Nginx SSL conf to access phpMyAdmin

Igor Sysoev igor at sysoev.ru
Sat May 8 15:14:51 MSD 2010


On Sat, May 08, 2010 at 12:59:02AM +0400, Igor Sysoev wrote:

> On Fri, May 07, 2010 at 09:30:18AM -0400, ideanet wrote:
> 
> > Hi, 
> > I have some trouble to configure correctly the access to phpMyAdmin via SSL.
> > 1. problem: when i call the URL https://mydomain.com/phpmyadmin/ I don't have access.
> > 2. problem: If I call the URL https://mydomain.com/phpmyadmin/index.php, I see the login page. I enter the account and password and after I'm redirected to the port 443 (http://mydomain.com:443/phpmyadmin/) with the message:
> > 
> > 400 Bad Request
> > The plain HTTP request was sent to HTTPS port
> > 
> > At this point, if I press the back button of the browser and reload the login page, I can enter on the phpMyAdmin.
> > 
> > I read that is needed the conf "fastcgi_param HTTPS on;", that I have included on my SSL section, but doesn't have any effect...
> > 
> > Here my SSL conf:
> > 
> > [i]server {
> >                 listen                  443;
> >                 server_name             mydomain.com;
> >                 server_tokens           off;
> >                 root                    /var/www/html;
> > 
> >                 ssl                     on;
> >                 ssl_certificate         /etc/nginx/mydomain.crt;
> >                 ssl_certificate_key     /etc/nginx/mydomain.key;
> > 
> >                 keepalive_timeout       70;
> >                 add_header              Front-End-Https    on;
> > 
> >                 client_max_body_size    50M;
> > 
> >                 fastcgi_param           HTTPS on;
> > 
> >                 ## Protect some directory and files 
> >                 location ~ (^/(app/|includes/|lib/|/pkginfo/|var/|report/config.xml)|/\.svn/|/.hta.+) {
> >                         deny all;
> >                 }
> > 
> >                 ## Specific SSL log files
> >                 access_log              /var/log/nginx/ssl.access.log;
> >                 error_log               /var/log/nginx/ssl.error.log;
> > 
> >                 ## this rewrites all the requests to the maintenance.html
> >                 if (-f $document_root/system/maintenance.html) {
> >                         rewrite    ^(.*)$    /system/maintenance.html last;
> >                         break;
> >                 }
> > 
> >                 ## Handle all .php files, /downloader and /report
> >                 location ~ (\.php|/downloader/?|/report/?)$ {
> >                         if ($request_uri ~ /(downloader|report)$){
> >                                 # no trailing /, redirecting
> >                                 rewrite  ^(.*)$ $1/ permanent;
> >                         }
> > 
> >                         fastcgi_index index.php;
> >                         include /etc/nginx/fastcgi_params;
> >                         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
> > 
> >                         if (-e $request_filename) { # check if requested path exists
> >                         fastcgi_pass backend;
> >                         }
> > 
> >                 }
> > 
> >                 ## Magento specific configuration
> >                 location / {
> >                         # set expire headers
> >                         if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)$") {
> >                                 expires max;
> >                         }
> > 
> >                         # set fastcgi settings, not allowed in the "if" block
> >                         include /etc/nginx/fastcgi_params;
> >                         fastcgi_param SCRIPT_FILENAME $document_root/index.php;
> >                         fastcgi_param SCRIPT_NAME /index.php;
> >                         fastcgi_param HTTPS on;
> >                         fastcgi_read_timeout 240;
> > 
> >                         # rewrite a file not found, pass it to the backend
> >                         if (!-f $request_filename) {
> >                                 fastcgi_pass backend;
> >                                 break;
> >                                 }
> >                 }
> > 
> >         }[/i]
> > 
> > Thank you for any help
> > Luca
> 
> Try to simplify configuration and to make it more scaleable:
> 
>      fastcgi_read_timeout 240;
> 
>      location ~ (^/(app/|includes/|lib/|pkginfo/|var/|report/config.xml)|/\.svn/|/.hta.+) {
>            deny all;
>      }
> 
>      location ~ (\.php|/downloader/?|/report/?)$ {

-      location ~ (\.php|/downloader/?|/report/?)$ {
+      location ~ \.php$ {

>          try_files  /system/maintenance.html  $uri  =404;
> 
>          fastcgi_pass backend;
>          include /etc/nginx/fastcgi_params;
>          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
>          fastcgi_param HTTPS on;
>      }
> 
>      location = /downloader { rewrite  ^  /downloader/ permanent; }
> 
>      location = /downloader/ {
>          try_files  /system/maintenance.html  $uri/  =404;
> 
>          fastcgi_pass backend;
>          include /etc/nginx/fastcgi_params;
>          fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
>          fastcgi_param HTTPS on;
>      }
> 
>      location = /report { rewrite  ^  /report/ permanent; }
> 
>      location = /report/ {
>          try_files  /system/maintenance.html  $uri/  =404;
> 
>          fastcgi_pass backend;
>          include /etc/nginx/fastcgi_params;
>          fastcgi_param SCRIPT_FILENAME $document_root/report/index.php;
>          fastcgi_param HTTPS on;
>      }
> 
>      location ~* "\.(ico|css|js|gif|jpe?g|png)$") {
>          try_files  $uri  @magento;
>          expires max;
>      }
> 
>      location / {
>          try_files  $uri  $uri/  @magento;
>          index      index.php;
>          expires max;
>      }
> 
>      location @magento {
>          fastcgi_pass backend;
>          include /etc/nginx/fastcgi_params;
>          fastcgi_param SCRIPT_FILENAME $document_root/index.php
>          fastcgi_param HTTPS on;
>      }
> 
>      location = /phpmyadmin { rewrite ^  /phpmyadmin/ permanent; }
> 
> 
> -- 
> Igor Sysoev
> http://sysoev.ru/en/
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx

-- 
Igor Sysoev
http://sysoev.ru/en/



More information about the nginx mailing list