phpmyadmin ssl

Discussion in 'Installation/Configuration' started by conductive, Nov 10, 2020.

  1. conductive

    conductive Member HowtoForge Supporter

    Yes. Does that work properly with 3.2?
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Just saw the problem - I don't use NGINX so I missed it. You have to add this to the directive snippets for every site:
    Code:
    location /phpmyadmin {
                  root /usr/share/;
                  index index.php index.html index.htm;
                  location ~ ^/phpmyadmin/(.+\.php)$ {
                          try_files $uri =404;
                          root /usr/share/;
                          fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
                          fastcgi_param HTTPS $https; # <-- add this line
                          fastcgi_index index.php;
                          fastcgi_param SCRIPT_FILENAME $request_filename;
                          include /etc/nginx/fastcgi_params;
                          fastcgi_param PATH_INFO $fastcgi_script_name;
                          fastcgi_buffer_size 128k;
                          fastcgi_buffers 256 4k;
                          fastcgi_busy_buffers_size 256k;
                          fastcgi_temp_file_write_size 256k;
                          fastcgi_intercept_errors on;
                  }
                  location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                          root /usr/share/;
                  }
           }
           location /phpMyAdmin {
                  rewrite ^/* /phpmyadmin last;
           }
    It's noted in the tutorial ;)
     
    conductive and ahrasis like this.
  3. conductive

    conductive Member HowtoForge Supporter

    Yes, good catch. As noted above I did try using the php https directive snippet unfortunately the snippet I added to System > Directive Snippets was defective/corrupt (500 gateway error). I added your snippet and all works great.
    Thanks for all help.
     
    ahrasis and Th0m like this.
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    i use this snippet:
    Code:
    client_max_body_size 350m;
    
    location /phpmyadmin {
        root /usr/share/;
        index index.php index.html index.htm;
        location ~ ^/phpmyadmin/(.+\.php)$ {
            try_files $uri =404;
            root /usr/share/;
            {FASTCGIPASS}
            fastcgi_param HTTPS on; # <-- add this line
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            include /etc/nginx/fastcgi_params;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            fastcgi_buffer_size 128k;
            fastcgi_buffers 256 4k;
            fastcgi_busy_buffers_size 256k;
            fastcgi_temp_file_write_size 256k;
            fastcgi_intercept_errors on;
        }
        location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
            root /usr/share/;
        }
    }
    
    location /phpMyAdmin {
        rewrite ^/* /phpmyadmin last;
    }
    
    i don't think it's a good idea to use "fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;"
     
    ahrasis likes this.
  5. conductive

    conductive Member HowtoForge Supporter

    Thanks for your suggestion and all of your contrabutions
     
  6. tal56

    tal56 Member

    Hi guys, can you tell me what the defaults for the "Apps Vhost Settings" should be? I changed mine before in order to get httpS for phpmyadmin, but when I try to use it now, NGINX won't start afterwards. So I assume this must have something to do with the new changes to LE.

    Anyways, this is what I currently have as the "Apps-vhost port" :
    Code:
    8081 ssl; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key
    If I use this, nginx wont start, here's the error :
    Code:
    server1.mydomain.com - 10.01.2021-18:47 - WARNING - Reason for nginx restart failure: nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:79
    nginx: [emerg] invalid number of arguments in "ssl_certificate_key" directive in /etc/nginx/sites-enabled/000-apps.vhost:2
    nginx: configuration file /etc/nginx/nginx.conf test failed
    What was it supposed to be exactly? Was it just "8081;" or "8081 SSL;" or just "8081" ? Thanks

    Also under "Apps-vhost IP" I just have "_default_", I think that's correct as I don't remember changing that.

    Thanks again for anyone that can look that up for me. It's under here :
    System -> Server Config -> host.example.com -> Web -> Apps Vhost Settings
     
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    My apps.vhost
    Code:
            listen 8081 http2 ssl;
            listen [::]:8081 http2 ssl ipv6only=on;
    
            ssl_protocols TLSv1.2 TLSv1.3;
            ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
            ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
    
            # redirect to https if accessed with http
            error_page 497 https://$host:8081$request_uri;
    
    and its master (conf-custom/install/nginx_apps.vhost.master)
    Code:
            listen {apps_vhost_ip}{apps_vhost_port} http2 ssl;
            listen [::]:{apps_vhost_port} http2 ssl ipv6only=on;
    
            ssl_protocols TLSv1.2 TLSv1.3;
            ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
            ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
    
            # redirect to https if accessed with http
            error_page 497 https://$host:8081$request_uri;
    
    I think "_default_" is correct.
     
  8. tal56

    tal56 Member

    Thanks so much for replying ahrasis, but I want to know what it says inside the Ispconfig panel. Under :
    System -> Server Config -> host.example.com -> Web -> Apps Vhost Settings

    I don't know what the value should be there, and I'd like to have the correct value, as whenever I save it incorrectly nginx wont restart. Thanks
     

    Attached Files:

  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Just port number i.e. 8081.

    Any other customization should go to the master file for apps.vhost as mentioned above.
     
  10. tal56

    tal56 Member

    Ok brilliant. Thanks so much for your help ahrasis, and for your LE howto's, I've used them before 3.2 and they worked flawlessly. Just had to reverse everything yesterday though for the upgrade to 3.2, and it worked out fine. Cheers mate.
     

Share This Page