Running phpMyAdmin On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.04

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2011-10-04 18:05. :: Debian | Ubuntu | Web Server | MySQL | nginx

Running phpMyAdmin On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.04

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 09/20/2011

The phpMyAdmin package from the Debian/Ubuntu repositories comes with configuration files for Apache and Lighttpd, but not for nginx. This tutorial shows how you can use the Debian Squeeze/Ubuntu 11.04 phpMyAdmin package in an nginx vhost. Nginx is a HTTP server that uses much less resources than Apache and delivers pages a lot of faster, especially static files.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I want to use phpMyAdmin in a vhost called www.example.com/example.com here with the document root /var/www/www.example.com/web.

You should have a working LEMP installation (this includes the MySQL installation), as shown in these tutorials:

A note for Ubuntu users:

Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

 

2 Installing APC

APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP page.

APC can be installed as follows:

apt-get install php-apc

If you use PHP-FPM as your FastCGI daemon (like in Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support On Ubuntu 11.04), restart it as follows:

/etc/init.d/php5-fpm restart

If you use lighttpd's spawn-fcgi program as your FastCGI daemon (like in Installing Nginx With PHP5 And MySQL Support On Debian Squeeze), we must kill the current spawn-fcgi process (running on port 9000) and create a new one. Run

netstat -tap

to find out the PID of the current spawn-fcgi process:

root@server1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      734/portmap
tcp        0      0 *:www                   *:*                     LISTEN      2987/nginx
tcp        0      0 *:ssh                   *:*                     LISTEN      1531/sshd
tcp        0      0 *:57174                 *:*                     LISTEN      748/rpc.statd
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN      1507/exim4
tcp        0      0 localhost.localdom:9000 *:*                     LISTEN      1542/php5-cgi
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      1168/mysqld
tcp        0     52 server1.example.com:ssh 192.168.0.198:2462      ESTABLISHED 1557/0
tcp6       0      0 [::]:www                [::]:*                  LISTEN      2987/nginx
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1531/sshd
tcp6       0      0 ip6-localhost:smtp      [::]:*                  LISTEN      1507/exim4
root@server1:~#

In the above output, the PID is 1542, so we can kill the current process as follows:

kill -9 1542

Afterwards we create a new spawn-fcgi process:

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid

 

3 Vhost Configuration

If you haven't set up an nginx vhost already, you can set one up as follows:

The document root of my www.example.com web site is /var/www/www.example.com/web - if it doesn't exist, create it as follows:

mkdir -p /var/www/www.example.com/web

Next we create a basic nginx vhost configuration for our www.example.com vhost in the /etc/nginx/sites-available/ directory as follows:

vi /etc/nginx/sites-available/www.example.com.vhost 

server {
       listen 80;
       server_name www.example.com example.com;
       root /var/www/www.example.com/web;
       if ($http_host != "www.example.com") {
                 rewrite ^ http://www.example.com$request_uri permanent;
       }
       index index.php index.html;
       location = /favicon.ico {
                log_not_found off;
                access_log off;
       }
       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }
       # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
        location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
                deny all;
        }
       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }
       location ~*  \.(jpg|jpeg|png|gif|css|js|ico)$ {
                expires max;
                log_not_found off;
       }
       location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       }
}

To enable that vhost, we create a symlink to it from the /etc/nginx/sites-enabled/ directory:

cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/www.example.com.vhost www.example.com.vhost

Reload nginx for the changes to take effect:

/etc/init.d/nginx reload

 

4 Installing phpMyAdmin + phpMyAdmin Vhost Configuration

Next we install phpMyAdmin as follows:

apt-get install phpmyadmin

You will see the following questions:

Web server to reconfigure automatically: <-- select none (because only apache2 and lighttpd are available as options)
Configure database for phpmyadmin with dbconfig-common? <-- No

You can now find phpMyAdmin in the /usr/share/phpmyadmin/ directory. Now we must configure our vhost so that nginx can find phpMyAdmin in that directory.

Open /etc/nginx/sites-available/www.example.com.vhost...

vi /etc/nginx/sites-available/www.example.com.vhost

... and add the following part to the server {} container: 

server {
[...]
        location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }
[...]
}

Reload nginx:

/etc/init.d/nginx reload

That's it! You can now go to http://www.example.com/phpmyadmin or http://www.example.com/phpMyAdmin in a browser, and if all goes well, you can log into phpMyAdmin:

If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on; to your phpMyAdmin configuration like this:

vi /etc/nginx/sites-available/www.example.com.vhost

server {
[...]
        location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS on; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }
[...]
}

If you use both http and https for your vhost, you need to add the following section to the http {} section in /etc/nginx/nginx.conf (before the two include lines) which determines if the visitor uses http or https and sets the $fastcgi_https variable (which we will use in our www.example.com vhost) accordingly:

vi /etc/nginx/nginx.conf

[...]
http {
[...]
        ## Detect when HTTPS is used
        map $scheme $fastcgi_https {
          default off;
          https on;
        }
        ##
        # Virtual Host Configs
        ##
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
[...]

Then open your vhost configuration file, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $fastcgi_https; so that you can use phpMyAdmin for both http and https requests:

vi /etc/nginx/sites-available/www.example.com.vhost

server {
[...]
        location /phpmyadmin {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/phpmyadmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS $fastcgi_https; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
               }
               location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }
[...]
}

Don't forget to reload nginx afterwards:

/etc/init.d/nginx reload

 

5 Links

 

About The Author

Falko Timme is the owner of Boost Your Site mit Timme Hosting - ultra-schnelles nginx-WebhostingTimme Hosting (ultra-fast nginx web hosting). He is the lead maintainer of HowtoForge (since 2005) and one of the core developers of ISPConfig (since 2000). He has also contributed to the O'Reilly book "Linux System Administration".


Copyright © 2011 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Limiting Access to specific subnets
Submitted by JohnP (not registered) on Fri, 2011-10-14 10:08.
For any of the webmine/phpadmin/myadmin tools, it is a best practice to limit access by subnet too. These tools shouldn't be available on the public internet to everyone. They are an often-used, successful, attack vector - just last week WineHQ had a breach - http://www.h-online.com/open/news/item/WineHQ-access-credentials-harvested-1359778.html
Nginx can filter based on many things, including source IP.
location /phpmyadmin { .... allow 192.168.0.0/24; # Internal LAN allow 10.10.1.0/24; # Remote WAN using VPN deny all; .... }

Simple. Effective. Public access to all admin tools should be locked down in some way. Nginx has some pretty great ways to accomplish that.
reply | view as pdf view as pdf
Faster and less hungry than
Submitted by rautamiekka (not registered) on Tue, 2011-10-04 19:02.
Faster and less hungry than Apache, that's a ballsful claim. -Not- like it couldn't be true.
reply | view as pdf view as pdf