pgadmin-org · Smartappli · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 31, 2026
diff --git a/Dockerfile b/Dockerfile
@@ -186,14 +186,14 @@ ENV PYTHONPATH=/pgadmin4
 # Copy in the code and docs
 COPY --from=app-builder /pgadmin4/web /pgadmin4
 COPY --from=docs-builder /pgadmin4/docs/en_US/_build/html/ /pgadmin4/docs
-COPY pkg/docker/run_pgadmin.py pkg/docker/gunicorn_config.py /pgadmin4/
+COPY pkg/docker/run_pgadmin.py /pgadmin4/
 COPY pkg/docker/entrypoint.sh /entrypoint.sh
 
 # License files
 COPY LICENSE /pgadmin4/LICENSE
 
 # Configure everything in one RUN step
-RUN /venv/bin/python3 -m pip install --no-cache-dir gunicorn==23.0.0 && \
+RUN /venv/bin/python3 -m pip install --no-cache-dir granian==2.7.2 && \
     find / -type d -name '__pycache__' -exec rm -rf {} + && \
     useradd -r -u 5050 -g root -s /sbin/nologin pgadmin && \
     mkdir -p /run/pgadmin /var/lib/pgadmin && \

diff --git a/pkg/docker/entrypoint.sh b/pkg/docker/entrypoint.sh
@@ -257,25 +257,36 @@ if [ -z "${PGADMIN_DISABLE_POSTFIX}" ]; then
     sudo /usr/sbin/postfix start
 fi
 
-# Get the session timeout from the pgAdmin config. We'll use this (in seconds)
-# to define the Gunicorn worker timeout
-TIMEOUT=$(cd /pgadmin4 && $SU_EXEC /venv/bin/python3 -c 'import config; print(config.SESSION_EXPIRATION_TIME * 60 * 60 * 24)')
-
 # NOTE: currently pgadmin can run only with 1 worker due to sessions implementation
-# Using --threads to have multi-threaded single-process worker
 
 if [ -n "${PGADMIN_ENABLE_SOCK}" ]; then
-    BIND_ADDRESS="unix:/run/pgadmin/pgadmin.sock"
+    BIND_ARGS="--uds /run/pgadmin/pgadmin.sock"
 else
+    BIND_ARGS="--host ${PGADMIN_LISTEN_ADDRESS:-[::]} --port ${PGADMIN_LISTEN_PORT:-80}"
     if [ -n "${PGADMIN_ENABLE_TLS}" ]; then
-        BIND_ADDRESS="${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-443}"
-    else
-        BIND_ADDRESS="${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-80}"
+        BIND_ARGS="--host ${PGADMIN_LISTEN_ADDRESS:-[::]} --port ${PGADMIN_LISTEN_PORT:-443}"
     fi
 fi
 
-if [ -n "${PGADMIN_ENABLE_TLS}" ]; then
-    exec $SU_EXEC /venv/bin/gunicorn --limit-request-line "${GUNICORN_LIMIT_REQUEST_LINE:-8190}" --timeout "${TIMEOUT}" --bind "${BIND_ADDRESS}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" --keyfile /certs/server.key --certfile /certs/server.cert -c gunicorn_config.py run_pgadmin:app
+if [ "${GUNICORN_ACCESS_LOGFILE:--}" = "-" ]; then
+    ACCESS_LOG_ARGS="--access-log"
+elif [ -n "${GUNICORN_ACCESS_LOGFILE}" ]; then
+    echo "Warning: GUNICORN_ACCESS_LOGFILE file paths are not supported with Granian. Access logging disabled." >&2
+    ACCESS_LOG_ARGS="--no-access-log"
 else
-    exec $SU_EXEC /venv/bin/gunicorn --limit-request-line "${GUNICORN_LIMIT_REQUEST_LINE:-8190}" --limit-request-fields "${GUNICORN_LIMIT_REQUEST_FIELDS:-100}" --limit-request-field_size "${GUNICORN_LIMIT_REQUEST_FIELD_SIZE:-8190}" --timeout "${TIMEOUT}" --bind "${BIND_ADDRESS}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" -c gunicorn_config.py run_pgadmin:app
+    ACCESS_LOG_ARGS="--no-access-log"
+fi
+
+TLS_ARGS=""
+if [ -n "${PGADMIN_ENABLE_TLS}" ]; then
+    TLS_ARGS="--ssl-keyfile /certs/server.key --ssl-certificate /certs/server.cert --ssl-protocol-min ${GRANIAN_SSL_PROTOCOL_MIN:-tls1.2}"
+fi
 fi
+
+# Keep the existing environment variables for backward compatibility.
+GRANIAN_BACKPRESSURE="${GRANIAN_BACKPRESSURE:-${GUNICORN_THREADS:-25}}"
+exec /venv/bin/granian --interface wsgi --workers 1 \
+    --blocking-threads "${GUNICORN_THREADS:-25}" \
+    --backpressure "${GRANIAN_BACKPRESSURE}" \
+    ${ACCESS_LOG_ARGS} ${TLS_ARGS} ${BIND_ARGS} run_pgadmin:app
+
diff --git a/pkg/docker/gunicorn_config.py b/pkg/docker/gunicorn_config.py
diff --git a/web/regression/python_test_utils/csrf_test_client.py b/web/regression/python_test_utils/csrf_test_client.py
@@ -116,7 +116,9 @@ def generate_csrf_token(self, *args, **kwargs):
         }
         self._add_cookies_to_wsgi(environ_overrides)
 
-        with self.app.test_request_context():
+        with self.app.test_request_context(
+            environ_overrides=environ_overrides
+        ):
             # Now, we call Flask-WTF's method of generating a CSRF token...
             csrf_token = generate_csrf()
             # ...which also sets a value in `flask.session`, so we need to