HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Setting phpmyadmin on multiserver setup (http://www.howtoforge.com/forums/showthread.php?t=58671)

Wisdown 10th September 2012 11:24

Setting phpmyadmin on multiserver setup
 
Hey guys,

Someone have an link on how to setup the phpmyadmin for the multiserver setup?

Looking around i found this post:

http://www.howtoforge.com/forums/showthread.php?t=55811

After try i get my db.server.com isnt accepting connections from my web.server.com.

Should i add 2 users like ISPConfig setup does?
I mean root@IP and root@web.server.com

Since this user need have full access on db.server.com, i would set to use the ispconfig login instead make a new one?

till 10th September 2012 11:31

Quote:

Should i add 2 users like ISPConfig setup does?
I mean root@IP and root@web.server.com
Ypu can do that. Or try to add the one with the Ip first, if it does not work, change it to the hostname. Dont forget to reload mysql or flush priveliges after you changed a user.

Quote:

Since this user need have full access on db.server.com, i would set to use the ispconfig login instead make a new one?
That depends on your setup. If the db server is not the amster server, then you can reuse it. If the master server is not the db server, then create a new user as the one created for the ispconfig setup allows only access from a slave to the master and not from one slave to another.

Wisdown 10th September 2012 11:53

I tried adding only the IP.
Worked only for root.

But when i try log as user i get acces denied, example:

root@192.168.0.3 > OK
c1db@192.168.0.3 > Access Denied
c1db@web.server.com > Access Denied

On my setup like i did with root i will need add the users one by one?

Wisdown 10th September 2012 13:59

Someone have the phpmyadmin working in multiserver enviroment and would share how to get this working please?

I have tried on web.server.com:

dpkg-reconfigure phpmyadmin

Then i set to connect directly on the other server: db.server.com

But when i try log seems the phpmyadmin send the login as:

username@web.server.com

And so, pop error about access denied.
There someway to rewrite the domain name inside of phpmyadmin?
I mean for try log as:

username@db.server.com (already exists since ISPConfig created by the pannel)
instead
username@web.server.com (dont exists)

till 10th September 2012 14:09

Quote:

On my setup like i did with root i will need add the users one by one?
Then you might have missed to enable remote access for the user.Login to ispconfig, go to the database settings and enable remote access.

Wisdown 10th September 2012 14:38

Quote:

Originally Posted by till (Post 285206)
Then you might have missed to enable remote access for the user.Login to ispconfig, go to the database settings and enable remote access.

Yeah is it.
I have checked now to enable remote access and worked pretty nice.

Since i dindt oppened the port 3306 on my firewall, i dindt worry about someone try bruteforce attacks on my db.server.com right?

till 10th September 2012 14:43

Quote:

Since i dindt oppened the port 3306 on my firewall, i dindt worry about someone try bruteforce attacks on my db.server.com right?
Yes. And even without that you wont have to worry as you can restrict the access by ip address to allow access from the web server only.

Wisdown 12th September 2012 18:52

Today i got sometime to back on play on my server and notice an problem with this setup.

I`m able to log as user, see database / tables, but, when i try run any SQL query i get an error:

ERROR 403 - Forbidden!

When i click to check the documentation, i get same error.

Looking on /var/log/apache2/error.log and access.log, i dindt find anything about this error.

I`m missing an include somewhere? I mean, I need add something else on path inside of ISPConfig?
Btw, my phpmyadmin is using ssl, would be this?

Wisdown 13th September 2012 15:56

Just updating my tests, i have tried use:

# Order Deny,Allow
# Deny from All
Allow from LAN IP

Dindt worked, then:

# Order Deny,Allow
# Deny from All
Allow from All

Samething, so:

# Order Deny,Allow
# Deny from All
Allow from All
Require all granted

No luck too, my question now would be, there an way to specific the detail for log on apache?
My guess for there no info on apache logs would be because something would have be set for minimun details.

Wisdown 13th September 2012 17:57

After some reasearch i found where are the real logs of apache, seems they still on this place:

/var/log/ispconfig/httpd/mydomain.com/error.log

On the log i noticed this:

Quote:

[warn] RSA server certificate wildcard CommonName ( CN ) `*.mydomain.com' does NOT match server name!?

[warn] RSA server certificate wildcard CommonName ( CN ) `*.mydomain.com' does NOT match server name!?

[error] [client XXX.XXX.XXX.XXX] ModSecurity: Access_denied with code 403 (phase 4). Pattern match "(?:\\b( ?:f( ?:tp_( ?:nb_ ) ? ) )"
[Thu Sep 13 10:33:59 2012] [error] [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 ( phase 4 ) . Pattern match "( ?:\\b ( ?:f ( ?:tp_( ?:nb_ ) ?f? ( ?:ge|pu ) t|get ( ?:s?s|c ) |scanf|write|open|read ) |gz( ?:( ?:encod|writ)e|compress|open|read)|s( ?:ession_start|candir ) |read ( ?: ( ?:gz ) ?file|dir ) |move_uploaded_file| ( ?:proc_|bz ) open ) |\\$_( ?: ( ?:pos|ge ) t|session ) ) \\b" at RESPONSE_BODY. [file "/etc/apache2/mod-security/modsecurity_crs_50_outbound.conf"] [line "64"] [id "970015"] [msg "PHP source code leakage"] [severity "WARNING"] [tag "LEAKAGE/SOURCE_CODE"] [hostname "mydomain.com"] [uri "/phpmyadmin/Documentation.html"] [unique_id "UFHgx8CoZAMAAG5ETOUAAAAE"]
So the * certificate is useless then?
I mean, i will need do an new certificate specific for web.server.com, for db.server.com, etc... ???


All times are GMT +2. The time now is 21:11.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.