Difference between revisions of "PhpMyAdmin"

From wiki
(→‎PHP: fix links)
(Use shared template for open_basedir)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Prerequisite ==
 
== Prerequisite ==
To install PhpMyAdmin, you will need to have [[Nginx]], [[PHP]] and [[MariaDB]] installed.
+
To install PhpMyAdmin, you will need to have [[Nginx]], [[PHP]], [[MariaDB]] and [[Let’s Encrypt]] installed.
  
 
== Install ==
 
== Install ==
 
<syntaxhighlight lang="console">
 
<syntaxhighlight lang="console">
# apt install phpmyadmin
+
$ sudo apt install phpmyadmin
</syntaxhighlight>Answer to the question asked during install
+
</syntaxhighlight>
* Web server to reconfigure automatically? None
+
 
* Configure database for phpmyadmin with dbconfig-common? Yes
+
The installer will ask you several questions. Here are the answers:
* Password of the database's administrative user? Enter the database root user password
+
;Web server to reconfigure automatically?
* MySQL application password for phpmyadmin? Keep it empty to get a random one. You will never need to enter this password
+
:Choose none. Nginx will be configured later.
 +
;Configure database for phpmyadmin with dbconfig-common?
 +
:Yes
 +
;Password of the database's administrative user?
 +
:Enter your [[MariaDB]] root user password.
 +
;MySQL application password for phpmyadmin?
 +
:Keep it empty to get a random one. You will never need to enter this password
  
 
== Configure ==
 
== Configure ==
  
 
=== PHP ===
 
=== PHP ===
Edit file <code>[[PHP#Common_configuration|/etc/php5/mods-available/local-common.ini]]</code>  and add folder <code>/usr/share/phpmyadmin/</code> to the [[PHP#Limit_File_Access|<code>open_basedir</code> setting]].
+
{{PHP/open basedir|folders=/usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/}}
  
 
=== Nginx ===
 
=== Nginx ===
Create file <code>/etc/nginx/sites-available/phpmyadmin</code> <syntaxhighlight lang="nginx">
+
 
server {
+
{{Nginx/New Site|domain = phpmyadmin.example.org|config = server {
 
     include snippets/listen-http.conf;
 
     include snippets/listen-http.conf;
     server_name phpmyadmin.example.com;
+
     server_name phpmyadmin.example.org;
  
     access_log /var/log/nginx/phpmyadmin.access.log;
+
     access_log /var/log/nginx/phpmyadmin.example.org.access.log;
     error_log /var/log/nginx/phpmyadmin.error.log info;
+
     error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
  
 
     include snippets/acme-challenge.conf;
 
     include snippets/acme-challenge.conf;
Line 31: Line 37:
 
server {
 
server {
 
     include snippets/listen-https.conf;
 
     include snippets/listen-https.conf;
     server_name phpmyadmin.example.com;
+
     server_name phpmyadmin.example.org;
  
     access_log /var/log/nginx/phpmyadmin.access.log;
+
     access_log /var/log/nginx/phpmyadmin.example.org.access.log;
     error_log /var/log/nginx/phpmyadmin.error.log info;
+
     error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
  
 
     include snippets/acme-challenge.conf;
 
     include snippets/acme-challenge.conf;
 
 
     #include snippets/ssl.conf;
 
     #include snippets/ssl.conf;
     #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem;
+
     #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem;
     #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.com/privkey.pem;
+
     #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem;
 
     #include snippets/hsts.conf;
 
     #include snippets/hsts.conf;
  
Line 56: Line 61:
  
 
     location ~ \.php$ {
 
     location ~ \.php$ {
         try_files     $uri =404;
+
         try_files $uri =404;
 
         include fastcgi.conf;
 
         include fastcgi.conf;
         fastcgi_pass php5;
+
         fastcgi_pass php;
 
     }
 
     }
}
+
} }}
</syntaxhighlight>Activate the configuration with<syntaxhighlight lang="console">
+
[[Category:Linux Server]]
# ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/
 
# service nginx reload
 
</syntaxhighlight>
 
 
 
=== TLS Certificate ===
 
Edit file [[TLS|/usr/local/sbin/renew_certificates]] and add the following to the config list<syntaxhighlight lang="python">
 
{
 
    'domains': ['phpmyadmin.example.com'],
 
    'reload': [['service', 'nginx', 'reload']]
 
}
 
</syntaxhighlight>and get your certificate<syntaxhighlight lang="console">
 
# /usr/local/sbin/renew_certificates                         
 
Renewing certificate for phpmyadmin.example.com that will expire on 0001-01-01
 
  
 +
=== Absolute URI ===
 +
When placed behind a reverse proxy, phpMyAdmin might have trouble generating correct URLs. One manifestation is that after successful login, the URL you are redirected to is broken.
  
 
+
Fixing that is quite easy. Just create file <code>/etc/phpmyadmin/conf.d/absoluteuri.inc.php</code> with the following content:<syntaxhighlight lang="php">
IMPORTANT NOTES:
+
<?php
- Congratulations! Your certificate and chain have been saved at
+
$cfg['PmaAbsoluteUri'] = 'https://phpmyadmin.example.org';
  /etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem. Your
 
  cert will expire on 2016-10-12. To obtain a new version of the
 
  certificate in the future, simply run Let's Encrypt again.
 
- If you like Let's Encrypt, please consider supporting our work by:
 
 
 
  Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
 
  Donating to EFF:                    https://eff.org/donate-le
 
 
 
Restarting services:
 
service nginx reload
 
</syntaxhighlight>Now uncomment the ssl related lines in <code>/etc/nginx/sites-available/phpmyadmin</code> and run<syntaxhighlight lang="console">
 
# service nginx reload
 
 
</syntaxhighlight>
 
</syntaxhighlight>
[[Category:Linux Server]]
 

Latest revision as of 08:52, 24 June 2017

Prerequisite

To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.

Install

$ sudo apt install phpmyadmin

The installer will ask you several questions. Here are the answers:

Web server to reconfigure automatically?
Choose none. Nginx will be configured later.
Configure database for phpmyadmin with dbconfig-common?
Yes
Password of the database's administrative user?
Enter your MariaDB root user password.
MySQL application password for phpmyadmin?
Keep it empty to get a random one. You will never need to enter this password

Configure

PHP

Edit file /etc/php/7.0/mods-available/local-common.ini and add /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ to the open_basedir setting.

Reload PHP:

$ sudo systemctl reload php7.0-fpm.service

Nginx

  1. Create the config file /etc/nginx/sites-available/phpmyadmin.example.org
    server {
        include snippets/listen-http.conf;
        server_name phpmyadmin.example.org;
    
        access_log /var/log/nginx/phpmyadmin.example.org.access.log;
        error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
    
        include snippets/acme-challenge.conf;
        include snippets/https-permanent-redirect.conf;
    }
    
    server {
        include snippets/listen-https.conf;
        server_name phpmyadmin.example.org;
    
        access_log /var/log/nginx/phpmyadmin.example.org.access.log;
        error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
    
        include snippets/acme-challenge.conf;
        #include snippets/ssl.conf;
        #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem;
        #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem;
        #include snippets/hsts.conf;
    
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
    
        #auth_basic            "Restricted";
        #auth_basic_user_file  .htpasswd;
    
        root /usr/share/phpmyadmin/;
    
        index index.php;
    
        location ~ \.php$ {
            try_files $uri =404;
            include fastcgi.conf;
            fastcgi_pass php;
        }
    }
    
  2. Activate the configuration with
    $ sudo nginx_modsite -e phpmyadmin.example.org
    Would you like to reload the Nginx configuration now? (Y/n) Y
    
  3. Edit file /usr/local/etc/certmanage/main.json and add the following to the list
    {
        "domains": ["phpmyadmin.example.org"],
        "reload": [["/bin/systemctl", "reload", "nginx.service"]]
    }
    
  4. Get your certificate
    $ sudo /usr/local/sbin/certmanage
    Renewing certificate for phpmyadmin.example.org that will expire on 0001-01-01
    
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for phpmyadmin.example.org
    Using the webroot path /var/www/acme-challenge for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
    
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem. Your cert
       will expire on 2025-02-19. To obtain a new or tweaked version of
       this certificate in the future, simply run certbot again. To
       non-interactively renew *all* of your certificates, run "certbot
       renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    
    Restarting services:
    systemctl reload nginx.service
    
  5. Uncomment the ssl related lines in /etc/nginx/sites-available/phpmyadmin.example.org and run
    $ sudo systemctl reload nginx.service
    

Absolute URI

When placed behind a reverse proxy, phpMyAdmin might have trouble generating correct URLs. One manifestation is that after successful login, the URL you are redirected to is broken.

Fixing that is quite easy. Just create file /etc/phpmyadmin/conf.d/absoluteuri.inc.php with the following content:

<?php
$cfg['PmaAbsoluteUri'] = 'https://phpmyadmin.example.org';