HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Simple phpmyadmin question (http://www.howtoforge.com/forums/showthread.php?t=61094)

breakaway 23rd March 2013 02:24

Simple phpmyadmin question
 
Hello gentlemen,

My setup is an Ubuntu 12.10 system.

I have used this guide to successfully set up the server. However I have a problem with phpMyAdmin.



Page #4 of the guide states to add a specific nginix directive inside ISPConfig to enable phpMyAdmin for a specific site.

Now being security concious I only want phpMyAdmin to work over https.

So I have added the following code snippet

Code:

location /phpmyadmin {
      root /usr/share/;
      index index.php index.html index.htm;
      location ~ ^/phpmyadmin/(.+\.php)$ {
      try_files $uri =404;
      root /usr/share/;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      fastcgi_param HTTPS on; # <-- add this line
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $request_filename;
      include /etc/nginx/fastcgi_params;
      fastcgi_param PATH_INFO $fastcgi_script_name;
      fastcgi_buffer_size 128k;
      fastcgi_buffers 256 4k;
      fastcgi_busy_buffers_size 256k;
      fastcgi_temp_file_write_size 256k;
      fastcgi_intercept_errors on;
      }
      location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
      root /usr/share/;
      }
}
location /phpMyAdmin {
      rewrite ^/* /phpmyadmin last;
}

As per the guide says.

However, I have found that even after saving the above directive into ISPConfig for that site and reloading (and also restarting) nginx, phpMyAdmin is accessible via http on port 8081! If I try HTTPS port 8081 it won't work - firefox produces a

Code:

SSL received a record that exceeded the maximum permissible length.
error.

How can I force this (phpmyadmin) to ONLY work over HTTPS?

Thanks in advance!

falko 23rd March 2013 20:04

Quote:

Originally Posted by breakaway (Post 294537)
However, I have found that even after saving the above directive into ISPConfig for that site and reloading (and also restarting) nginx, phpMyAdmin is accessible via http on port 8081!

This is the apps vhost that comes with ISPConfig. you can find it in /etc/nginx/sites-available/apps.vhost. If you like to disable phpMyAdmin there, please don't forget to disable it in the apps vhost template in /usr/local/ispconfig/server/conf as well.

breakaway 23rd March 2013 23:39

Hi Falko,

I am not wanting to disable phpMyAdmin, I am wanting to make it HTTPS only -- i.e. it is only accessible by https://my.server:8081/phpmyadmin and not by http://my.server:8081/phpmyadmin.

At the moment I can access it via HTTP only, HTTPS gives an error.

How can I configure it for https ONLY?

breakaway 2nd April 2013 02:20

Hi,

I'm still trying to fix this -- can anyone lend a hand?

I have edited the

Code:

location /phpmyadmin { }
directive in

Code:

/etc/nginx/sites-available/apps.vhost
and added

Code:

fastcgi_param HTTPS on;
and restarted nginx but it doesn't help!

I found there is already a line there that says

Code:

fastcgi_param HTTPS $https;
Where is the $HTTPS variable defined? I can't find it in that file. Also commenting out this particular variable-driven line and forcing it with fastcgi_param HTTPS on; doesn't seem to help either. Navigating to https://my.server.tld:8081/phpmyadmin gives me an error, whereas http://my.server.tld:8081/phpmyadmin works.

I have a feeling I'm editing the wrong file(s)!

Any help appreciated!

EDIT: I have found that I am able to access both phpMyAdmin AND SquirrelMail on http://site.server.tld:8081/phpmyadmin or http://site.server.tld:8081/squirrelmail REGARDLESS of wether the directives are present or not inside ISPConfig in Sites > Domains > Optoins > nginx Directives.

I thought without the directives there, that particular site shouldn't have phpMyAdmin or SquirrelMail? Is my understanding of that incorrect? The guide says the following:

Quote:

If you want to use a /webmail or /squirrelmail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access SquirrelMail.

To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:

darinpeterson 2nd April 2013 04:45

Hi breakaway,

After installing ISPConfig 3, there is no need to change anything to access phpmyadmin securely.

I install ISPConfig on port 443, so I simply do:
Code:

https://host.ispconfigserver.tld/phpmyadmin
There is no need to configure your phpmyadmin on port 8081 or any of that other stuff...

Regards,
Darin

breakaway 2nd April 2013 08:13

Thanks for the reply Darin but that doesn't work for me. In fact the guide I am using states specifically (link to that page) that if you are using nginx then phpmyadmin will not work 'out of the box' - it says you need to add some directives under EACH SITE that requires phpmyadmin/squirrelmail to make it active.

But I found that real-world behaviour is actually very different as per my posts above.

Are you running nginx?

Anyway I managed to figure it out with a friend's help.

Note that my end goal was to have phpmyadmin/squirrelmail accesible by https://my.server.tld:8081/phpmyadmin and https://my.server.tld:8081/webmail respectively, via https ONLY.

The resolution was to edit

Code:

/etc/nginx/sites-available/apps.vhost
To include the following 3 lines

Code:

        ssl on;
        ssl_certificate  /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key    /etc/ssl/private/ssl-cert-snakeoil.key;

And restart nginx. It now works.

Note that this is a self signed SSL Cert so obviouly it is better to replace it with a proper cert.

darinpeterson 2nd April 2013 16:48

I am not using nginx. I seem to have missed that important detail. :)

Thanks for posting your solution here!

Darin


All times are GMT +2. The time now is 08:27.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.