SSL error: tlsv1 alert no application protocol (Docker Image dpage/pgadmin4:8.13 and later / runs fine on :8.12 and beyond)
#8282
Comments
|
@mkarg |
If you quickly need a live machine to run some tests against, fee free to connect to my personal PostgreSQL 17 instance running at I stripped the full compose file from everything that has nothing to do with PG/PGAdmin/Trafik, and this is what is left over: services:
postgres:
restart: unless-stopped
image: postgres:17
shm_size: 256m
environment:
- "POSTGRES_PASSWORD=your-password-here"
- "PGDATA=/var/lib/postgresql/data/pgdata"
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
- "traefik.tcp.routers.postgres.entrypoints=postgres"
- "traefik.tcp.routers.postgres.service=postgres"
- "traefik.tcp.routers.postgres.tls=true"
- "traefik.tcp.routers.postgres.tls.certresolver=letsencrypt"
- "traefik.tcp.routers.postgres.tls.domains[0].main=your-domain-here"
- "traefik.tcp.services.postgres.loadbalancer.server.port=5432"
traefik:
restart: unless-stopped
image: traefik:3.2
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
ports:
- "80:80"
- "443:443/tcp"
- "443:443/udp"
- "5432:5432"
pgadmin:
restart: unless-stopped
image: dpage/pgadmin4:8.14
environment:
- PGADMIN_DEFAULT_EMAIL=your-email-here
- PGADMIN_DEFAULT_PASSWORD=your-password-here
labels:
- "traefik.enable=true"
- "traefik.http.routers.pgadmin.rule=Host(`your-hostname-here`)"
- "traefik.http.routers.pgadmin.entrypoints=websecure"Note that you cannot run this composition unless you explicitly provide static Traefik configuration, e. g.: providers:
docker:
exposedbydefault: false
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
http3: {}
http:
tls:
certResolver: letsencrypt
domains:
- main: your-domain-here
postgres:
address: ":5432" |
|
@mkarg |
I just configure the following but keep PGAdmin's defaults for all the rest:
Screenshots taken from functional connection using PGAdmin 8.12:
|
|
Hi @mkarg, According to your screenshot, you have not provided the certificates in the server dialog parameters tab because we can see the default placeholders provided by pgAdmin. |
Correct, and that is fine and intentional. I never provided any certificates in the connection dialog, neither in the working 8.12 and earlier, nor in the failing 8.13 or later, as the TLS connection is secured by Let's Encrypt, which typically is supported by all clients out-of-the-box (and again, it does work fine with 8.12 and earlier, still!). Does your answer imply that since 8.13 and later one must manually download the Let's Encrypt public certificate...? That would be weird, as the benefit of Let's Encrypt solely is that nobody has to do that, actually...! 🤔 |
Bug Description
To administer my PostgreSQL 17 cluster, I am running @dpage's Docker Image
dpage/pgadmin4usingSSL mode: requiredvia TLS (terminated by Traefik 3 proxy). Up to tag8.12everything works fine! Since tag8.13the error messageSSL error: tlsv1 alert no application protocolis shown when trying to connect.To Reproduce
docker run dpage/pgadminSSL mode: requiredvia Proxy-terminated TLSExpected behavior
Login should succeed without error message.
Error message
SSL error: tlsv1 alert no application protocolDesktop (please complete the following information):
dpage/pgadmin4:8.13and later tagsAdditional context
Works fine in tag
8.12, fails in tags8.13,8.14,latestandsnapshotThe text was updated successfully, but these errors were encountered: