From 34adf018e8e14e8417b51cdc1893a77b11023144 Mon Sep 17 00:00:00 2001
From: mo <mo@el-kadi.nl>
Date: Sun, 10 May 2026 17:18:51 +0200
Subject: [PATCH] pgadmin_web_ui

---
 docker/postgres-web/README.md          | 38 +++++++++++++++++
 docker/postgres-web/docker-compose.yml | 31 ++++++++++++++
 docker/postgres-web/servers.json       | 19 +++++++++
 nginx/postgres.el-kadi.nl.conf         | 56 ++++++++++++++++++++++++++
 4 files changed, 144 insertions(+)
 create mode 100644 docker/postgres-web/README.md
 create mode 100644 docker/postgres-web/docker-compose.yml
 create mode 100644 docker/postgres-web/servers.json
 create mode 100644 nginx/postgres.el-kadi.nl.conf

diff --git a/docker/postgres-web/README.md b/docker/postgres-web/README.md
new file mode 100644
index 0000000..92b2e2b
--- /dev/null
+++ b/docker/postgres-web/README.md
@@ -0,0 +1,38 @@
+# pgAdmin 4 — PostgreSQL Web Interface
+
+**pgAdmin 4** is een volledige web-gebaseerde PostgreSQL admin tool.
+Hiermee kun je queries uitvoeren, tabellen beheren, schema's bekijken en
+meer — allemaal via de browser.
+
+## Installatie
+
+```bash
+# 1. Upload deze map naar de NAS
+# 2. SSH naar de NAS
+# 3. Start de container
+
+echo WaQTUw2t | sudo -S /usr/local/bin/docker-compose up -d
+```
+
+## Toegang
+
+| Manier | URL |
+|---|---|
+| Direct (LAN) | http://192.168.1.211:5434 |
+| Extern (SSL) | https://postgres.el-kadi.nl |
+
+## Inloggen
+
+- **Email:** mo@el-kadi.nl
+- **Wachtwoord:** WaQTUw2t (of `PGADMIN_PASSWORD` env var)
+
+De PostgreSQL server is al voorgeconfigureerd via `servers.json`:
+- Host: 192.168.1.211
+- Port: 5433
+- Database: homelab
+- User: mo
+
+## Handige links
+
+- [pgAdmin Documentatie](https://www.pgadmin.org/docs/)
+- [PostgreSQL documentatie](https://www.postgresql.org/docs/)
diff --git a/docker/postgres-web/docker-compose.yml b/docker/postgres-web/docker-compose.yml
new file mode 100644
index 0000000..833d24a
--- /dev/null
+++ b/docker/postgres-web/docker-compose.yml
@@ -0,0 +1,31 @@
+# docker-compose.yml — pgAdmin 4 voor PostgreSQL op Synology NAS
+# Plaats op NAS: /volume1/docker/postgres-web/
+#
+# Starten:  docker-compose up -d
+# Web UI:   http://192.168.1.211:5434
+# Stoppen:  docker-compose down
+# Logs:     docker-compose logs -f
+
+services:
+  pgadmin:
+    image: dpage/pgadmin4:latest
+    container_name: pgadmin
+    restart: unless-stopped
+
+    ports:
+      - "5434:80"        # Web UI: http://NAS_IP:5434
+
+    environment:
+      # Standaard inlog voor de web UI
+      - PGADMIN_DEFAULT_EMAIL=mo@el-kadi.nl
+      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:-WaQTUw2t}
+      # Masquerade root URL voor nginx reverse proxy
+      - PGADMIN_CONFIG_SERVER_MODE=True
+      - PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED=False
+
+    volumes:
+      - pgadmin-data:/var/lib/pgadmin        # persistentie: server lijst, instellingen
+      - ./servers.json:/pgadmin4/servers.json # pre-configureer database connecties
+
+volumes:
+  pgadmin-data:
diff --git a/docker/postgres-web/servers.json b/docker/postgres-web/servers.json
new file mode 100644
index 0000000..aee57ca
--- /dev/null
+++ b/docker/postgres-web/servers.json
@@ -0,0 +1,19 @@
+{
+  "Servers": {
+    "1": {
+      "Name": "Homelab PostgreSQL",
+      "Group": "Servers",
+      "Host": "192.168.1.211",
+      "Port": 5433,
+      "MaintenanceDB": "homelab",
+      "Username": "mo",
+      "Password": "WaQTUw2t",
+      "SSLMode": "prefer",
+      "PassFile": "",
+      "SSLCert": "",
+      "SSLKey": "",
+      "SSLRootCert": "",
+      "Comment": "Synology NAS — Homelab dashboard database"
+    }
+  }
+}
diff --git a/nginx/postgres.el-kadi.nl.conf b/nginx/postgres.el-kadi.nl.conf
new file mode 100644
index 0000000..1d6d04a
--- /dev/null
+++ b/nginx/postgres.el-kadi.nl.conf
@@ -0,0 +1,56 @@
+# pgAdmin 4 — nginx reverse proxy config
+# Domein: postgres.el-kadi.nl → backend op localhost:5434
+#
+# Plaats in /etc/nginx/sites-available/ en symlink naar sites-enabled/
+# Of in /etc/nginx/conf.d/
+#
+# Vereist SSL certificaat van Let's Encrypt / certbot.
+
+server {
+    listen 80;
+    server_name postgres.el-kadi.nl;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name postgres.el-kadi.nl;
+
+    # ── SSL certificaten ─────────────────────────────────────────────────
+    ssl_certificate     /etc/letsencrypt/live/postgres.el-kadi.nl/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/postgres.el-kadi.nl/privkey.pem;
+
+    # ── SSL beveiliging ──────────────────────────────────────────────────
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 1d;
+
+    # ── security headers ─────────────────────────────────────────────────
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    # ── logging ──────────────────────────────────────────────────────────
+    access_log /var/log/nginx/pgadmin-access.log;
+    error_log  /var/log/nginx/pgadmin-error.log;
+
+    # ── proxy naar pgAdmin ───────────────────────────────────────────────
+    location / {
+        proxy_pass http://127.0.0.1:5434;
+        proxy_http_version 1.1;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # pgAdmin vereist lange sessies
+        proxy_read_timeout 300s;
+        proxy_send_timeout 300s;
+        proxy_buffering off;
+        client_max_body_size 10M;
+    }
+}