[GH-ISSUE #59] Login does not complete behind a reverse proxy #41

New issue

Closed

opened 2026-02-26 10:35:44 +03:00 by kerem · 6 comments

kerem commented 2026-02-26 10:35:44 +03:00

Owner

Copy link

Originally created by @pirogoeth on GitHub (Jul 1, 2016).
Original GitHub issue: https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/59

Originally assigned to: @ivanfilippov on GitHub.

For example, my BIND_ADDRESS is 10.0.0.1, and I've got a reverse proxy serving it. When login happens and the user is redirected, for some reason, it redirects to 10.0.0.1:9393. Is there a way to override this behaviour?

Originally created by @pirogoeth on GitHub (Jul 1, 2016). Original GitHub issue: https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/59 Originally assigned to: @ivanfilippov on GitHub. For example, my BIND_ADDRESS is `10.0.0.1`, and I've got a reverse proxy serving it. When login happens and the user is redirected, for some reason, it redirects to `10.0.0.1:9393`. Is there a way to override this behaviour?

kerem 2026-02-26 10:35:44 +03:00

• closed this issue
• added the
  mod / help-wanted
  label

kerem commented 2026-02-26 10:35:45 +03:00

Author

Owner

Copy link

@ivanfilippov commented on GitHub (Jul 1, 2016):

Hi @pirogoeth

My primary environment is behind an nginx proxy and it seems to work for me, can you share a little bit more about your setup?

<!-- gh-comment-id:230058460 --> @ivanfilippov commented on GitHub (Jul 1, 2016): Hi @pirogoeth My primary environment is behind an nginx proxy and it seems to work for me, can you share a little bit more about your setup?

kerem commented 2026-02-26 10:35:45 +03:00

Author

Owner

Copy link

@ngoduykhanh commented on GitHub (Jul 2, 2016):

I works fine for me with setup of PowerDNS-Admin+Nginx (as reverse proxy). From my experience, this might caused by the nginx config, can you share your setting?

<!-- gh-comment-id:230082230 --> @ngoduykhanh commented on GitHub (Jul 2, 2016): I works fine for me with setup of PowerDNS-Admin+Nginx (as reverse proxy). From my experience, this might caused by the nginx config, can you share your setting?

kerem commented 2026-02-26 10:35:45 +03:00

Author

Owner

Copy link

@pirogoeth commented on GitHub (Jul 5, 2016):

Sorry for the delay -- here's my nginx config:

server {
    listen 80;
    listen [::]:80;

    server_name dns.maio.me;
    root /var/www/dns.maio.me;

    include letsencrypt_loc;

    return 301 https://$server_name$request_uri;
}

server {
    listen       443 ssl;
    listen       [::]:443 ssl;

    server_name  dns.maio.me;
    root /var/www/dns.maio.me;

    ssl_certificate      /etc/letsencrypt/live/dns.maio.me/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/dns.maio.me/privkey.pem;

    include letsencrypt_loc;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://10.0.0.1:9393/;
    }
}

And here's my config.py for powerdns-admin:

import os
basedir = os.path.abspath(os.path.dirname(__file__))

# BASIC APP CONFIG
WTF_CSRF_ENABLED = True
SECRET_KEY = 'nah'
BIND_ADDRESS = '127.0.0.1'
PORT = 9393
LOGIN_TITLE = "nsctl"

# TIMEOUT - for large zones
TIMEOUT = 10

# LOG CONFIG·
LOG_LEVEL = 'DEBUG'
LOG_FILE = '/var/log/pdns-admin.log'

# Upload
UPLOAD_DIR = os.path.join(basedir, 'upload')

# DATABASE CONFIG
SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:hahnope@x.x.x.x/powerdnsadmin'
SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
SQLALCHEMY_TRACK_MODIFICATIONS = True

# LDAP CONFIG
LDAP_TYPE = 'ldap' # use 'ad' for MS Active Directory
LDAP_URI = 'ldaps://your-ldap-server:636'
LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
LDAP_PASSWORD = 'dnsuser'
LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
# Additional options only if LDAP_TYPE=ldap
LDAP_USERNAMEFIELD = 'uid'
LDAP_FILTER = '(objectClass=inetorgperson)'

#Default Auth
BASIC_ENABLED = True
SIGNUP_ENABLED = False

# POWERDNS CONFIG
PDNS_STATS_URL = 'http://10.0.0.2:8081/'
PDNS_API_KEY = 'lolno'
PDNS_VERSION = '3.4.7'

# RECORDS ALLOWED TO EDIT
RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CNAME', 'SPF', 'PTR', 'MX', 'TXT']

<!-- gh-comment-id:230510446 --> @pirogoeth commented on GitHub (Jul 5, 2016): Sorry for the delay -- here's my nginx config: ``` server { listen 80; listen [::]:80; server_name dns.maio.me; root /var/www/dns.maio.me; include letsencrypt_loc; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name dns.maio.me; root /var/www/dns.maio.me; ssl_certificate /etc/letsencrypt/live/dns.maio.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dns.maio.me/privkey.pem; include letsencrypt_loc; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://10.0.0.1:9393/; } } ``` And here's my config.py for powerdns-admin: ``` import os basedir = os.path.abspath(os.path.dirname(__file__)) # BASIC APP CONFIG WTF_CSRF_ENABLED = True SECRET_KEY = 'nah' BIND_ADDRESS = '127.0.0.1' PORT = 9393 LOGIN_TITLE = "nsctl" # TIMEOUT - for large zones TIMEOUT = 10 # LOG CONFIG· LOG_LEVEL = 'DEBUG' LOG_FILE = '/var/log/pdns-admin.log' # Upload UPLOAD_DIR = os.path.join(basedir, 'upload') # DATABASE CONFIG SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin:hahnope@x.x.x.x/powerdnsadmin' SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository') SQLALCHEMY_TRACK_MODIFICATIONS = True # LDAP CONFIG LDAP_TYPE = 'ldap' # use 'ad' for MS Active Directory LDAP_URI = 'ldaps://your-ldap-server:636' LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me' LDAP_PASSWORD = 'dnsuser' LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me' # Additional options only if LDAP_TYPE=ldap LDAP_USERNAMEFIELD = 'uid' LDAP_FILTER = '(objectClass=inetorgperson)' #Default Auth BASIC_ENABLED = True SIGNUP_ENABLED = False # POWERDNS CONFIG PDNS_STATS_URL = 'http://10.0.0.2:8081/' PDNS_API_KEY = 'lolno' PDNS_VERSION = '3.4.7' # RECORDS ALLOWED TO EDIT RECORDS_ALLOW_EDIT = ['A', 'AAAA', 'CNAME', 'SPF', 'PTR', 'MX', 'TXT'] ```

kerem commented 2026-02-26 10:35:45 +03:00

Author

Owner

Copy link

@ivanfilippov commented on GitHub (Jul 13, 2016):

@pirogoeth

Sorry for delay. I've replicated your issue, to fix it add the below line to your location / block.

proxy_set_header Host $host;

<!-- gh-comment-id:232253838 --> @ivanfilippov commented on GitHub (Jul 13, 2016): @pirogoeth Sorry for delay. I've replicated your issue, to fix it add the below line to your `location /` block. `proxy_set_header Host $host;`

kerem commented 2026-02-26 10:35:45 +03:00

Author

Owner

Copy link

@pirogoeth commented on GitHub (Jul 13, 2016):

@ivanfilippov Not sure how I missed that / including proxy_params. Fixed, thanks!

<!-- gh-comment-id:232387233 --> @pirogoeth commented on GitHub (Jul 13, 2016): @ivanfilippov Not sure how I missed that / including proxy_params. Fixed, thanks!

kerem commented 2026-02-26 10:35:45 +03:00

Author

Owner

Copy link

@davekempe commented on GitHub (Sep 15, 2022):

For the benefit of others, I had this problem, and it turned out the time was wrong on the pdns-admin server (running flask). The haproxy in front of it meant the session didn't work, I got a 403 immediately.
So, if you get this error, check all the servers have the right time!

<!-- gh-comment-id:1247488397 --> @davekempe commented on GitHub (Sep 15, 2022): For the benefit of others, I had this problem, and it turned out the time was wrong on the pdns-admin server (running flask). The haproxy in front of it meant the session didn't work, I got a 403 immediately. So, if you get this error, check all the servers have the right time!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

qodana-automation-1514032984

qodana-branch-20251208-1740

dependabot/pip/werkzeug-3.1.4

dependabot/pip/python-ldap-3.4.5

dependabot/pip/authlib-1.6.5

dependabot/pip/dev/authlib-1.6.5

dependabot/npm_and_yarn/dev/bootstrap-datepicker-1.10.1

dependabot/npm_and_yarn/sweetalert2-11.22.4

dependabot/pip/dev/configobj-5.0.9

dependabot/pip/dev/zxcvbn-4.5.0

dependabot/pip/dev/zipp-3.23.0

dependabot/pip/dev/sqlalchemy-1.4.54

dependabot/pip/requests-2.32.4

dependabot/pip/setuptools-78.1.1

v0.4.3

add-sentry-support

qodana-automation-1161410675

qodana-automation-1769639544

dev

1536-application-settings-editor-overhaul

1601_refactor_domain_routes

v0.5.0-dev

v0.4.1

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2

v0.1

Labels

Clear labels   

bug / broken-feature

  

bug / broken-feature

  

docs / request

  

feature / request

  

help / other

  

mod / help-wanted

No labels

bug / broken-feature

bug / broken-feature

docs / request

feature / request

help / other

mod / help-wanted

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/PowerDNS-Admin-PowerDNS-Admin#41

No description provided.