phpmyadmin blowfish_secret

Discussion in 'Installation/Configuration' started by Pyanepsion, Aug 18, 2019.

  1. Pyanepsion

    Pyanepsion Member

    Hello,
    • Debian 9.9
    • ISPConfig Version: 3.1.14p2 single
    • Nginx
    Everything was fine and I installed multiple versions of PHP.
    https://www.howtoforge.com/tutorial...fig-3-from-debian-packages-on-debian-8-and-9/
    I then had to solve a problem of access rights to Roundcube. There seems to be also a problem of access for phpMyadmin.
    In \etc\phpmyadmin\config.inc.php there is::
    Code:
    // Load secret generated on postinst
    if (check_file_access('/var/lib/phpmyadmin/blowfish_secret.inc.php')) {
        require('/var/lib/phpmyadmin/blowfish_secret.inc.php');
    }
    
    And in var/lib/phpmyadmin/blowfish_secret.inc.php there is:
    Code:
    <?php
    $cfg['blowfish_secret'] = 'A secret passphrase';
    When I open the database, I see a red message
    phpmuadmin-01.png
    What to do ?
     
    Last edited: Aug 18, 2019
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. ahrasis

    ahrasis Well-Known Member

    I would suggest to uninstall it and follow debian 10 tutorial for manual installation of the latest phpmyadmin. It works flawlessly to me.
     
    Pyanepsion likes this.
  4. Pyanepsion

    Pyanepsion Member

    Thank you Ahrasis. I am under against under nginx. :)
    The tutorial of Debian 10 explains the installation under Apache.

    I asked the question here, because my search did not give anything in the case Nginx + Debian + Ispconfig, and that this is a bug induced by a tutorial dedicated to Ispconfig and a certain Till Brehm answered a lot in this tutorial.
    1. After completing this tutorial to install multiple PHP version, Roundcube did not work anymore.
    The RoundCube webmail is accessible on a Nginx ISPConfig web server through the vhost application. The PHP-FPM vhost applications runs under the user and ispapps group. To correct the Roundcube error, we must change the owner of some RoundCube files.
    Code:
    chown root:ispapps /etc/roundcube/debian-db.php
    chmod 640 /etc/roundcube/debian-db.php
    chown root:ispapps /etc/roundcube/config.inc.php
    chmod 640 /etc/roundcube/config.inc.php
    chown -R ispapps:adm /var/log/roundcube
    chmod -R 750 /var/log/roundcube
    chown -R ispapps:ispapps /var/lib/roundcube/temp
    chmod -R 750 /var/lib/roundcube/temp
    2. It can be seen here that the passphrase exists in var/lib/phpmyadmin/blowfish_secret.inc.php, but that it is not recognized.
    I do not know what to do, and I imagine it must be very simple.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    That's very likely as the problem is neither related to the use of ISPConfig nor the use of Nginx on your server. PHPmyadmin is installed by the Debian apt installer, its a Debian 9 package and configured in the way the Debian PHPMyAdmin maintainer sets it up and Debian seems to miss to set a Blowfish secret in the current versions of the package.

    The PHPMyAdmin config file of the Debian package is in /etc/phpmyadmin/ folder.
     
    Pyanepsion likes this.
  6. ahrasis

    ahrasis Well-Known Member

    I don't know about roundcube in debian problem as I don't use it. My answer is only for phpmyadmin and in my experience things happened if one wants to do a manual upgrade overriding the existing package install using apt-get install phpmyadmin.
     
  7. Pyanepsion

    Pyanepsion Member

    :) Thanks, Till.
    So I put the secret phrase directly in /etc/phpmyadmin/config.inc.php
    But why the same thing in /var/lib/phpmyadmin/blowfish_secret.inc.php does not work despite its call in config.inc.php
    Code:
    // Load secret generated on postinst
    if (check_file_access('/var/lib/phpmyadmin/blowfish_secret.inc.php')) {
        require('/var/lib/phpmyadmin/blowfish_secret.inc.php');
    }
    What is missing ?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely the config files are included in that way by phpmyadmin so that config files in /etc/phpmyadmin take precedence over the ones in /var/lib/...
     
    Pyanepsion likes this.

Share This Page