[英]Phpmyadmin with SSL on a single subdomain
I would like to access phpmyadmin on a unique subdomain. 我想在唯一的子域上访问phpmyadmin。 I've created a virtualhost, everything works fine but I use many subdomains and they all give me access to phpmyadmin.
我创建了一个虚拟主机,一切正常,但是我使用了许多子域,它们都使我可以访问phpmyadmin。
I want that only one subdomain points to phpmyadmin. 我希望只有一个子域指向phpmyadmin。
https://static01.domain.com
=> point to phpmyadmin (and shouldn't) https://static01.domain.com
=>指向phpmyadmin(并且不应)
https://pma.domain.com
=> point to phpmyadmin (OK, but I would like only this one) https://pma.domain.com
=>指向phpmyadmin(好,但是我只想要这个)
Here is my virtualhost : 这是我的虚拟主机:
<VirtualHost *:80>
ServerName static01.domain.com
DocumentRoot /var/www/public_html/O2/..
</VirtualHost>
..
<VirtualHost *:443>
ServerName pma.domain.com
DocumentRoot /usr/share/phpmyadmin
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/server.crt
SSLCertificateKeyFile /etc/apache2/certificate/server.key
SSLProxyEngine on
</VirtualHost>
Any idea ? 任何想法 ?
In apache2.conf you will find a line at the bottom: 在apache2.conf中,您会在底部找到一行:
Include conf.d/
What this does is include ALL files in the /etc/apache2/conf.d/
directory. 这是在
/etc/apache2/conf.d/
目录中包含所有文件。
So have a look in this folder and you will likely find a file named phpmyadmin.conf
. 因此,请查看此文件夹,您可能会找到一个名为
phpmyadmin.conf
的文件。 You can simply delete it. 您可以简单地删除它。
I found a solution, for those interested this thing did the trick : 我找到了解决方案,对于那些对此东西感兴趣的人可以做到这一点:
<VirtualHost *:443> (need to be 1st, for any subdomains)
ServerName domain.com
RedirectPermanent / "http://www.domain.com:80"
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/server.crt
SSLCertificateKeyFile /etc/apache2/certificate/server.key
SSLProxyEngine on
</VirtualHost>
<VirtualHost *:443>
ServerName pma.domain.com
DocumentRoot /usr/share/phpmyadmin
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/server.crt
SSLCertificateKeyFile /etc/apache2/certificate/server.key
SSLProxyEngine on
</VirtualHost>
You are going in the right direction, but I think you should add some extra security directives. 您的方向是正确的,但我认为您应该添加一些额外的安全性指令。
Below my current configuration, based on the original phpMyAdmin.conf
that was created after the yum
package installation in CentOS 7. For other systems paths could be different, or if you use a different Apache/PHP version, some commands can also change, but you should be able to find the replacement. 在当前配置下,基于在CentOS 7中安装
yum
软件包后创建的原始phpMyAdmin.conf
。对于其他系统,路径可能不同,或者如果您使用其他Apache / PHP版本,则某些命令也可以更改,但是您应该能够找到替代品。
I'm commenting the original directives, and also some other directives that might be useful: 我正在评论原始指令以及可能有用的其他一些指令:
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
#<IfModule mod_authz_core.c>
# # Apache 2.4
# <RequireAny>
# Require ip 127.0.0.1
# Require ip ::1
# </RequireAny>
#</IfModule>
#<IfModule !mod_authz_core.c>
# # Apache 2.2
# Order Deny,Allow
# Deny from All
# Allow from 127.0.0.1
# Allow from ::1
#</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
<VirtualHost XXX.XXX.XX.XX:443>
ServerName your.domain.com
DocumentRoot /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
DirectoryIndex index.php
Require all granted
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpMyAdmin/tmp
php_admin_value open_basedir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin:/usr/share/php/gettext:doc/html
</Directory>
<Directory /usr/share/phpMyAdmin/libraries>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
#ErrorLog ${APACHE_LOG_DIR}/error.log
#LogLevel warn
#CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/key.key
#SSLVerifyClient none
#SSLOptions +StrictRequire
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLProxyEngine off
#<IfModule mime.c>
# AddType application/x-509-ca-cert .crt
# AddType application/x-pkcs7-crl .crl
#</IfModule>
</VirtualHost>
This should give you a much more secure installation open to the public. 这应该为您提供更安全的安装,向公众开放。 If anyone has further suggestions I'm happy to hear.
如果有人有其他建议,我很高兴听到。
You can use this command: 您可以使用以下命令:
a2disconf phpmyadmin
to disable the phpmyadmin url. 禁用phpmyadmin网址。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.