phpMyAdmin using https

[Nap]

[SOLVED] See last post.
Hi,

I see that it is possible to setup phpMyAdmin to use https? However solutions that worked for others won't work for me.
I am running Ubuntu 10.04 LTS with LAMP and ISPConfig3.0.4.6. My server is a VPS located at Linode, and I followed their guide for securing my server, then the ISPConfig guide.
Everything appears to be working, mysql, php, ISPConfig... So I'm now trying to get phpMyAdmin to use https rather than http.

my "phpMyAdmin default Apache configuration" file is located in /etc/apache2/conf.d/phpmyadmin.conf and contain the following code:
(I added the RewriteEngine, RewriteCond, and RewriteRule lines hoping to make it work)

Code:

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php

        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        <IfModule mod_php5.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_value include_path .
        </IfModule>

</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>

However this returns an error in my browser:

Code:

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

The code I added is a variation of what I've seen others do, but as the other solutions haven't worked for me, this is where I'm up to for the moment.

Cheers,
Nap

PS.. Where can I find the password that enables me to enter the /phpmyadmin/setup page. /etc/phpmyadmin/htpasswd.setup contains: admin:*

[Nap]

Do I need to create another certificate using openSSL to get this to work? If so, where should the certificate go?

[till]

phpmyadmin is accessed trough the website were you call it from (apache alias), so if this wbsite has ssl, then phpmyadmin is ssl encrypted. if the website does not has ssl, then its not ssl encrypted.

[Nap]

Till, thnx.

I am accessing IPSConfig through https. Does that qualify?
I have openSSL installed, and use SSH via PuTTY.

Of course, I don't want my whole site to operate through https.

Cheers,
Nap

[cfoe]

if you have a wildcard cert then you can set up subdomain.

If not you can just make a symlink in the ispconfig folder to the phpmyadmin installation and use it on the same domain as a "subfolder"

[Nap]

cfoe thnx 4 your reply.

I would like to provide https access to phpMyAdmin for all domains that I setup on my server, 3 at the moment. So I'm looking for a solution that works across the board on my site.

When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case? If so, that would explain why ISPConfig works with HTTPS but not phpMyAdmin, and would mean I'm not done setting up my apache2 package.

I'm sorry but I don't know what a 'wildcard cert' is. A link would be appreciated so I can do my own homework.

However, I do know what a symlink is. Could you be more specific regarding folders? (Everything is installed into default locations on my Ubuntu 10.04 LTS VPS.) And I'm hoping this approach does not require me to create such a symlink for each domain I host. (Although if it's the only solution, I'm happy to do so.)

Best regards,
Nap

[till]

Ok, so you want to access phpmyadmin trogh the controlpanel vhost and not the websites. In this case, pjhpmyadmin is already ssl encrypted if you had choosen ssl for ispconfig in the installer. Yoiu can access it similar to ispconfig 2 trogh the controlpanel port:

http://www.yourdomain.tld:8080/phpmyadmin

Quote:

When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case?

No. ISPConfig 3 is a completely different software and does not share any code with ispconfig 2.

[cfoe]

Quote:

Originally Posted by Nap

cfoe thnx 4 your reply.
I would like to provide https access to phpMyAdmin for all domains that I setup on my server, 3 at the moment. So I'm looking for a solution that works across the board on my site.

Because a cert must be "made" for specific domains it would be possible to automate something like:
www.customerdomain.com/phpmyadmin
the cert would need to contain customerdomain.com which it could but you need to know on SSL purchase all the domains.

Quote:

When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case? If so, that would explain why ISPConfig works with HTTPS but not phpMyAdmin, and would mean I'm not done setting up my apache2 package.

I have not been on board for soo long with ISPConfig but I am pretty sure that ISPConfig 2 had a separate webserver.
ISPConfig 3.x uses the installed webserver (apache or nginx) and adds the necessary config to "make it work"

Quote:

I'm sorry but I don't know what a 'wildcard cert' is. A link would be appreciated so I can do my own homework.

Wildcard certs are usable for subdomains in the format *.yourdomain.tld.
A good guide can be found right here: http://www.howtoforge.com/securing-y...-from-startssl
The certs from StartSSL are correctly recognized by all the major platforms and browsers

Quote:

However, I do know what a symlink is. Could you be more specific regarding folders? (Everything is installed into default locations on my Ubuntu 10.04 LTS VPS.) And I'm hoping this approach does not require me to create such a symlink for each domain I host. (Although if it's the only solution, I'm happy to do so.)

The only thing I can think of would be a rewrite (means redirect for the browser) by apache from

www.customerdomain.com/phpmyadmin

to

yourdomain.com/phpmyadmin

I hope that helps

[Nap]

Quote:

Originally Posted by till

Ok, so you want to access phpmyadmin trogh the controlpanel vhost and not the websites. In this case, pjhpmyadmin is already ssl encrypted if you had choosen ssl for ispconfig in the installer. Yoiu can access it similar to ispconfig 2 trogh the controlpanel port:

http://www.yourdomain.tld:8080/phpmyadmin

I did choose SSL while installing.
The access URL I would like is https://www.mydomain.net.au/phpmyadmin. If the user issues http://www.mydomain.net.au/phpmyadmin they would be redirected to the https:// version.

I haven't configured any resellers or clients in my ISPConfig yet, but I believe there is a link there to phpMyAdmin. So I would like to cover the case where the user tries to access without use of the control panel.

[Nap]

PLEASE DISREGARD THIS REPLY. I DID NOT EXPRESS MYSELF PROPERLY.
I posted another reply below. My appologies.

Quote:

Originally Posted by cfoe

The only thing I can think of would be a rewrite (means redirect for the browser) by apache from

www.customerdomain.com/phpmyadmin

to

yourdomain.com/phpmyadmin

I hope that helps

This solution is exactly what I'm trying to get going. If you check my opening post, you will see I've posted the commands, but they are not working for me. And I don't understand why.