy_request_buffering off;
}
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
}
Step 4: Enable the Nginx Configuration
# Create symbolic link to enable the site
sudo ln -s /etc/nginx/sites-available/pgadmin4 /etc/nginx/sites-enabled/
# Test Nginx configuration
sudo nginx -t
# Reload Nginx
sudo systemctl reload nginx
Step 5: Obtain SSL Certificate (Recommended)
For production environments, use Let's Encrypt for free SSL certificates:
# Install Certbot
sudo apt install certbot python3-certbot-nginx
# Obtain and install certificate
sudo certbot --nginx -d pgadmin.yourdomain.com
# Certbot will automatically configure SSL in your Nginx config
Verification
Visit your pgAdmin4 instance:
Log in with the admin credentials you wrote in the Docker Compose file.
Troubleshooting
502 Bad Gateway
Security Considerations
location / {
allow 192.168.1.0/24; # Your office network
deny all;
proxy_pass http://127.0.0.1:5050;
# ... rest of proxy settings
}
Conclusion
You now have pgAdmin4 running as a web application behind an Nginx reverse proxy. This setup provides a secure, scalable way to manage your PostgreSQL databases through a web interface. The reverse proxy adds an extra layer of security and allows you to easily implement SSL/TLS encryption, load balancing, and access controls.