htaccess and phpmyadmin not working

Discussion in 'ISPConfig 3 Priority Support' started by jpcyrenne, Oct 18, 2020.

  1. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Good day,

    I have a (Ubuntu 20.04.1 LTS (Focal Fossa)) ISPConfig 3.2 setup. Just updated from 3.2dev.

    I am trying to install an .htpassowd to further protect access to phpmyadmin (https://<ip>:8080/phpmyadmin.
    I followed this procedure (only had to find the right phpmyadmin.conf)
    https://www.howtoforge.com/protect-phpmyadmin-on-an-ispconfig-3-server-debian
    restarted apache.
    I can accees phpmyadmin normally. I don't get the authorization pop-up nor does the /myalias work?

    I read below that this document is probably dated? (can old documentation be removed?)

    Found this, but Apache won't reload?
    https://www.howtoforge.com/community/threads/secure-phpmyadmin-with-htaccess-file.84216/

    <Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php

    #Make use of .htpasswd
    #AllowOverride “ALL”
    AuthType Basic
    AuthName "Enter account information"
    AuthUserFile /usr/share/phpmyadmin/.htpasswd
    Require valid-user


    Any hint on what else to do?

    Thanks ahead as always,
    JP
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think the correct file is in /etc/apache2/conf-available/phpmyadmin.conf and not /etc/apache2/conf.d/phpmyadmin.conf

    Try editing it there :)
     
  3. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Yes. That is the file I modified /etc/apache2/conf-available/phpmyadmin.conf
    (/etc/apache2/conf.d/phpmyadmin.conf didn't exist on Ubuntu)

    If I add the AllowOverride “ALL” Apache won't restart
     
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    You have to remove the quotes. It is simply
    Code:
    AllowOverride All
     
  5. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    - I removed the quotes, un-commented the line and i can reload Apache (/etc/init.d/apache2 reload).
    - I confirmed that the path to the file is good (AuthUserFile /usr/share/phpmyadmin/.htpasswd)

    Still don't have the username/password pop up?
     
  6. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Anyone else have an idea or see something wrong here?

    1)
    [email protected]:/home/ubuntu# ls -l /etc/apache2/conf-enabled/
    total 0
    lrwxrwxrwx 1 root root 34 Oct 15 20:29 apache2-doc.conf -> ../conf-available/apache2-doc.conf
    lrwxrwxrwx 1 root root 30 Oct 15 20:29 charset.conf -> ../conf-available/charset.conf
    lrwxrwxrwx 1 root root 30 Oct 15 20:35 httpoxy.conf -> ../conf-available/httpoxy.conf
    lrwxrwxrwx 1 root root 44 Oct 15 20:29 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
    lrwxrwxrwx 1 root root 46 Oct 15 20:29 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
    lrwxrwxrwx 1 root root 33 Oct 15 20:33 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf
    lrwxrwxrwx 1 root root 32 Oct 15 20:39 roundcube.conf -> ../conf-available/roundcube.conf
    lrwxrwxrwx 1 root root 31 Oct 15 20:29 security.conf -> ../conf-available/security.conf
    lrwxrwxrwx 1 root root 36 Oct 15 20:29 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf

    2)
    vi /etc/apache2/conf-available/phpmyadmin.conf

    # phpMyAdmin default Apache configuration

    Alias /phpmyadmin /usr/share/phpmyadmin

    <Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php

    #Make use of .htpasswd
    AllowOverride ALL
    AuthType Basic
    AuthName "Enter account information"
    AuthUserFile /usr/share/phpmyadmin/.htpasswd
    Require valid-user

    # limit libapache2-mod-php to files and directories necessary by pma
    <IfModule mod_php7.c>
    php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
    php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/:/usr/share/php/PhpMyAdmin/:/usr/share/php/Symfony/:/usr/share/php/Twig/:/usr/share/php/Twig-Extensions/:/usr/share/php/ReCaptcha/:/usr/share/php/Psr/Container/:/usr/share/php/Psr/Cache/:/usr/share/php/Psr/Log/:/usr/share/php/Psr/SimpleCache/
    </IfModule>

    </Directory>

    # Disallow web access to directories that don't need it
    <Directory /usr/share/phpmyadmin/templates>
    Require all denied
    </Directory>
    <Directory /usr/share/phpmyadmin/libraries>
    Require all denied
    </Directory>


    Thanks ahead,
    JP
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think
    Code:
    #Make use of .htpasswd
    AllowOverride ALL
    AuthType Basic
    AuthName "Enter account information"
    AuthUserFile /usr/share/phpmyadmin/.htpasswd
    Require valid-user
    should be outside of the directory tags, so under the Alias, and above <Directory /usr/share/phpmyadmin>
     
  8. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    No luck.
    If I Google, it seems to belong between <Directory> tag.

    Could I put it somewhere else and protect the whole :8080? (apache.conf)
    <VirtualHost *:8080>
    </VirtualHost>

    This would be an even better solution for me as I'm going to open an AWS Security Group with this one.

    As always, Thanks.
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Hmm yes, you are right.

    AllowOverride ALL (should be All btw) is not needed as you don't have a .htaccess.

    Did you restart apache after changing the config?
     
  10. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    What the user has done there is add AllowOverride to the conf and add a .htaccess to the root of phpmyadmin, with the htpasswd settings. You might try that.
     
  12. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Thanks for not giving up on me!

    I removed the entries in the /etc/apache2/conf-available/phpmyadmin.conf and added a .htaccess in the phpmyadmin folder (/usr/share/phpmyadmin).
    reload and still no luck. I can't seem to get this access pop-up.

    Like I mentionned earlier, wouldn't it be better if I configure this where ever the port 8080 is configured? That way I would protect phpmyadmin, the CP access (not using webmail but why not protect that also).

    Many thanks once again,

    JP
     
  13. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You can do that ofcourse. Personally, I don't think it's needed to add a extra layer of security like this, but it can't hurt :)

    I do use 2FA for PHPMyAdmin and disable the root login for PMA on servers where I don't need it.
     
  14. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    I guess I'll keep focusing on my present issue : password protect phpmyadmin.
    Does anyone have a working example? (Ubuntu 20 with ISPConfig 3.2)
    I'm still stuck.

    Thanks
    JP
     
  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Two more things come to my mind....
    Could you share the output of
    Code:
    ls -la /etc/apache2/conf-enabled
    ?
    It could also be that some config file of apache is overriding your config... you could check the other config files to see if that's the case.
     
  16. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    [email protected]:/usr/share/phpmyadmin# ls -la /etc/apache2/conf-enabled
    total 8
    drwxr-xr-x 2 root root 4096 Oct 15 20:41 .
    drwxr-xr-x 8 root root 4096 Oct 24 17:45 ..
    lrwxrwxrwx 1 root root 34 Oct 15 20:29 apache2-doc.conf -> ../conf-available/apache2-doc.conf
    lrwxrwxrwx 1 root root 30 Oct 15 20:29 charset.conf -> ../conf-available/charset.conf
    lrwxrwxrwx 1 root root 30 Oct 15 20:35 httpoxy.conf -> ../conf-available/httpoxy.conf
    lrwxrwxrwx 1 root root 44 Oct 15 20:29 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
    lrwxrwxrwx 1 root root 46 Oct 15 20:29 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
    lrwxrwxrwx 1 root root 33 Oct 15 20:33 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf
    lrwxrwxrwx 1 root root 32 Oct 15 20:39 roundcube.conf -> ../conf-available/roundcube.conf
    lrwxrwxrwx 1 root root 31 Oct 15 20:29 security.conf -> ../conf-available/security.conf
    lrwxrwxrwx 1 root root 36 Oct 15 20:29 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
     
  17. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    is apache2-utils installed?

    Code:
    apt install apache2-utils
     
  18. jpcyrenne

    jpcyrenne Member HowtoForge Supporter

    Yes present.

    # apt install apache2-utils
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    apache2-utils is already the newest version (2.4.41-4ubuntu3.1).
    The following packages were automatically installed and are no longer required:
    libzip5 squashfs-tools
    Use 'apt autoremove' to remove them.
    0 upgraded, 0 newly installed, 0 to remove and 49 not upgraded.

    Probably what's used to generate the htpasswd.

    Should I remove libzip5 squashfs-tools?

    Thanks,

    JP
     
  19. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You can, but I don’t think it will fix the issue.

    I think we went to everything that we really can do through this forum thread. Unless somebody else has an idea, I think the best thing to do is hire someone for remote support to look into your system.
     
  20. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I was trying to change the config for PMA on one of my servers to only allow traffic from certain IP addresses. This doesn't work either, probably the same issue. If I can find something I'll let you know :)
     

Share This Page