nginx configure pgadmin in location

Question

Help me please to write config. It works, but when i go to location http://my.server.ru/pgadmin/ , it redirects to / to login, and there is no location name in /.

server {
    listen      80;
    server_name my.server.ru;
    error_log  /home/user/error.log error;
    location / {
        include         uwsgi_params;
        uwsgi_pass      unix:/run/uwsgi/django_app.sock;
    }
    location /pgadmin {

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_pass http://127.0.0.1:5050/;
        proxy_redirect http://127.0.0.1:5050 http://$host/pgadmin/;

        }

    location /static/ {
         root    /home/user/django_app;
     expires 365d;
    }
    location /media/ {
        root /home/user/django_app;
     expires 365d;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}


}

I don't understand what to do with it. Where must be rewrite?

UPD: output of curl

*   Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to my.server.ru (xx.xx.xx.xx) port 80 (#0)
> GET /pgadmin/ HTTP/1.1
> Host: my.server.ru
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Content-length: 0
< Location: https://my.server.ru/pgadmin/
<
* Curl_http_done: called premature == 0
* Connection #0 to host my.server.ru left intact
* Issue another request to this URL: 'https://my.server.ru/pgadmin/'
*   Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to my.server.ru (xx.xx.xx.xx) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=xxxxxx
*  start date: Jul 31 11:42:00 2017 GMT
*  expire date: Oct 29 11:42:00 2017 GMT
*  subjectAltName: host "my.server.ru" matched cert's "my.server.ru"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /pgadmin/ HTTP/1.1
> Host: my.server.ru
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 302 FOUND
< Server: nginx/1.10.3 (Ubuntu)
< Date: Wed, 30 Aug 2017 12:51:49 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 236
< Location: http://my.server.ru/login?next=%2F
< Set-Cookie: pga4_session="c8e21d09-5d31-42e3-a4d5-a3ed87873a69!6KcWbhziK2zypWCzKTRyFLUdszI="; Expires=Thu, 31-Aug-2017 15:51:49 GMT; HttpOnly; Path=/
<
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #1 to host my.server.ru left intact
* Issue another request to this URL: 'http://my.server.ru/login?next=%2F'
* Found bundle for host my.server.ru: 0x55568d6af270 [can pipeline]
* Re-using existing connection! (#0) with host my.server.ru
* Connected to my.server.ru (xx.xx.xx.xx) port 80 (#0)
> GET /login?next=%2F HTTP/1.1
> Host: my.server.ru
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Content-length: 0
< Location: https://my.server.ru/login?next=%2F
<
* Curl_http_done: called premature == 0
* Connection #0 to host my.server.ru left intact
* Issue another request to this URL: 'https://my.server.ru/login?next=%2F'
* Found bundle for host my.server.ru: 0x55568d6affb0 [can pipeline]
* Re-using existing connection! (#1) with host my.server.ru
* Connected to my.server.ru (xx.xx.xx.xx) port 443 (#1)
> GET /login?next=%2F HTTP/1.1
> Host: my.server.ru
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: nginx/1.10.3 (Ubuntu)
< Date: Wed, 30 Aug 2017 12:51:49 GMT
< Content-Type: text/html
< Content-Length: 79
< X-Frame-Options: SAMEORIGIN
<
* Curl_http_done: called premature == 0
* Connection #1 to host my.server.ru left intact

Not Found

The requested URL /login was not found on this server.

We see redirect here to /

Answer 1

I found another good way - run thrue ssh tunnel. Hope it'll helps someone.

Answer 2

Use below Nginx config to create a reverse proxy for PGAdmin

vi /etc/nginx/nginx.conf

location /service/pg/ {
    rewrite ^(.+)/service/pg/(.*)$ $1/$2;
    proxy_read_timeout 300;
    proxy_pass http://localhost:7003/; 
    proxy_redirect http://localhost:7003/ https://$host/service/pg/;
    proxy_set_header Accept-Encoding "";
    sub_filter "/service/pg" "";
    sub_filter '"/static/' '"/service/pg/static/';
    sub_filter "'/static/" "'/service/pg/static/";
    sub_filter '="/login' '="/service/pg/login';
    sub_filter '/browser/' '/service/pg/browser/';
    sub_filter '/tools/' '/service/pg/tools/';
    sub_filter '/settings/' '/service/pg/settings/';
    sub_filter '/misc/' '/service/pg/misc/';
    sub_filter '/preferences/' '/service/pg/preferences/';
    sub_filter '/dashboard/' '/service/pg/dashboard/';
    sub_filter '/user_management/' '/service/pg/user_management/';
    sub_filter '/favicon.ico' '/service/pg/favicon.ico';
    sub_filter '/datagrid/' '/service/pg/datagrid/';
    sub_filter '/sqleditor/' '/service/pg/sqleditor/';
    sub_filter_types "*";
    sub_filter_once off;
    sub_filter_last_modified off;
}

Answer 3

I ended up with the following configuration:

location /pgadmin {
    proxy_pass http://pgadmin:80;
    proxy_redirect http:// $scheme://;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Script-Name /pgadmin;
}

The most important here is X-Script-Name, specifying the path prefix used to build hyperlinks on frontend. The proxy_redirect directive is also needed to fix mixed content warnings in browser.