Setting up nginx+fastCGI+SSL+phpMyAdmin w/subdir (not vhost)

Stefan Scott lists at ruby-forum.com
Fri Feb 13 03:43:29 MSK 2009


Hi Folks -

I'm trying to set up phpMyAdmin with nginx and SSL on a VPS (virtual
private server) - with phpMyAdmin in a subdirectory (instead of a vhost
or subdomain) to avoid setting up CNAME records at my VPS hosting
provider (because I only know how to set up a CNAME at my domain
registrar, not at my VPS hosting provider - and also because I think
that myslice.vpshost.com/phpmyadmin looks better than
phpmyadmin.myslice.vpshost.com :-).

I'm getting some errors, which I've found some crazy workarounds for
that actually work - but I'd like to know to to do things the right way
- and also make sure that nginx + phpMyAdmin is actually using SSL
instead of sending data unencrypted.

I suspect I don't have my nginx.conf file set up correctly, probably
something to do with the 'location', 'root' or 'rewrite' directives (see
the 'server' sections from the nginx.conf file at the end of this post).
Maybe there's also some problems with my SSL files, or with the symlink
I created for the phpmyadmin directory.

Below I'll show the two phpMyAdmin errors (and workarounds), plus a set
of SSL questions - and at the end I've included the nginx.conf and
fastcgi_params files, the SSL key file locations, and the symlink for
the phpmyadmin directory.


1a) PHPMYADMIN ERROR: If I point the browser at

http://myslice.vpshost.com/phpmyadmin

the browser displays:

403 Forbidden
nginx/0.6.33


1b) WORKAROUND: If I point the browser at the longer URL (adding
/index.php to the end):

http://myslice.vpshost.com/phpmyadmin/index.php

then the browser dislays the phpMyAdminLogin screen, where I can enter
the Username 'root' and the Password - and when I hit GO it *almost*
takes me to the main phpMyAdmin screen (but not quite - see 2a below).


1c) QUESTION: So I need to know how to edit the nginx.conf file so that
I can access the phpMyAdmin login screen using the shorter URL:

http://myslice.vpshost.com/phpmyadmin



2a) PHPMYADMIN ERROR: If I enter the Username 'root' and the Password in
(1b) above, then hit the GO button, the browser goes to a URL like the
following:

http://myslice.vpshost.com/index.php?token=1b20403ffcfac2005c38011198a71d16

and the browser displays:

403 Forbidden
nginx/0.6.33


2b) WORKAROUND: If I insert /phpmyadmin into the middle of the above
URL, to get the following URL:

http://myslice.vpshost.com/phpmyadmin/index.php?token=1b20403ffcfac2005c38011198a71d16

then the browser displays the main phpMyAdmin page. So the login
*almost* worked - the password got accepted, but my browser isn't going
to the right subdirectory.


2c) QUESTION: Obviously there's something wrong with my nginx.conf file
- but I can't figure out how to fix it. Not sure if I should be using
'rewrite' or 'root' or 'location' or some combination thereof!



3) SSL QUESTIONS: I'm not sure if SSL is getting used properly - or at
all.

If I point the browser to any of the following URLs (using https, not
http):

https://myslice.vpshost.com/phpmyadmin
https://myslice.vpshost.com/phpmyadmin/index.php

the browser displays its standard "unable to connect" message (the same
one it displays when when the computer isn't connected to the internet).

If, instead, I point the browser at any of the following URLs (using
port 443), the browser displays:

http://myslice.vpshost.com/phpmyadmin/index.php:443
http://myslice.vpshost.com/phpmyadmin:443

404 Not Found
nginx/0.6.33

Given the nginx.conf file below, is nginx + phpMyAdmin actually using
SSL?

There are two 'server' sections in my nginx.conf file - one listening on
80, and one listening on 443 - but maybe the 'server' section listening
on 443 is even being used at all right now - and I'm using phpMyAdmin
*without* SSL.

Do I need to use https when I point my browser to the login page for
phpMyAdmin, or can this somehow happen automatically? How do I make sure
that phpMyAdmin is using SSL?



MY SETUP:

This is a Xen VPS (virtual private server) with 512MB RAM running Debian
Etch, with nginx + fastCGI + PHP-FPM + SSL + phpMyAdmin, and phpMyAdmin
is using a subdirectory instead of a separate vhost.


I installed phpMyAdmin to use nginx with SSL (without setting up a
separate virtual host just for SSL) using the instructions here:

http://am.notsowise.net/phpmyadmin-on-lemp
http://bookmarks.honewatson.com/2008/04/15/the-plain-http-request-was-sent-to-https-port/
http://blog.skateinmars.net/tag/nginx
http://forum.slicehost.com/comments.php?DiscussionID=1519
http://markmail.org/message/liuakcvxsnhl6opt#query:phpmyadmin%20nginx%20%22virtual%20host%22+page:1+mid:bptkeyymhw2sbz54+state:results

My nginx.conf file contains the following two (nearly identical)
'server' sections for phpmyadmin (one for http, and one for https):

server {
listen 80;
server_name myslice.vpshost.com;

access_log /usr/local/nginx/logs/phpmyadmin.access_log;
error_log  /usr/local/nginx/logs/phpmyadmin.error_log;

location ~ /phpmyadmin/.+\.php$ {
    rewrite ^/phpmyadmin(/.+)$ $1 break;
    fastcgi_pass 127.0.0.1:9000;

    index index.php;
    root /home/myname/sources/phpmyadmin;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME
/home/myname/sources/phpmyadmin$fastcgi_script_name;
    include /usr/local/nginx/conf/fastcgi_params.phpmyadmin;
    }
}

server {
listen 443;
server_name myslice.vpshost.com;

ssl    on;
ssl_certificate    /etc/ssl/certs/myssl.crt;
ssl_certificate_key    /etc/ssl/private/myssl.key;

access_log /usr/local/nginx/logs/phpmyadmin.access_log;
error_log  /usr/local/nginx/logs/phpmyadmin.error_log;

location ~ /phpmyadmin/.+\.php$ {
    rewrite ^/phpmyadmin(/.+)$ $1 break;
    fastcgi_pass 127.0.0.1:9000;

    index index.php;
    root /home/myname/sources/phpmyadmin;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME
/home/myname/sources/phpmyadmin$fastcgi_script_name;
    fastcgi_param HTTPS on;
    include /usr/local/nginx/conf/fastcgi_params.phpmyadmin;
    }
}


Until I fully understand how to use "fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;", I just using 'include' a slightly
different fastcgi_params file in the 'server' sections in the nginx.conf
file for each different web app which nginx is serving (eg:
fastcgi_params.drupal, fastcgi_params.prestashop,
fastcgi_params.magento, fastcgi_params.phpmyadmin). This is to avoid any
possible problems with fastcgi_params overriding other directives in the
'server' section of the nginx.file - like the one which Igor Sysoev
recently resolved for me here:

http://www.ruby-forum.com/topic/177888


My fastcgi_params.phpmyadmin file is shown below:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;


The phpMyAdmin sources are located in /home/myname/sources/phpmyadmin.

This machine serves webpages from directory /usr/local/nginx/html
(instead of /var/www).

I created a symlink from /usr/local/nginx/html/phpmyadmin to
/home/myname/sources/phpmyadmin following the instructions here:

http://alandoyle.com/2008/11/27/configuring-phpmyadmin-for-multiple-users/

Doing 'ls -l' in the directory /usr/local/nginx/html shows the following
symlink:

myslice /usr/local/nginx/html: ls -l
# ...
lrwxrwxrwx 1 root staff   31 2009-02-12 16:14 phpmyadmin ->
/home/myname/sources/phpmyadmin
# ...


To set up nginx to use SSL (and remove the passphrase), I used the
instructions here:

http://www.urbanpuddle.com/articles/2008/10/14/a-quick-guide-to-ssl-on-nginx
http://articles.slicehost.com/2007/11/26/ubuntu-gutsy-generating-a-self-signed-ssl-certificate
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-nginx-ssl-and-vhosts
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx
https://rails.wincent.com/wiki/Generating_self-signed_SSL_certificates_for_use_with_nginx

My SSL certificate and key are located here:

/etc/ssl/certs/myssl.crt
/etc/ssl/private/myssl.key


And I originally installed nginx + fastCGI + PHP-FPM using the
instructions here - and it seems to be working fine for all the other
web apps, just not quite working right for phpMyAdmin:

http://www.yawn.it/2008/04/30/nginx-php-php-fpm-on-debian-etch-40/
http://www.codegobbler.com/drupal-nginx-fastcgi-setup-and-configuration
http://drupal.org/node/110224


If anyone can help me get the nginx.conf file (or other settings) right,
I'd be very appreciative.

Thanks for any help!

- Stefan Scott Alexander
-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list