Good day, I have a (Ubuntu 20.04.1 LTS (Focal Fossa)) ISPConfig 3.2 setup. Just updated from 3.2dev. I am trying to install an .htpassowd to further protect access to phpmyadmin (https://<ip>:8080/phpmyadmin. I followed this procedure (only had to find the right phpmyadmin.conf) https://www.howtoforge.com/protect-phpmyadmin-on-an-ispconfig-3-server-debian restarted apache. I can accees phpmyadmin normally. I don't get the authorization pop-up nor does the /myalias work? I read below that this document is probably dated? (can old documentation be removed?) Found this, but Apache won't reload? https://www.howtoforge.com/community/threads/secure-phpmyadmin-with-htaccess-file.84216/ <Directory /usr/share/phpmyadmin> Options SymLinksIfOwnerMatch DirectoryIndex index.php #Make use of .htpasswd #AllowOverride “ALL” AuthType Basic AuthName "Enter account information" AuthUserFile /usr/share/phpmyadmin/.htpasswd Require valid-user Any hint on what else to do? Thanks ahead as always, JP
I think the correct file is in /etc/apache2/conf-available/phpmyadmin.conf and not /etc/apache2/conf.d/phpmyadmin.conf Try editing it there
Yes. That is the file I modified /etc/apache2/conf-available/phpmyadmin.conf (/etc/apache2/conf.d/phpmyadmin.conf didn't exist on Ubuntu) If I add the AllowOverride “ALL” Apache won't restart
- I removed the quotes, un-commented the line and i can reload Apache (/etc/init.d/apache2 reload). - I confirmed that the path to the file is good (AuthUserFile /usr/share/phpmyadmin/.htpasswd) Still don't have the username/password pop up?
Anyone else have an idea or see something wrong here? 1) root@host1:/home/ubuntu# ls -l /etc/apache2/conf-enabled/ total 0 lrwxrwxrwx 1 root root 34 Oct 15 20:29 apache2-doc.conf -> ../conf-available/apache2-doc.conf lrwxrwxrwx 1 root root 30 Oct 15 20:29 charset.conf -> ../conf-available/charset.conf lrwxrwxrwx 1 root root 30 Oct 15 20:35 httpoxy.conf -> ../conf-available/httpoxy.conf lrwxrwxrwx 1 root root 44 Oct 15 20:29 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf lrwxrwxrwx 1 root root 46 Oct 15 20:29 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf lrwxrwxrwx 1 root root 33 Oct 15 20:33 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf lrwxrwxrwx 1 root root 32 Oct 15 20:39 roundcube.conf -> ../conf-available/roundcube.conf lrwxrwxrwx 1 root root 31 Oct 15 20:29 security.conf -> ../conf-available/security.conf lrwxrwxrwx 1 root root 36 Oct 15 20:29 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf 2) vi /etc/apache2/conf-available/phpmyadmin.conf # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options SymLinksIfOwnerMatch DirectoryIndex index.php #Make use of .htpasswd AllowOverride ALL AuthType Basic AuthName "Enter account information" AuthUserFile /usr/share/phpmyadmin/.htpasswd Require valid-user # limit libapache2-mod-php to files and directories necessary by pma <IfModule mod_php7.c> php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/:/usr/share/php/PhpMyAdmin/:/usr/share/php/Symfony/:/usr/share/php/Twig/:/usr/share/php/Twig-Extensions/:/usr/share/php/ReCaptcha/:/usr/share/php/Psr/Container/:/usr/share/php/Psr/Cache/:/usr/share/php/Psr/Log/:/usr/share/php/Psr/SimpleCache/ </IfModule> </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/templates> Require all denied </Directory> <Directory /usr/share/phpmyadmin/libraries> Require all denied </Directory> Thanks ahead, JP
I think Code: #Make use of .htpasswd AllowOverride ALL AuthType Basic AuthName "Enter account information" AuthUserFile /usr/share/phpmyadmin/.htpasswd Require valid-user should be outside of the directory tags, so under the Alias, and above <Directory /usr/share/phpmyadmin>
No luck. If I Google, it seems to belong between <Directory> tag. Could I put it somewhere else and protect the whole :8080? (apache.conf) <VirtualHost *:8080> </VirtualHost> This would be an even better solution for me as I'm going to open an AWS Security Group with this one. As always, Thanks.
Hmm yes, you are right. AllowOverride ALL (should be All btw) is not needed as you don't have a .htaccess. Did you restart apache after changing the config?
I corrected the ALL to All. Yes I did reload Apache with no success. I added the 'AllowOverride All' because I had seen it here (2nd post): https://www.howtoforge.com/community/threads/secure-phpmyadmin-with-htaccess-file.84216/ Would you know where I could modidy the file that would affect everything pour 8080? Not in /etc/apache2/apache2.conf Thanks, JP
What the user has done there is add AllowOverride to the conf and add a .htaccess to the root of phpmyadmin, with the htpasswd settings. You might try that.
Thanks for not giving up on me! I removed the entries in the /etc/apache2/conf-available/phpmyadmin.conf and added a .htaccess in the phpmyadmin folder (/usr/share/phpmyadmin). reload and still no luck. I can't seem to get this access pop-up. Like I mentionned earlier, wouldn't it be better if I configure this where ever the port 8080 is configured? That way I would protect phpmyadmin, the CP access (not using webmail but why not protect that also). Many thanks once again, JP
You can do that ofcourse. Personally, I don't think it's needed to add a extra layer of security like this, but it can't hurt I do use 2FA for PHPMyAdmin and disable the root login for PMA on servers where I don't need it.
I guess I'll keep focusing on my present issue : password protect phpmyadmin. Does anyone have a working example? (Ubuntu 20 with ISPConfig 3.2) I'm still stuck. Thanks JP
Two more things come to my mind.... Could you share the output of Code: ls -la /etc/apache2/conf-enabled ? It could also be that some config file of apache is overriding your config... you could check the other config files to see if that's the case.
root@host1:/usr/share/phpmyadmin# ls -la /etc/apache2/conf-enabled total 8 drwxr-xr-x 2 root root 4096 Oct 15 20:41 . drwxr-xr-x 8 root root 4096 Oct 24 17:45 .. lrwxrwxrwx 1 root root 34 Oct 15 20:29 apache2-doc.conf -> ../conf-available/apache2-doc.conf lrwxrwxrwx 1 root root 30 Oct 15 20:29 charset.conf -> ../conf-available/charset.conf lrwxrwxrwx 1 root root 30 Oct 15 20:35 httpoxy.conf -> ../conf-available/httpoxy.conf lrwxrwxrwx 1 root root 44 Oct 15 20:29 localized-error-pages.conf -> ../conf-available/localized-error-pages.conf lrwxrwxrwx 1 root root 46 Oct 15 20:29 other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf lrwxrwxrwx 1 root root 33 Oct 15 20:33 phpmyadmin.conf -> ../conf-available/phpmyadmin.conf lrwxrwxrwx 1 root root 32 Oct 15 20:39 roundcube.conf -> ../conf-available/roundcube.conf lrwxrwxrwx 1 root root 31 Oct 15 20:29 security.conf -> ../conf-available/security.conf lrwxrwxrwx 1 root root 36 Oct 15 20:29 serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
Yes present. # apt install apache2-utils Reading package lists... Done Building dependency tree Reading state information... Done apache2-utils is already the newest version (2.4.41-4ubuntu3.1). The following packages were automatically installed and are no longer required: libzip5 squashfs-tools Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 49 not upgraded. Probably what's used to generate the htpasswd. Should I remove libzip5 squashfs-tools? Thanks, JP
You can, but I don’t think it will fix the issue. I think we went to everything that we really can do through this forum thread. Unless somebody else has an idea, I think the best thing to do is hire someone for remote support to look into your system.
I was trying to change the config for PMA on one of my servers to only allow traffic from certain IP addresses. This doesn't work either, probably the same issue. If I can find something I'll let you know