Allow PHPMyAdmin access on certain virtual hosts - Ubuntu and Nginx
mrast
nginx-forum at forum.nginx.org
Sun Oct 9 16:50:50 UTC 2016
Hi Francis,
Its a brand new server setup.
I have no problem sharing the config files - ill just sanitize the actual
websites. But everything else is 100% as is.
Here is the full nginx.conf file from /etc/nginx
cat /etc/nginx/nginx.conf
user www-data;
worker_processes 1;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
##
# EasyEngine Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
server_tokens off;
reset_timedout_connection on;
# add_header X-Powered-By "EasyEngine";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m;
##
# SSL Settings
##
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
##
# Basic Settings
##
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time
$upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 2;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
text/xml
text/javascript;
##
# Cache Settings
##
add_header Fastcgi-Cache $upstream_cache_status;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80 default_server;
server_name _;
return 444;
}
}
Here is the full config for website.com - that does need access to
phpmyadmin and does have an extra login prompt before /phpmyadmin is shown
(which is what th e location /phpmyadmin block dictates
cat /etc/nginx/sites-available/website.com
fastcgi_cache_path /var/www/html/website.com/cache levels=1:2
keys_zone=website.com:100m inactive=60m;
server {
server_name website.com www.website.com;
access_log /var/www/html/website.com/logs/access.log;
error_log /var/www/html/website.com/logs/error.log;
root /var/www/html/website.com/public/;
index index.php index.html index.htm;
set $skip_cache 0;
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
if ($request_uri ~*
"/wp-admin/|/phpmyadmin|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml")
{
set $skip_cache 1;
}
if ($http_cookie ~*
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in")
{
set $skip_cache 1;
}
if ($http_cookie ~* "PHPSESSID"){
set $skip_cache 1;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location /phpmyadmin {
auth_basic "Admin Login";
auth_basic_user_file /etc/nginx/allow_phpmyadmin;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache magentafp.com;
fastcgi_cache_valid 60m;
}
location ~ /purge(/.*) {
fastcgi_cache_purge website.com
"$scheme$request_method$host$1";
}
}
Here is the full config for website1.com - that doesnt need access to
phpmyadmin - and thus doesnt have the location /phpmyamin block in it
cat /etc/nginx/sites-available/fulgent.co.uk
fastcgi_cache_path /var/www/html/website1.com/cache levels=1:2
keys_zone=website1.com:100m inactive=60m;
server {
server_name website1.com www.website1.com;
access_log /var/www/html/website1.com/logs/access.log;
error_log /var/www/html/website1.com/logs/error.log;
root /var/www/html/website1.com/public/;
index index.php index.html index.htm;
set $skip_cache 0;
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
if ($request_uri ~*
"/wp-admin/|/phpmyadmin|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml")
{
set $skip_cache 1;
}
if ($http_cookie ~*
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in")
{
set $skip_cache 1;
}
if ($http_cookie ~* £PHPSESSID"){
set $skip_cache 1;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache magentafp.com;
fastcgi_cache_valid 60m;
}
location ~ /purge(/.*) {
fastcgi_cache_purge website1.com
"$scheme$request_method$host$1";
}
}
I have made no changes to any phpmyadmin config files.
If i go to website1.com/phpmyadmin - the phpmyadmin login page is served.
There are no changes to the url - it stays website1.com/phpmyadmin
This is the article i followd to install an secure phpmyadmin - i did
everything on that page except change the /phpmyadmin location name. (this
is where the symlink came into it)
So to me that symlink tells nginx too server phpmyadmin php pages for the
web server - am i correct?
If i remove that symlink - and then just create symlinks for the websites
themselves - ive found it doesnt make a difference.
eg - a symlink for website.com exisits pointing to /usr/share/phpmyadmin. So
im telling nginx to serve phpmyadmin php files for that website only and not
the whole server which the /usr/share/phpmyadmin /usr/share/nginx/html
symlink does.
Here is the output of nginx -T | grep 'server\|location' as requested (ive
cut out website2 and website3 bits as they are not relevant as they are just
copies of .com and 1.com (.com and 2.com need access 1.com and 3.com dont
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
server_tokens off;
# set_real_ip_from proxy-server-ip;
ssl_prefer_server_ciphers on;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
server {
listen 80 default_server;
server_name _;
# server {
# server {
server {
server_name website.com www.website.com;
location / {
location /phpmyadmin {
location ~ \.php$ {
location ~ /purge(/.*) {
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
server {
server_name website1.com www.website1.com;
location / {
location ~ \.php$ {
location ~ /purge(/.*) {
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
Thanks for your assistance.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270105,270134#msg-270134
More information about the nginx
mailing list