#1  
Old 23rd March 2013, 01:24
breakaway breakaway is offline
Junior Member
 
Join Date: Jun 2007
Posts: 21
Thanks: 2
Thanked 2 Times in 1 Post
Exclamation Simple phpmyadmin question

Hello gentlemen,

My setup is an Ubuntu 12.10 system.

I have used this guide to successfully set up the server. However I have a problem with phpMyAdmin.



Page #4 of the guide states to add a specific nginix directive inside ISPConfig to enable phpMyAdmin for a specific site.

Now being security concious I only want phpMyAdmin to work over https.

So I have added the following code snippet

Code:
location /phpmyadmin {
       root /usr/share/;
       index index.php index.html index.htm;
       location ~ ^/phpmyadmin/(.+\.php)$ {
       try_files $uri =404;
       root /usr/share/;
       fastcgi_pass unix:/var/run/php5-fpm.sock;
       fastcgi_param HTTPS on; # <-- add this line
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $request_filename;
       include /etc/nginx/fastcgi_params;
       fastcgi_param PATH_INFO $fastcgi_script_name;
       fastcgi_buffer_size 128k;
       fastcgi_buffers 256 4k;
       fastcgi_busy_buffers_size 256k;
       fastcgi_temp_file_write_size 256k;
       fastcgi_intercept_errors on;
       }
       location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
       root /usr/share/;
       }
}
location /phpMyAdmin {
       rewrite ^/* /phpmyadmin last;
}
As per the guide says.

However, I have found that even after saving the above directive into ISPConfig for that site and reloading (and also restarting) nginx, phpMyAdmin is accessible via http on port 8081! If I try HTTPS port 8081 it won't work - firefox produces a

Code:
SSL received a record that exceeded the maximum permissible length.
error.

How can I force this (phpmyadmin) to ONLY work over HTTPS?

Thanks in advance!
Reply With Quote
Sponsored Links
  #2  
Old 23rd March 2013, 19:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

Quote:
Originally Posted by breakaway View Post
However, I have found that even after saving the above directive into ISPConfig for that site and reloading (and also restarting) nginx, phpMyAdmin is accessible via http on port 8081!
This is the apps vhost that comes with ISPConfig. you can find it in /etc/nginx/sites-available/apps.vhost. If you like to disable phpMyAdmin there, please don't forget to disable it in the apps vhost template in /usr/local/ispconfig/server/conf as well.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd March 2013, 22:39
breakaway breakaway is offline
Junior Member
 
Join Date: Jun 2007
Posts: 21
Thanks: 2
Thanked 2 Times in 1 Post
Default

Hi Falko,

I am not wanting to disable phpMyAdmin, I am wanting to make it HTTPS only -- i.e. it is only accessible by https://my.server:8081/phpmyadmin and not by http://my.server:8081/phpmyadmin.

At the moment I can access it via HTTP only, HTTPS gives an error.

How can I configure it for https ONLY?
Reply With Quote
  #4  
Old 2nd April 2013, 01:20
breakaway breakaway is offline
Junior Member
 
Join Date: Jun 2007
Posts: 21
Thanks: 2
Thanked 2 Times in 1 Post
Exclamation

Hi,

I'm still trying to fix this -- can anyone lend a hand?

I have edited the

Code:
 location /phpmyadmin { }
directive in

Code:
/etc/nginx/sites-available/apps.vhost
and added

Code:
fastcgi_param HTTPS on;
and restarted nginx but it doesn't help!

I found there is already a line there that says

Code:
fastcgi_param HTTPS $https;
Where is the $HTTPS variable defined? I can't find it in that file. Also commenting out this particular variable-driven line and forcing it with fastcgi_param HTTPS on; doesn't seem to help either. Navigating to https://my.server.tld:8081/phpmyadmin gives me an error, whereas http://my.server.tld:8081/phpmyadmin works.

I have a feeling I'm editing the wrong file(s)!

Any help appreciated!

EDIT: I have found that I am able to access both phpMyAdmin AND SquirrelMail on http://site.server.tld:8081/phpmyadmin or http://site.server.tld:8081/squirrelmail REGARDLESS of wether the directives are present or not inside ISPConfig in Sites > Domains > Optoins > nginx Directives.

I thought without the directives there, that particular site shouldn't have phpMyAdmin or SquirrelMail? Is my understanding of that incorrect? The guide says the following:

Quote:
If you want to use a /webmail or /squirrelmail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access SquirrelMail.

To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:

Last edited by breakaway; 2nd April 2013 at 01:35.
Reply With Quote
  #5  
Old 2nd April 2013, 03:45
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
Default

Hi breakaway,

After installing ISPConfig 3, there is no need to change anything to access phpmyadmin securely.

I install ISPConfig on port 443, so I simply do:
Code:
https://host.ispconfigserver.tld/phpmyadmin
There is no need to configure your phpmyadmin on port 8081 or any of that other stuff...

Regards,
Darin
Reply With Quote
  #6  
Old 2nd April 2013, 07:13
breakaway breakaway is offline
Junior Member
 
Join Date: Jun 2007
Posts: 21
Thanks: 2
Thanked 2 Times in 1 Post
Default

Thanks for the reply Darin but that doesn't work for me. In fact the guide I am using states specifically (link to that page) that if you are using nginx then phpmyadmin will not work 'out of the box' - it says you need to add some directives under EACH SITE that requires phpmyadmin/squirrelmail to make it active.

But I found that real-world behaviour is actually very different as per my posts above.

Are you running nginx?

Anyway I managed to figure it out with a friend's help.

Note that my end goal was to have phpmyadmin/squirrelmail accesible by https://my.server.tld:8081/phpmyadmin and https://my.server.tld:8081/webmail respectively, via https ONLY.

The resolution was to edit

Code:
/etc/nginx/sites-available/apps.vhost
To include the following 3 lines

Code:
        ssl on;
        ssl_certificate   /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key    /etc/ssl/private/ssl-cert-snakeoil.key;
And restart nginx. It now works.

Note that this is a self signed SSL Cert so obviouly it is better to replace it with a proper cert.

Last edited by breakaway; 2nd April 2013 at 07:18.
Reply With Quote
The Following 2 Users Say Thank You to breakaway For This Useful Post:
arraken (8th March 2014), darinpeterson (2nd April 2013)
  #7  
Old 2nd April 2013, 15:48
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 153
Thanks: 35
Thanked 13 Times in 13 Posts
 
Default

I am not using nginx. I seem to have missed that important detail.

Thanks for posting your solution here!

Darin
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Question: CentOS Server destinedjagold Server Operation 1 6th September 2012 19:05
phpMyAdmin and pure-ftpd operation question RKB Server Operation 4 28th November 2010 21:52
Simple question... I think - re: multiple domains. lidocayne Installation/Configuration 1 17th July 2006 11:53
perfect setup suse 10 - phpmyadmin & mysql question reddog Server Operation 7 17th June 2006 12:59
phpMyAdmin question? ctroyp Installation/Configuration 1 20th March 2006 23:19


All times are GMT +2. The time now is 16:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.