Dedicated server for phpMyAdmin in multiserver environment

Discussion in 'ISPConfig 3 Priority Support' started by Abacop, Sep 11, 2021.

  1. Abacop

    Abacop New Member HowtoForge Supporter

    I have installed an configured a so far functional multiserver-setup with the howto "ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10" (and some little adjustments like enabling passive FTP). As suggested in the howto the servers are using a private network for internal communication. They are all running with ISPConfig 3.2.5.

    What I am looking forward to is a guide on how to get a dedicated server for phpMyAdmin to work in this environment. It should be reachable under its own subdomain (like phpmyadmin.example.com) and of course the button for phpMyAdmin in the section "Database" of the ISPConfig panel should link to it, too.

    If your interested in the main reasons for me wanting to have a dedicated server:
    (1) I would have only to configure and maintain one instance of phpMyAdmin
    (2) Since in the past there have been some security issues with phpMyAdmin I would prefer not to have it installed on the same machine as my user data
     
    ahrasis likes this.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I don't think that the risk which comes from phpmyadmin is higher than from any hosted website and as hosted websites run under their own user anyway, the risk is really low.

    I would do it like this:

    1) Create a website phpmyadmin.yourdomain.tld in ISPConfig on the server which hosts your websites. Choose PHP mode php-fpm, enable suexec checkbox and enable php-fpm chroot in website options.
    2) Install phpMyAdmin into that site by using latest version from PHPMyAdmin website.
    3) Change phpmyadmin URL under System > interface > main config in ISPConfig to point to that website.

    The benefit over your approach with a separate server is that it's secure as well and that the Ip of the web node is allowed to access the databases anyway, so you won't have to configure an additional permitted IP for each database as you would have to do when using a dedicated server.
     
    ahrasis likes this.
  3. Abacop

    Abacop New Member HowtoForge Supporter

    @till: Thanks for the quick response.

    Not having to configure the additional IP for each database would really be a great advantage.

    If I understand your approach right it would not work smoothly if I use more than one server for my websites (which I will need to do in the foreseeable future). If I'm not mistaken in this case I again would have to configure the additional IP for the databases on those other servers.

    Is there maybe some way to configure a global authorization for one server/phpMyAdmin-installation to access the databases on all of my servers?
     

Share This Page