[SOLVED] See last post. Hi, I see that it is possible to setup phpMyAdmin to use https? However solutions that worked for others won't work for me. I am running Ubuntu 10.04 LTS with LAMP and ISPConfig3.0.4.6. My server is a VPS located at Linode, and I followed their guide for securing my server, then the ISPConfig guide. Everything appears to be working, mysql, php, ISPConfig... So I'm now trying to get phpMyAdmin to use https rather than http. my "phpMyAdmin default Apache configuration" file is located in /etc/apache2/conf.d/phpmyadmin.conf and contain the following code: (I added the RewriteEngine, RewriteCond, and RewriteRule lines hoping to make it work) Code: # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory> However this returns an error in my browser: Code: SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) The code I added is a variation of what I've seen others do, but as the other solutions haven't worked for me, this is where I'm up to for the moment. Cheers, Nap PS.. Where can I find the password that enables me to enter the /phpmyadmin/setup page. /etc/phpmyadmin/htpasswd.setup contains: admin:*
Do I need to create another certificate using openSSL to get this to work? If so, where should the certificate go?
phpmyadmin is accessed trough the website were you call it from (apache alias), so if this wbsite has ssl, then phpmyadmin is ssl encrypted. if the website does not has ssl, then its not ssl encrypted.
Till, thnx. I am accessing IPSConfig through https. Does that qualify? I have openSSL installed, and use SSH via PuTTY. Of course, I don't want my whole site to operate through https. Cheers, Nap
if you have a wildcard cert then you can set up subdomain. If not you can just make a symlink in the ispconfig folder to the phpmyadmin installation and use it on the same domain as a "subfolder"
cfoe thnx 4 your reply. I would like to provide https access to phpMyAdmin for all domains that I setup on my server, 3 at the moment. So I'm looking for a solution that works across the board on my site. When I installed ISPConfig a few years ago (my 1st time), I seem to recall that is actually compiled it's own apache server. Is that still the case? If so, that would explain why ISPConfig works with HTTPS but not phpMyAdmin, and would mean I'm not done setting up my apache2 package. I'm sorry but I don't know what a 'wildcard cert' is. A link would be appreciated so I can do my own homework. However, I do know what a symlink is. Could you be more specific regarding folders? (Everything is installed into default locations on my Ubuntu 10.04 LTS VPS.) And I'm hoping this approach does not require me to create such a symlink for each domain I host. (Although if it's the only solution, I'm happy to do so.) Best regards, Nap
Ok, so you want to access phpmyadmin trogh the controlpanel vhost and not the websites. In this case, pjhpmyadmin is already ssl encrypted if you had choosen ssl for ispconfig in the installer. Yoiu can access it similar to ispconfig 2 trogh the controlpanel port: http://www.yourdomain.tld:8080/phpmyadmin No. ISPConfig 3 is a completely different software and does not share any code with ispconfig 2.
Because a cert must be "made" for specific domains it would be possible to automate something like: www.customerdomain.com/phpmyadmin the cert would need to contain customerdomain.com which it could but you need to know on SSL purchase all the domains. I have not been on board for soo long with ISPConfig but I am pretty sure that ISPConfig 2 had a separate webserver. ISPConfig 3.x uses the installed webserver (apache or nginx) and adds the necessary config to "make it work" Wildcard certs are usable for subdomains in the format *.yourdomain.tld. A good guide can be found right here: http://www.howtoforge.com/securing-...h-a-free-class1-ssl-certificate-from-startssl The certs from StartSSL are correctly recognized by all the major platforms and browsers The only thing I can think of would be a rewrite (means redirect for the browser) by apache from www.customerdomain.com/phpmyadmin to yourdomain.com/phpmyadmin I hope that helps
I did choose SSL while installing. The access URL I would like is https://www.mydomain.net.au/phpmyadmin. If the user issues http://www.mydomain.net.au/phpmyadmin they would be redirected to the https:// version. I haven't configured any resellers or clients in my ISPConfig yet, but I believe there is a link there to phpMyAdmin. So I would like to cover the case where the user tries to access without use of the control panel.
PLEASE DISREGARD THIS REPLY. I DID NOT EXPRESS MYSELF PROPERLY. I posted another reply below. My appologies. This solution is exactly what I'm trying to get going. If you check my opening post, you will see I've posted the commands, but they are not working for me. And I don't understand why.
I would like to use mod_rewrite (which is already enabled on my server) to redirect from HTTP to HTTPS. When I was installing ISPConfig, I selected to use SSL, and it works fine. So, if the user types http://mydomain.net.au/phpmyadmin, they should be redirected to https://mydomain.net.au/phpmyadmin I don't understand why I cannot get the redirect to work. My browser returns an SSL error, as per my opening post.
please post the log files for the ssl host. it is possible that the host does not support non-ssl access and the redirect for phpmyadmin rewrites to a non-ssl address
cfoe, I've actually set all my files back to their defaults. This means that when I use http://mydomain.net.au/phpmyadmin I am taken to the phpMyAdmin login screen: I want to be able to access it via https://mydomain.net.au/phpmyadmin instead. Below are my attempts at achieving this via the phpmyadmin.conf file. I will check the log files in the /var/log/apache2 folder now. Version 1 So I've edited the /etc/apache2/conf.d/phpmyadmin.conf file as follows: (bold lines added by me) # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory> This produces an error in my browser as per the image below: Version 2 If instead I edit the code of the same phpmyadmin.conf file as per Skara's post in another thread here (see below), I get the same error as above # phpMyAdmin default Apache configuration <IfModule mod_rewrite.c> <IfModule mod_ssl.c> <Location /phpmyadmin> RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}/phpmyadmin [R] </Location> </IfModule> </IfModule> Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php ..... everything below is the same as previous example Version 3 If instead I edit the code of the same phpmyadmin.conf file, similar to V2 but use %{REQUEST_URI} instead of /phpmyadmin [R] (see below), I still get the same error as above # phpMyAdmin default Apache configuration <IfModule mod_rewrite.c> <IfModule mod_ssl.c> <Location /phpmyadmin> RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} </Location> </IfModule> </IfModule> Alias /phpmyadmin /usr/share/phpmyadmin ..... everything below is the same as previous example
The error above indicates that you havent created a ssl certificate yet in the website mydomain.net.au. At the moment you redirect ssl requests to a non ssl website. In the ispconfig manual you find instructions on how to neable ssl for a website and how to create a ssl certificate for that site.
Till, cfoe, thnx for your support. I've been able to solve my problem concerning https access and the redirect. I searched google for SSL Host log file location (in an attempt to supply cfoe with the info he asked me to supply), and as if by magic, HTTPD - Apache2 Web Server turned up. After reading the page, I got a clue of a few places to investigate. Turns out that while I've done all the SSL configuration, I hadn't issued the command which turns on HTTPS: Code: a2ensite default-ssl Using Version 3 of the phpmyadmin.conf file I pasted above (Version 1 & 2 might well work too). Then I restarted apache and it worked. Code: /etc/init.d/apache2 restart Of course I'm using the snake-oil keys, but it's working. Cheers, Nap
