Setting up nginx+fastCGI+SSL+phpMyAdmin w/subdir (not vhost)

Stefan Scott lists at
Fri Feb 13 03:43:29 MSK 2009

Hi Folks -

I'm trying to set up phpMyAdmin with nginx and SSL on a VPS (virtual
private server) - with phpMyAdmin in a subdirectory (instead of a vhost
or subdomain) to avoid setting up CNAME records at my VPS hosting
provider (because I only know how to set up a CNAME at my domain
registrar, not at my VPS hosting provider - and also because I think
that looks better than :-).

I'm getting some errors, which I've found some crazy workarounds for
that actually work - but I'd like to know to to do things the right way
- and also make sure that nginx + phpMyAdmin is actually using SSL
instead of sending data unencrypted.

I suspect I don't have my nginx.conf file set up correctly, probably
something to do with the 'location', 'root' or 'rewrite' directives (see
the 'server' sections from the nginx.conf file at the end of this post).
Maybe there's also some problems with my SSL files, or with the symlink
I created for the phpmyadmin directory.

Below I'll show the two phpMyAdmin errors (and workarounds), plus a set
of SSL questions - and at the end I've included the nginx.conf and
fastcgi_params files, the SSL key file locations, and the symlink for
the phpmyadmin directory.

1a) PHPMYADMIN ERROR: If I point the browser at

the browser displays:

403 Forbidden

1b) WORKAROUND: If I point the browser at the longer URL (adding
/index.php to the end):

then the browser dislays the phpMyAdminLogin screen, where I can enter
the Username 'root' and the Password - and when I hit GO it *almost*
takes me to the main phpMyAdmin screen (but not quite - see 2a below).

1c) QUESTION: So I need to know how to edit the nginx.conf file so that
I can access the phpMyAdmin login screen using the shorter URL:

2a) PHPMYADMIN ERROR: If I enter the Username 'root' and the Password in
(1b) above, then hit the GO button, the browser goes to a URL like the

and the browser displays:

403 Forbidden

2b) WORKAROUND: If I insert /phpmyadmin into the middle of the above
URL, to get the following URL:

then the browser displays the main phpMyAdmin page. So the login
*almost* worked - the password got accepted, but my browser isn't going
to the right subdirectory.

2c) QUESTION: Obviously there's something wrong with my nginx.conf file
- but I can't figure out how to fix it. Not sure if I should be using
'rewrite' or 'root' or 'location' or some combination thereof!

3) SSL QUESTIONS: I'm not sure if SSL is getting used properly - or at

If I point the browser to any of the following URLs (using https, not

the browser displays its standard "unable to connect" message (the same
one it displays when when the computer isn't connected to the internet).

If, instead, I point the browser at any of the following URLs (using
port 443), the browser displays:

404 Not Found

Given the nginx.conf file below, is nginx + phpMyAdmin actually using

There are two 'server' sections in my nginx.conf file - one listening on
80, and one listening on 443 - but maybe the 'server' section listening
on 443 is even being used at all right now - and I'm using phpMyAdmin
*without* SSL.

Do I need to use https when I point my browser to the login page for
phpMyAdmin, or can this somehow happen automatically? How do I make sure
that phpMyAdmin is using SSL?


This is a Xen VPS (virtual private server) with 512MB RAM running Debian
Etch, with nginx + fastCGI + PHP-FPM + SSL + phpMyAdmin, and phpMyAdmin
is using a subdirectory instead of a separate vhost.

I installed phpMyAdmin to use nginx with SSL (without setting up a
separate virtual host just for SSL) using the instructions here:

My nginx.conf file contains the following two (nearly identical)
'server' sections for phpmyadmin (one for http, and one for https):

server {
listen 80;

access_log /usr/local/nginx/logs/phpmyadmin.access_log;
error_log  /usr/local/nginx/logs/phpmyadmin.error_log;

location ~ /phpmyadmin/.+\.php$ {
    rewrite ^/phpmyadmin(/.+)$ $1 break;

    index index.php;
    root /home/myname/sources/phpmyadmin;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME
    include /usr/local/nginx/conf/fastcgi_params.phpmyadmin;

server {
listen 443;

ssl    on;
ssl_certificate    /etc/ssl/certs/myssl.crt;
ssl_certificate_key    /etc/ssl/private/myssl.key;

access_log /usr/local/nginx/logs/phpmyadmin.access_log;
error_log  /usr/local/nginx/logs/phpmyadmin.error_log;

location ~ /phpmyadmin/.+\.php$ {
    rewrite ^/phpmyadmin(/.+)$ $1 break;

    index index.php;
    root /home/myname/sources/phpmyadmin;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME
    fastcgi_param HTTPS on;
    include /usr/local/nginx/conf/fastcgi_params.phpmyadmin;

Until I fully understand how to use "fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;", I just using 'include' a slightly
different fastcgi_params file in the 'server' sections in the nginx.conf
file for each different web app which nginx is serving (eg:
fastcgi_params.drupal, fastcgi_params.prestashop,
fastcgi_params.magento, fastcgi_params.phpmyadmin). This is to avoid any
possible problems with fastcgi_params overriding other directives in the
'server' section of the nginx.file - like the one which Igor Sysoev
recently resolved for me here:

My fastcgi_params.phpmyadmin file is shown below:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

The phpMyAdmin sources are located in /home/myname/sources/phpmyadmin.

This machine serves webpages from directory /usr/local/nginx/html
(instead of /var/www).

I created a symlink from /usr/local/nginx/html/phpmyadmin to
/home/myname/sources/phpmyadmin following the instructions here:

Doing 'ls -l' in the directory /usr/local/nginx/html shows the following

myslice /usr/local/nginx/html: ls -l
# ...
lrwxrwxrwx 1 root staff   31 2009-02-12 16:14 phpmyadmin ->
# ...

To set up nginx to use SSL (and remove the passphrase), I used the
instructions here:

My SSL certificate and key are located here:


And I originally installed nginx + fastCGI + PHP-FPM using the
instructions here - and it seems to be working fine for all the other
web apps, just not quite working right for phpMyAdmin:

If anyone can help me get the nginx.conf file (or other settings) right,
I'd be very appreciative.

Thanks for any help!

- Stefan Scott Alexander
Posted via

More information about the nginx mailing list