Difference between revisions of "PhpMyAdmin"

From wiki
m (Use Let’s Encrypt template)
(Use template for web server configuration)
Line 23: Line 23:
  
 
=== Nginx ===
 
=== Nginx ===
Create file <code>/etc/nginx/sites-available/phpmyadmin</code> <syntaxhighlight lang="nginx">
+
 
server {
+
{{Nginx/New Site|domain = phpmyadmin.example.org|config = server {
 
     include snippets/listen-http.conf;
 
     include snippets/listen-http.conf;
     server_name phpmyadmin.example.com;
+
     server_name phpmyadmin.example.org;
  
     access_log /var/log/nginx/phpmyadmin.access.log;
+
     access_log /var/log/nginx/phpmyadmin.example.org.access.log;
     error_log /var/log/nginx/phpmyadmin.error.log info;
+
     error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
  
 
     include snippets/acme-challenge.conf;
 
     include snippets/acme-challenge.conf;
Line 37: Line 37:
 
server {
 
server {
 
     include snippets/listen-https.conf;
 
     include snippets/listen-https.conf;
     server_name phpmyadmin.example.com;
+
     server_name phpmyadmin.example.org;
  
     access_log /var/log/nginx/phpmyadmin.access.log;
+
     access_log /var/log/nginx/phpmyadmin.example.org.access.log;
     error_log /var/log/nginx/phpmyadmin.error.log info;
+
     error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
  
 
     include snippets/acme-challenge.conf;
 
     include snippets/acme-challenge.conf;
 
 
     #include snippets/ssl.conf;
 
     #include snippets/ssl.conf;
     #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem;
+
     #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem;
     #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.com/privkey.pem;
+
     #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem;
 
     #include snippets/hsts.conf;
 
     #include snippets/hsts.conf;
  
Line 62: Line 61:
  
 
     location ~ \.php$ {
 
     location ~ \.php$ {
         try_files     $uri =404;
+
         try_files $uri =404;
 
         include fastcgi.conf;
 
         include fastcgi.conf;
 
         fastcgi_pass php5;
 
         fastcgi_pass php5;
 
     }
 
     }
}
+
} }}
</syntaxhighlight>Activate the configuration with<syntaxhighlight lang="console">
 
# ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/
 
# service nginx reload
 
</syntaxhighlight>
 
 
 
=== TLS Certificate ===
 
Edit file <code>[[Let’s Encrypt#Renewal_Script|/usr/local/sbin/renew_certificates]]</code> and add the following to the config list<syntaxhighlight lang="python">
 
{
 
    'domains': ['phpmyadmin.example.com'],
 
    'reload': [['service', 'nginx', 'reload']]
 
}
 
</syntaxhighlight>and get your certificate{{Let’s Encrypt/New Cert Command|domain = phpmyadmin.example.com|command = service nginx restart}}Now uncomment the ssl related lines in <code>/etc/nginx/sites-available/phpmyadmin</code> and run<syntaxhighlight lang="console">
 
# service nginx reload
 
</syntaxhighlight>
 
 
[[Category:Linux Server]]
 
[[Category:Linux Server]]

Revision as of 06:24, 13 May 2016

Prerequisite

To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.

Install

# apt install phpmyadmin

The installer will ask you several questions. Here are the answers:

Web server to reconfigure automatically?
Choose none. Nginx will be configured later.
Configure database for phpmyadmin with dbconfig-common?
Yes
Password of the database's administrative user?
Enter your MariaDB root user password.
MySQL application password for phpmyadmin?
Keep it empty to get a random one. You will never need to enter this password

Configure

PHP

Edit file /etc/php5/mods-available/local-common.ini and add folder /usr/share/phpmyadmin/ to the open_basedir setting.

Nginx

  1. Create the config file /etc/nginx/sites-available/phpmyadmin.example.org
    server {
        include snippets/listen-http.conf;
        server_name phpmyadmin.example.org;
    
        access_log /var/log/nginx/phpmyadmin.example.org.access.log;
        error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
    
        include snippets/acme-challenge.conf;
        include snippets/https-permanent-redirect.conf;
    }
    
    server {
        include snippets/listen-https.conf;
        server_name phpmyadmin.example.org;
    
        access_log /var/log/nginx/phpmyadmin.example.org.access.log;
        error_log /var/log/nginx/phpmyadmin.example.org.error.log info;
    
        include snippets/acme-challenge.conf;
        #include snippets/ssl.conf;
        #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem;
        #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem;
        #include snippets/hsts.conf;
    
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
    
        #auth_basic            "Restricted";
        #auth_basic_user_file  .htpasswd;
    
        root /usr/share/phpmyadmin/;
    
        index index.php;
    
        location ~ \.php$ {
            try_files $uri =404;
            include fastcgi.conf;
            fastcgi_pass php5;
        }
    }
    
  2. Activate the configuration with
    $ sudo nginx_modsite -e phpmyadmin.example.org
    Would you like to reload the Nginx configuration now? (Y/n) Y
    
  3. Edit file /usr/local/etc/certmanage/main.json and add the following to the list
    {
        "domains": ["phpmyadmin.example.org"],
        "reload": [["/bin/systemctl", "reload", "nginx.service"]]
    }
    
  4. Get your certificate
    $ sudo /usr/local/sbin/certmanage
    Renewing certificate for phpmyadmin.example.org that will expire on 0001-01-01
    
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for phpmyadmin.example.org
    Using the webroot path /var/www/acme-challenge for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
    
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem. Your cert
       will expire on 2025-03-23. To obtain a new or tweaked version of
       this certificate in the future, simply run certbot again. To
       non-interactively renew *all* of your certificates, run "certbot
       renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    
    Restarting services:
    systemctl reload nginx.service
    
  5. Uncomment the ssl related lines in /etc/nginx/sites-available/phpmyadmin.example.org and run
    $ sudo systemctl reload nginx.service