Nginx SSL conf to access phpMyAdmin
Igor Sysoev
igor at sysoev.ru
Sat May 8 00:59:02 MSD 2010
On Fri, May 07, 2010 at 09:30:18AM -0400, ideanet wrote:
> Hi,
> I have some trouble to configure correctly the access to phpMyAdmin via SSL.
> 1. problem: when i call the URL https://mydomain.com/phpmyadmin/ I don't have access.
> 2. problem: If I call the URL https://mydomain.com/phpmyadmin/index.php, I see the login page. I enter the account and password and after I'm redirected to the port 443 (http://mydomain.com:443/phpmyadmin/) with the message:
>
> 400 Bad Request
> The plain HTTP request was sent to HTTPS port
>
> At this point, if I press the back button of the browser and reload the login page, I can enter on the phpMyAdmin.
>
> I read that is needed the conf "fastcgi_param HTTPS on;", that I have included on my SSL section, but doesn't have any effect...
>
> Here my SSL conf:
>
> [i]server {
> listen 443;
> server_name mydomain.com;
> server_tokens off;
> root /var/www/html;
>
> ssl on;
> ssl_certificate /etc/nginx/mydomain.crt;
> ssl_certificate_key /etc/nginx/mydomain.key;
>
> keepalive_timeout 70;
> add_header Front-End-Https on;
>
> client_max_body_size 50M;
>
> fastcgi_param HTTPS on;
>
> ## Protect some directory and files
> location ~ (^/(app/|includes/|lib/|/pkginfo/|var/|report/config.xml)|/\.svn/|/.hta.+) {
> deny all;
> }
>
> ## Specific SSL log files
> access_log /var/log/nginx/ssl.access.log;
> error_log /var/log/nginx/ssl.error.log;
>
> ## this rewrites all the requests to the maintenance.html
> if (-f $document_root/system/maintenance.html) {
> rewrite ^(.*)$ /system/maintenance.html last;
> break;
> }
>
> ## Handle all .php files, /downloader and /report
> location ~ (\.php|/downloader/?|/report/?)$ {
> if ($request_uri ~ /(downloader|report)$){
> # no trailing /, redirecting
> rewrite ^(.*)$ $1/ permanent;
> }
>
> fastcgi_index index.php;
> include /etc/nginx/fastcgi_params;
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
>
> if (-e $request_filename) { # check if requested path exists
> fastcgi_pass backend;
> }
>
> }
>
> ## Magento specific configuration
> location / {
> # set expire headers
> if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)$") {
> expires max;
> }
>
> # set fastcgi settings, not allowed in the "if" block
> include /etc/nginx/fastcgi_params;
> fastcgi_param SCRIPT_FILENAME $document_root/index.php;
> fastcgi_param SCRIPT_NAME /index.php;
> fastcgi_param HTTPS on;
> fastcgi_read_timeout 240;
>
> # rewrite a file not found, pass it to the backend
> if (!-f $request_filename) {
> fastcgi_pass backend;
> break;
> }
> }
>
> }[/i]
>
> Thank you for any help
> Luca
Try to simplify configuration and to make it more scaleable:
fastcgi_read_timeout 240;
location ~ (^/(app/|includes/|lib/|pkginfo/|var/|report/config.xml)|/\.svn/|/.hta.+) {
deny all;
}
location ~ (\.php|/downloader/?|/report/?)$ {
try_files /system/maintenance.html $uri =404;
fastcgi_pass backend;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
location = /downloader { rewrite ^ /downloader/ permanent; }
location = /downloader/ {
try_files /system/maintenance.html $uri/ =404;
fastcgi_pass backend;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
fastcgi_param HTTPS on;
}
location = /report { rewrite ^ /report/ permanent; }
location = /report/ {
try_files /system/maintenance.html $uri/ =404;
fastcgi_pass backend;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/report/index.php;
fastcgi_param HTTPS on;
}
location ~* "\.(ico|css|js|gif|jpe?g|png)$") {
try_files $uri @magento;
expires max;
}
location / {
try_files $uri $uri/ @magento;
index index.php;
expires max;
}
location @magento {
fastcgi_pass backend;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/index.php
fastcgi_param HTTPS on;
}
location = /phpmyadmin { rewrite ^ /phpmyadmin/ permanent; }
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list