Difference between revisions of "PhpMyAdmin"
From wiki
m (Use Let’s Encrypt template) |
(Use shared template for open_basedir) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
== Install == | == Install == | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
− | + | $ sudo apt install phpmyadmin | |
</syntaxhighlight> | </syntaxhighlight> | ||
Line 20: | Line 20: | ||
=== PHP === | === PHP === | ||
− | + | {{PHP/open basedir|folders=/usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/}} | |
=== Nginx === | === Nginx === | ||
− | + | ||
− | server { | + | {{Nginx/New Site|domain = phpmyadmin.example.org|config = server { |
include snippets/listen-http.conf; | include snippets/listen-http.conf; | ||
− | server_name phpmyadmin.example. | + | server_name phpmyadmin.example.org; |
− | access_log /var/log/nginx/phpmyadmin.access.log; | + | access_log /var/log/nginx/phpmyadmin.example.org.access.log; |
− | error_log /var/log/nginx/phpmyadmin.error.log info; | + | error_log /var/log/nginx/phpmyadmin.example.org.error.log info; |
include snippets/acme-challenge.conf; | include snippets/acme-challenge.conf; | ||
Line 37: | Line 37: | ||
server { | server { | ||
include snippets/listen-https.conf; | include snippets/listen-https.conf; | ||
− | server_name phpmyadmin.example. | + | server_name phpmyadmin.example.org; |
− | access_log /var/log/nginx/phpmyadmin.access.log; | + | access_log /var/log/nginx/phpmyadmin.example.org.access.log; |
− | error_log /var/log/nginx/phpmyadmin.error.log info; | + | error_log /var/log/nginx/phpmyadmin.example.org.error.log info; |
include snippets/acme-challenge.conf; | include snippets/acme-challenge.conf; | ||
− | |||
#include snippets/ssl.conf; | #include snippets/ssl.conf; | ||
− | #ssl_certificate /etc/letsencrypt/live/phpmyadmin.example. | + | #ssl_certificate /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem; |
− | #ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.example. | + | #ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem; |
#include snippets/hsts.conf; | #include snippets/hsts.conf; | ||
Line 62: | Line 61: | ||
location ~ \.php$ { | location ~ \.php$ { | ||
− | try_files | + | try_files $uri =404; |
include fastcgi.conf; | include fastcgi.conf; | ||
− | fastcgi_pass | + | fastcgi_pass php; |
} | } | ||
− | } | + | } }} |
− | + | [[Category:Linux Server]] | |
− | + | ||
− | + | === Absolute URI === | |
− | + | When placed behind a reverse proxy, phpMyAdmin might have trouble generating correct URLs. One manifestation is that after successful login, the URL you are redirected to is broken. | |
− | + | Fixing that is quite easy. Just create file <code>/etc/phpmyadmin/conf.d/absoluteuri.inc.php</code> with the following content:<syntaxhighlight lang="php"> | |
− | + | <?php | |
− | + | $cfg['PmaAbsoluteUri'] = 'https://phpmyadmin.example.org'; | |
− | |||
− | |||
− | |||
− | |||
− | |||
</syntaxhighlight> | </syntaxhighlight> | ||
− |
Latest revision as of 08:52, 24 June 2017
Prerequisite
To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.
Install
$ sudo apt install phpmyadmin
The installer will ask you several questions. Here are the answers:
- Web server to reconfigure automatically?
- Choose none. Nginx will be configured later.
- Configure database for phpmyadmin with dbconfig-common?
- Yes
- Password of the database's administrative user?
- Enter your MariaDB root user password.
- MySQL application password for phpmyadmin?
- Keep it empty to get a random one. You will never need to enter this password
Configure
PHP
Edit file /etc/php/7.0/mods-available/local-common.ini
and add /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
to the open_basedir
setting.
Reload PHP:
$ sudo systemctl reload php7.0-fpm.service
Nginx
- Create the config file
/etc/nginx/sites-available/phpmyadmin.example.org
server { include snippets/listen-http.conf; server_name phpmyadmin.example.org; access_log /var/log/nginx/phpmyadmin.example.org.access.log; error_log /var/log/nginx/phpmyadmin.example.org.error.log info; include snippets/acme-challenge.conf; include snippets/https-permanent-redirect.conf; } server { include snippets/listen-https.conf; server_name phpmyadmin.example.org; access_log /var/log/nginx/phpmyadmin.example.org.access.log; error_log /var/log/nginx/phpmyadmin.example.org.error.log info; include snippets/acme-challenge.conf; #include snippets/ssl.conf; #ssl_certificate /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem; #include snippets/hsts.conf; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; #auth_basic "Restricted"; #auth_basic_user_file .htpasswd; root /usr/share/phpmyadmin/; index index.php; location ~ \.php$ { try_files $uri =404; include fastcgi.conf; fastcgi_pass php; } }
- Activate the configuration with
$ sudo nginx_modsite -e phpmyadmin.example.org Would you like to reload the Nginx configuration now? (Y/n) Y
- Edit file
/usr/local/etc/certmanage/main.json
and add the following to the list{ "domains": ["phpmyadmin.example.org"], "reload": [["/bin/systemctl", "reload", "nginx.service"]] }
- Get your certificate
$ sudo /usr/local/sbin/certmanage Renewing certificate for phpmyadmin.example.org that will expire on 0001-01-01 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for phpmyadmin.example.org Using the webroot path /var/www/acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem. Your cert will expire on 2025-03-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Restarting services: systemctl reload nginx.service
- Uncomment the ssl related lines in
/etc/nginx/sites-available/phpmyadmin.example.org
and run$ sudo systemctl reload nginx.service
Absolute URI
When placed behind a reverse proxy, phpMyAdmin might have trouble generating correct URLs. One manifestation is that after successful login, the URL you are redirected to is broken.
Fixing that is quite easy. Just create file /etc/phpmyadmin/conf.d/absoluteuri.inc.php
with the following content:
<?php
$cfg['PmaAbsoluteUri'] = 'https://phpmyadmin.example.org';