Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th July 2012, 07:10
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
Default phpMyAdmin using https

[SOLVED] See last post.
Hi,

I see that it is possible to setup phpMyAdmin to use https? However solutions that worked for others won't work for me.
I am running Ubuntu 10.04 LTS with LAMP and ISPConfig3.0.4.6. My server is a VPS located at Linode, and I followed their guide for securing my server, then the ISPConfig guide.
Everything appears to be working, mysql, php, ISPConfig... So I'm now trying to get phpMyAdmin to use https rather than http.

my "phpMyAdmin default Apache configuration" file is located in /etc/apache2/conf.d/phpmyadmin.conf and contain the following code:
(I added the RewriteEngine, RewriteCond, and RewriteRule lines hoping to make it work)
Code:
# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php

        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        <IfModule mod_php5.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_value include_path .
        </IfModule>

</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>
However this returns an error in my browser:
Code:
SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)
The code I added is a variation of what I've seen others do, but as the other solutions haven't worked for me, this is where I'm up to for the moment.

Cheers,
Nap

PS.. Where can I find the password that enables me to enter the /phpmyadmin/setup page. /etc/phpmyadmin/htpasswd.setup contains: admin:*

Last edited by Nap; 11th July 2012 at 18:19. Reason: need to rephrase my question
Reply With Quote
Sponsored Links
  #2  
Old 11th July 2012, 08:54
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
Default

Do I need to create another certificate using openSSL to get this to work? If so, where should the certificate go?
Reply With Quote
  #3  
Old 11th July 2012, 10:14
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,388 Times in 4,233 Posts
Default

phpmyadmin is accessed trough the website were you call it from (apache alias), so if this wbsite has ssl, then phpmyadmin is ssl encrypted. if the website does not has ssl, then its not ssl encrypted.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 11th July 2012, 10:33
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
Default

Till, thnx.

I am accessing IPSConfig through https. Does that qualify?
I have openSSL installed, and use SSH via PuTTY.

Of course, I don't want my whole site to operate through https.

Cheers,
Nap
Reply With Quote
  #5  
Old 11th July 2012, 11:15
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

if you have a wildcard cert then you can set up subdomain.

If not you can just make a symlink in the ispconfig folder to the phpmyadmin installation and use it on the same domain as a "subfolder"
__________________
Christian Foellmann

OpenSource-Projects - GitHub-Projects - SVN-Mirrors on GitHub - Foe Services
Reply With Quote
  #6  
Old 11th July 2012, 11:37
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
Default

cfoe thnx 4 your reply.

I would like to provide https access to phpMyAdmin for all domains that I setup on my server, 3 at the moment. So I'm looking for a solution that works across the board on my site.

When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case? If so, that would explain why ISPConfig works with HTTPS but not phpMyAdmin, and would mean I'm not done setting up my apache2 package.

I'm sorry but I don't know what a 'wildcard cert' is. A link would be appreciated so I can do my own homework.

However, I do know what a symlink is. Could you be more specific regarding folders? (Everything is installed into default locations on my Ubuntu 10.04 LTS VPS.) And I'm hoping this approach does not require me to create such a symlink for each domain I host. (Although if it's the only solution, I'm happy to do so.)

Best regards,
Nap
Reply With Quote
  #7  
Old 11th July 2012, 11:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,388 Times in 4,233 Posts
Default

Ok, so you want to access phpmyadmin trogh the controlpanel vhost and not the websites. In this case, pjhpmyadmin is already ssl encrypted if you had choosen ssl for ispconfig in the installer. Yoiu can access it similar to ispconfig 2 trogh the controlpanel port:

http://www.yourdomain.tld:8080/phpmyadmin

Quote:
When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case?
No. ISPConfig 3 is a completely different software and does not share any code with ispconfig 2.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 11th July 2012, 11:48
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

Quote:
Originally Posted by Nap View Post
cfoe thnx 4 your reply.
I would like to provide https access to phpMyAdmin for all domains that I setup on my server, 3 at the moment. So I'm looking for a solution that works across the board on my site.
Because a cert must be "made" for specific domains it would be possible to automate something like:
www.customerdomain.com/phpmyadmin
the cert would need to contain customerdomain.com which it could but you need to know on SSL purchase all the domains.

Quote:
When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case? If so, that would explain why ISPConfig works with HTTPS but not phpMyAdmin, and would mean I'm not done setting up my apache2 package.
I have not been on board for soo long with ISPConfig but I am pretty sure that ISPConfig 2 had a separate webserver.
ISPConfig 3.x uses the installed webserver (apache or nginx) and adds the necessary config to "make it work"

Quote:
I'm sorry but I don't know what a 'wildcard cert' is. A link would be appreciated so I can do my own homework.
Wildcard certs are usable for subdomains in the format *.yourdomain.tld.
A good guide can be found right here: http://www.howtoforge.com/securing-y...-from-startssl
The certs from StartSSL are correctly recognized by all the major platforms and browsers

Quote:
However, I do know what a symlink is. Could you be more specific regarding folders? (Everything is installed into default locations on my Ubuntu 10.04 LTS VPS.) And I'm hoping this approach does not require me to create such a symlink for each domain I host. (Although if it's the only solution, I'm happy to do so.)
The only thing I can think of would be a rewrite (means redirect for the browser) by apache from

www.customerdomain.com/phpmyadmin

to

yourdomain.com/phpmyadmin

I hope that helps
__________________
Christian Foellmann

OpenSource-Projects - GitHub-Projects - SVN-Mirrors on GitHub - Foe Services
Reply With Quote
  #9  
Old 11th July 2012, 12:31
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by till View Post
Ok, so you want to access phpmyadmin trogh the controlpanel vhost and not the websites. In this case, pjhpmyadmin is already ssl encrypted if you had choosen ssl for ispconfig in the installer. Yoiu can access it similar to ispconfig 2 trogh the controlpanel port:

http://www.yourdomain.tld:8080/phpmyadmin
I did choose SSL while installing.
The access URL I would like is https://www.mydomain.net.au/phpmyadmin. If the user issues http://www.mydomain.net.au/phpmyadmin they would be redirected to the https:// version.

I haven't configured any resellers or clients in my ISPConfig yet, but I believe there is a link there to phpMyAdmin. So I would like to cover the case where the user tries to access without use of the control panel.
Reply With Quote
  #10  
Old 11th July 2012, 12:35
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
 
Default

PLEASE DISREGARD THIS REPLY. I DID NOT EXPRESS MYSELF PROPERLY.
I posted another reply below. My appologies.


Quote:
Originally Posted by cfoe View Post

The only thing I can think of would be a rewrite (means redirect for the browser) by apache from

www.customerdomain.com/phpmyadmin

to

yourdomain.com/phpmyadmin

I hope that helps
This solution is exactly what I'm trying to get going. If you check my opening post, you will see I've posted the commands, but they are not working for me. And I don't understand why.

Last edited by Nap; 11th July 2012 at 13:08. Reason: Didn't fully understand what CFOE was saying when I posted.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 15:08
https squirrel & phpmyadmin OrCAD Installation/Configuration 3 10th November 2010 08:56
phpmyadmin stops authenticating, mysql does fine isn General 2 8th January 2010 16:57
Phpmyadmin update error code 1? treavle Installation/Configuration 1 16th December 2009 13:35
httpd and phpmyadmin recirect issue moglia Developers' Forum 5 11th August 2009 12:52


All times are GMT +2. The time now is 14:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.