Hello gentlemen, My setup is an Ubuntu 12.10 system. I have used this guide to successfully set up the server. However I have a problem with phpMyAdmin. Page #4 of the guide states to add a specific nginix directive inside ISPConfig to enable phpMyAdmin for a specific site. Now being security concious I only want phpMyAdmin to work over https. So I have added the following code snippet Code: location /phpmyadmin { root /usr/share/; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param HTTPS on; # <-- add this line fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } As per the guide says. However, I have found that even after saving the above directive into ISPConfig for that site and reloading (and also restarting) nginx, phpMyAdmin is accessible via http on port 8081! If I try HTTPS port 8081 it won't work - firefox produces a Code: SSL received a record that exceeded the maximum permissible length. error. How can I force this (phpmyadmin) to ONLY work over HTTPS? Thanks in advance!
This is the apps vhost that comes with ISPConfig. you can find it in /etc/nginx/sites-available/apps.vhost. If you like to disable phpMyAdmin there, please don't forget to disable it in the apps vhost template in /usr/local/ispconfig/server/conf as well.
Hi Falko, I am not wanting to disable phpMyAdmin, I am wanting to make it HTTPS only -- i.e. it is only accessible by https://my.server:8081/phpmyadmin and not by http://my.server:8081/phpmyadmin. At the moment I can access it via HTTP only, HTTPS gives an error. How can I configure it for https ONLY?
Hi, I'm still trying to fix this -- can anyone lend a hand? I have edited the Code: location /phpmyadmin { } directive in Code: /etc/nginx/sites-available/apps.vhost and added Code: fastcgi_param HTTPS on; and restarted nginx but it doesn't help! I found there is already a line there that says Code: fastcgi_param HTTPS $https; Where is the $HTTPS variable defined? I can't find it in that file. Also commenting out this particular variable-driven line and forcing it with fastcgi_param HTTPS on; doesn't seem to help either. Navigating to https://my.server.tld:8081/phpmyadmin gives me an error, whereas http://my.server.tld:8081/phpmyadmin works. I have a feeling I'm editing the wrong file(s)! Any help appreciated! EDIT: I have found that I am able to access both phpMyAdmin AND SquirrelMail on http://site.server.tld:8081/phpmyadmin or http://site.server.tld:8081/squirrelmail REGARDLESS of wether the directives are present or not inside ISPConfig in Sites > Domains > Optoins > nginx Directives. I thought without the directives there, that particular site shouldn't have phpMyAdmin or SquirrelMail? Is my understanding of that incorrect? The guide says the following:
Hi breakaway, After installing ISPConfig 3, there is no need to change anything to access phpmyadmin securely. I install ISPConfig on port 443, so I simply do: Code: https://host.ispconfigserver.tld/phpmyadmin There is no need to configure your phpmyadmin on port 8081 or any of that other stuff... Regards, Darin
Thanks for the reply Darin but that doesn't work for me. In fact the guide I am using states specifically (link to that page) that if you are using nginx then phpmyadmin will not work 'out of the box' - it says you need to add some directives under EACH SITE that requires phpmyadmin/squirrelmail to make it active. But I found that real-world behaviour is actually very different as per my posts above. Are you running nginx? Anyway I managed to figure it out with a friend's help. Note that my end goal was to have phpmyadmin/squirrelmail accesible by https://my.server.tld:8081/phpmyadmin and https://my.server.tld:8081/webmail respectively, via https ONLY. The resolution was to edit Code: /etc/nginx/sites-available/apps.vhost To include the following 3 lines Code: ssl on; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; And restart nginx. It now works. Note that this is a self signed SSL Cert so obviouly it is better to replace it with a proper cert.
I am not using nginx. I seem to have missed that important detail. Thanks for posting your solution here! Darin
