phpMyAdmin using https

Discussion in 'General' started by Nap, Jul 11, 2012.

  1. Nap

    Nap Member

    [SOLVED] See last post.
    Hi,

    I see that it is possible to setup phpMyAdmin to use https? However solutions that worked for others won't work for me.
    I am running Ubuntu 10.04 LTS with LAMP and ISPConfig3.0.4.6. My server is a VPS located at Linode, and I followed their guide for securing my server, then the ISPConfig guide.
    Everything appears to be working, mysql, php, ISPConfig... So I'm now trying to get phpMyAdmin to use https rather than http.

    my "phpMyAdmin default Apache configuration" file is located in /etc/apache2/conf.d/phpmyadmin.conf and contain the following code:
    (I added the RewriteEngine, RewriteCond, and RewriteRule lines hoping to make it work)
    Code:
    # phpMyAdmin default Apache configuration
    
    Alias /phpmyadmin /usr/share/phpmyadmin
    
    <Directory /usr/share/phpmyadmin>
            Options FollowSymLinks
            DirectoryIndex index.php
    
            RewriteEngine On
            RewriteCond %{HTTPS} off
            RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    
            <IfModule mod_php5.c>
                    AddType application/x-httpd-php .php
    
                    php_flag magic_quotes_gpc Off
                    php_flag track_vars On
                    php_flag register_globals Off
                    php_value include_path .
            </IfModule>
    
    </Directory>
    
    # Authorize for setup
    <Directory /usr/share/phpmyadmin/setup>
        <IfModule mod_authn_file.c>
        AuthType Basic
        AuthName "phpMyAdmin Setup"
        AuthUserFile /etc/phpmyadmin/htpasswd.setup
        </IfModule>
        Require valid-user
    </Directory>
    
    # Disallow web access to directories that don't need it
    <Directory /usr/share/phpmyadmin/libraries>
        Order Deny,Allow
        Deny from All
    </Directory>
    <Directory /usr/share/phpmyadmin/setup/lib>
        Order Deny,Allow
        Deny from All
    </Directory>
    
    
    However this returns an error in my browser:
    Code:
    SSL received a record that exceeded the maximum permissible length.
    
    (Error code: ssl_error_rx_record_too_long)
    The code I added is a variation of what I've seen others do, but as the other solutions haven't worked for me, this is where I'm up to for the moment.

    Cheers,
    Nap

    PS.. Where can I find the password that enables me to enter the /phpmyadmin/setup page. /etc/phpmyadmin/htpasswd.setup contains: admin:*
     
    Last edited: Jul 11, 2012
  2. Nap

    Nap Member

    Do I need to create another certificate using openSSL to get this to work? If so, where should the certificate go?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    phpmyadmin is accessed trough the website were you call it from (apache alias), so if this wbsite has ssl, then phpmyadmin is ssl encrypted. if the website does not has ssl, then its not ssl encrypted.
     
  4. Nap

    Nap Member

    Till, thnx.

    I am accessing IPSConfig through https. Does that qualify?
    I have openSSL installed, and use SSH via PuTTY.

    Of course, I don't want my whole site to operate through https.

    Cheers,
    Nap
     
  5. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    if you have a wildcard cert then you can set up subdomain.

    If not you can just make a symlink in the ispconfig folder to the phpmyadmin installation and use it on the same domain as a "subfolder"
     
  6. Nap

    Nap Member

    cfoe thnx 4 your reply.

    I would like to provide https access to phpMyAdmin for all domains that I setup on my server, 3 at the moment. So I'm looking for a solution that works across the board on my site.

    When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case? If so, that would explain why ISPConfig works with HTTPS but not phpMyAdmin, and would mean I'm not done setting up my apache2 package.

    I'm sorry but I don't know what a 'wildcard cert' is. A link would be appreciated so I can do my own homework.

    However, I do know what a symlink is. Could you be more specific regarding folders? (Everything is installed into default locations on my Ubuntu 10.04 LTS VPS.) And I'm hoping this approach does not require me to create such a symlink for each domain I host. (Although if it's the only solution, I'm happy to do so.)

    Best regards,
    Nap
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so you want to access phpmyadmin trogh the controlpanel vhost and not the websites. In this case, pjhpmyadmin is already ssl encrypted if you had choosen ssl for ispconfig in the installer. Yoiu can access it similar to ispconfig 2 trogh the controlpanel port:

    http://www.yourdomain.tld:8080/phpmyadmin

    No. ISPConfig 3 is a completely different software and does not share any code with ispconfig 2.
     
  8. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    Because a cert must be "made" for specific domains it would be possible to automate something like:
    www.customerdomain.com/phpmyadmin
    the cert would need to contain customerdomain.com which it could but you need to know on SSL purchase all the domains.

    I have not been on board for soo long with ISPConfig but I am pretty sure that ISPConfig 2 had a separate webserver.
    ISPConfig 3.x uses the installed webserver (apache or nginx) and adds the necessary config to "make it work"

    Wildcard certs are usable for subdomains in the format *.yourdomain.tld.
    A good guide can be found right here: http://www.howtoforge.com/securing-...h-a-free-class1-ssl-certificate-from-startssl
    The certs from StartSSL are correctly recognized by all the major platforms and browsers

    The only thing I can think of would be a rewrite (means redirect for the browser) by apache from

    www.customerdomain.com/phpmyadmin

    to

    yourdomain.com/phpmyadmin

    I hope that helps
     
  9. Nap

    Nap Member

    I did choose SSL while installing.
    The access URL I would like is https://www.mydomain.net.au/phpmyadmin. If the user issues http://www.mydomain.net.au/phpmyadmin they would be redirected to the https:// version.

    I haven't configured any resellers or clients in my ISPConfig yet, but I believe there is a link there to phpMyAdmin. So I would like to cover the case where the user tries to access without use of the control panel.
     
  10. Nap

    Nap Member

    PLEASE DISREGARD THIS REPLY. I DID NOT EXPRESS MYSELF PROPERLY.
    I posted another reply below. My appologies.


    This solution is exactly what I'm trying to get going. If you check my opening post, you will see I've posted the commands, but they are not working for me. And I don't understand why.
     
    Last edited: Jul 11, 2012
  11. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    the logs do give what error?
     
  12. Nap

    Nap Member


    I would like to use mod_rewrite (which is already enabled on my server) to redirect from HTTP to HTTPS.

    When I was installing ISPConfig, I selected to use SSL, and it works fine.

    So, if the user types http://mydomain.net.au/phpmyadmin, they should be redirected to https://mydomain.net.au/phpmyadmin

    I don't understand why I cannot get the redirect to work. My browser returns an SSL error, as per my opening post.
     
  13. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    please post the log files for the ssl host.

    it is possible that the host does not support non-ssl access and the redirect for phpmyadmin rewrites to a non-ssl address
     
  14. Nap

    Nap Member

    cfoe,
    I've actually set all my files back to their defaults.
    This means that when I use http://mydomain.net.au/phpmyadmin I am taken to the phpMyAdmin login screen:
    [​IMG]

    I want to be able to access it via https://mydomain.net.au/phpmyadmin instead. Below are my attempts at achieving this via the phpmyadmin.conf file. I will check the log files in the /var/log/apache2 folder now.
    Version 1
    So I've edited the /etc/apache2/conf.d/phpmyadmin.conf file as follows:
    (bold lines added by me)

    # phpMyAdmin default Apache configuration

    Alias /phpmyadmin /usr/share/phpmyadmin

    <Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}



    <IfModule mod_php5.c>
    AddType application/x-httpd-php .php

    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_flag register_globals Off
    php_value include_path .
    </IfModule>

    </Directory>

    # Authorize for setup
    <Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
    </Directory>

    # Disallow web access to directories that don't need it
    <Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
    </Directory>
    <Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
    </Directory>

    This produces an error in my browser as per the image below:
    [​IMG]

    Version 2
    If instead I edit the code of the same phpmyadmin.conf file as per Skara's post in another thread here (see below), I get the same error as above

    # phpMyAdmin default Apache configuration

    <IfModule mod_rewrite.c>
    <IfModule mod_ssl.c>
    <Location /phpmyadmin>
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/phpmyadmin [R]
    </Location>
    </IfModule>
    </IfModule>


    Alias /phpmyadmin /usr/share/phpmyadmin
    <Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    ..... everything below is the same as previous example

    Version 3
    If instead I edit the code of the same phpmyadmin.conf file, similar to V2 but use %{REQUEST_URI} instead of /phpmyadmin [R] (see below), I still get the same error as above

    # phpMyAdmin default Apache configuration

    <IfModule mod_rewrite.c>
    <IfModule mod_ssl.c>
    <Location /phpmyadmin>
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
    </Location>
    </IfModule>
    </IfModule>


    Alias /phpmyadmin /usr/share/phpmyadmin
    ..... everything below is the same as previous example
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    The error above indicates that you havent created a ssl certificate yet in the website mydomain.net.au. At the moment you redirect ssl requests to a non ssl website. In the ispconfig manual you find instructions on how to neable ssl for a website and how to create a ssl certificate for that site.
     
  16. Nap

    Nap Member

    Till, cfoe, thnx for your support.

    I've been able to solve my problem concerning https access and the redirect.
    I searched google for SSL Host log file location (in an attempt to supply cfoe with the info he asked me to supply), and as if by magic,
    HTTPD - Apache2 Web Server
    turned up. After reading the page, I got a clue of a few places to investigate.

    Turns out that while I've done all the SSL configuration, I hadn't issued the command which turns on HTTPS:
    Code:
    a2ensite default-ssl
    Using Version 3 of the phpmyadmin.conf file I pasted above (Version 1 & 2 might well work too). Then I restarted apache and it worked.

    Code:
     /etc/init.d/apache2 restart
    Of course I'm using the snake-oil keys, but it's working.

    :)

    Cheers,
    Nap
     
  17. Nap

    Nap Member

    What puzzles me is how did ISPConfig manage to run under HTTPS?
     

Share This Page