PhpMyAdmin: Difference between revisions

From Q
Jump to navigation Jump to search
← Older edit
Tgurr (talk | contribs)
1,619 edits
Tgurr (talk | contribs)
1,619 edits
 
(25 intermediate revisions by the same user not shown)
Line 18: Line 18:
     ServerName phpmyadmin.<domain>:443
     ServerName phpmyadmin.<domain>:443
     DirectoryIndex index.php
     DirectoryIndex index.php
    AddDefaultCharset UTF-8
    <IfModule mpm_itk_module>
        AssignUserId apache apache
    </IfModule>


     <Directory "/var/www/phpmyadmin.<domain>/htdocs">
     <Directory "/var/www/phpmyadmin.<domain>/htdocs">
Line 30: Line 25:
     </Directory>
     </Directory>


     php_admin_value open_basedir /var/www/phpmyadmin.<domain>:/usr/bin:/usr/share/php
     # PHP-FPM
    php_admin_value upload_tmp_dir /var/www/phpmyadmin.<domain>/tmp
    <FilesMatch "\.(php|php5|phtml)$">
    php_admin_value session.save_path /var/www/phpmyadmin.<domain>/session
        SetHandler "proxy:unix:/run/php-fpm-phpmyadmin.<domain>.sock|fcgi://localhost"
     php_admin_value sys_temp_dir /var/www/phpmyadmin.<domain>/tmp
     </FilesMatch>


     SSLEngine On
     SSLEngine On
     SSLCertificateFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.crt
     SSLCertificateFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.crt
     SSLCertificateKeyFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.key
     SSLCertificateKeyFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.key
     SSLCertificateChainFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.pem
 
     # Forward Secrecy
    # Source: https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
 
    # OCSP stapling
    SSLUseStapling on
 
    # Strict Transport Security (HSTS)
    # 180 days
    Header always set Strict-Transport-Security "max-age=15552000"


</VirtualHost>
</VirtualHost>
</pre>
}}
== PHP-FPM Configuration ==
{{Root|useradd --system --shell /bin/false --no-create-home --home /var/www/phpmyadmin.<domain> -g apache www-phpmyadmin}}
{{File|/etc/php/fpm-php7.2/fpm.d/phpmyadmin.<domain>.conf|
<pre>
[phpmyadmin.<domain>]
prefix = /var/www/$pool
user = www-phpmyadmin
group = apache
listen = /run/php-fpm-$pool.sock
listen.owner = www-phpmyadmin
listen.group = apache
listen.mode = 0660
pm = dynamic
pm.max_children = 50
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[date.timezone] = Europe/Berlin
php_admin_value[mysqli.default_socket] = /run/mysqld/mysqld.sock
php_admin_value[open_basedir] = /var/www/phpmyadmin.<domain>:/usr/bin:/usr/share/php:/run/mysqld
php_admin_value[post_max_size] = 50M
php_admin_value[session.save_path] = /var/www/phpmyadmin.<domain>/session
php_admin_value[sys_temp_dir] = /var/www/phpmyadmin.<domain>/tmp
php_admin_value[upload_max_filesize] = 50M
php_admin_value[upload_tmp_dir] = /var/www/phpmyadmin.<domain>/tmp
; enable logging
catch_workers_output = yes
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = /var/log/php-fpm.phpmyadmin.<domain>.log
</pre>
</pre>
}}
}}
Line 54: Line 103:
{{Root|emerge phpmyadmin}}
{{Root|emerge phpmyadmin}}


{{Root|webapp-config -I -h phpmyadmin.<domain> phpmyadmin <version>}}
{{Root|webapp-config -h phpmyadmin.<domain> -d / -I phpmyadmin 5.0.2}}


{{Root|mysql -u root -p < /usr/share/webapps/phpmyadmin/<version>/htdocs/examples/create_tables.sql}}
{{Root|mysql -u root -p < /usr/share/webapps/phpmyadmin/<version>/htdocs/sql/create_tables.sql}}
 
{{Root|mysql -u root -p}}
 
{{Code|Generate password hash|<pre>
SELECT PASSWORD('some_pass');
</pre>}}


{{Code|Creating phpmyadmin control user|<pre>
{{Code|Creating phpmyadmin control user|<pre>
CREATE USER 'phpmyadmin'@'localhost' IDENTIFIED BY 'some_pass';
CREATE USER 'phpmyadmin'@'localhost' IDENTIFIED VIA mysql_native_password USING 'some_hash';
</pre>}}
</pre>}}


{{Code|Granting phpmyadmin control user access to the phpMyAdmin database|<pre>
{{Code|Granting phpmyadmin control user access to the phpMyAdmin database|<pre>
GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost';
</pre>}}
{{Code|Granting phpmyadmin control user access to the MySQL system databases|<pre>
GRANT USAGE ON mysql.* TO 'phpmyadmin'@'localhost' IDENTIFIED BY 'some_pass';
GRANT SELECT (
    Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
    Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
    File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
    Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
    Execute_priv, Repl_slave_priv, Repl_client_priv
    ) ON mysql.user TO 'phpmyadmin'@'localhost';
GRANT SELECT ON mysql.db TO 'phpmyadmin'@'localhost';
GRANT SELECT ON mysql.host TO 'phpmyadmin'@'localhost';
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
    ON mysql.tables_priv TO 'phpmyadmin'@'localhost';
</pre>}}
</pre>}}


Line 85: Line 125:
{{File|/var/www/phpmyadmin.<domain>/htdocs/config.inc.php|
{{File|/var/www/phpmyadmin.<domain>/htdocs/config.inc.php|
<pre>
<pre>
<?php
/* Servers configuration */
/* Servers configuration */
$i = 0;
$i = 0;
Line 91: Line 133:
$i++;
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['auth_type'] = 'http';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* User for advanced features */
/* User for advanced features */
$cfg['Servers'][$i]['controluser'] = 'phpmyadmin';
$cfg['Servers'][$i]['controluser'] = 'phpmyadmin';
Line 103: Line 144:
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
Line 121: Line 165:


/* Misc settings */
/* Misc settings */
$cfg['blowfish_secret'] = 'xxx';
$cfg['Export']['compression'] = 'bzip2';
$cfg['Export']['compression'] = 'bzip2';
$cfg['DefaultLang'] = 'de';
$cfg['DefaultLang'] = 'de';
Line 127: Line 172:
$cfg['SaveDir'] = '';
$cfg['SaveDir'] = '';
$cfg['VersionCheck'] = 0;
$cfg['VersionCheck'] = 0;
$cfg['TempDir'] = '/var/www/phpmyadmin.<domain>/tmp';
?>
</pre>
</pre>
}}
}}
Line 136: Line 184:
{{Root|emerge phpmyadmin}}
{{Root|emerge phpmyadmin}}


{{Root|webapp-config -U -h phpmyadmin.<domain> phpmyadmin <newversion>}}
{{Root|webapp-config -h phpmyadmin.<domain> -d / -U phpmyadmin 5.0.3}}


{{Root|<nowiki>CONFIG_PROTECT="/var/www/phpmyadmin.<domain>/htdocs//libraries" etc-update</nowiki> }}
{{Root|<nowiki>CONFIG_PROTECT="/var/www/phpmyadmin.<domain>/htdocs//libraries" etc-update</nowiki> }}
{{Root|1}}
{{Root|q}}
{{Root|2}}
{{Root|y}}


{{Root|emerge -C phpmyadmin-<oldversion>}}
{{Root|emerge -C phpmyadmin-<oldversion>}}

Latest revision as of 13:10, 25 June 2020

Apache vhost configuration

File: /etc/apache2/vhosts.d/phpmyadmin.<domain>.conf
<VirtualHost *:80>

    ServerName phpmyadmin.<domain>:80

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

<VirtualHost *:443>

    DocumentRoot "/var/www/phpmyadmin.<domain>/htdocs"
    ServerName phpmyadmin.<domain>:443
    DirectoryIndex index.php

    <Directory "/var/www/phpmyadmin.<domain>/htdocs">
        Options None
        AllowOverride Limit
        Require ip 10.133 10.132
    </Directory>

    # PHP-FPM
    <FilesMatch "\.(php|php5|phtml)$">
        SetHandler "proxy:unix:/run/php-fpm-phpmyadmin.<domain>.sock|fcgi://localhost"
    </FilesMatch>

    SSLEngine On
    SSLCertificateFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.crt
    SSLCertificateKeyFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.key

    # Forward Secrecy
    # Source: https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

    # OCSP stapling
    SSLUseStapling on

    # Strict Transport Security (HSTS)
    # 180 days
    Header always set Strict-Transport-Security "max-age=15552000"

</VirtualHost>

PHP-FPM Configuration

# useradd --system --shell /bin/false --no-create-home --home /var/www/phpmyadmin.<domain> -g apache www-phpmyadmin
File: /etc/php/fpm-php7.2/fpm.d/phpmyadmin.<domain>.conf
[phpmyadmin.<domain>]

prefix = /var/www/$pool

user = www-phpmyadmin
group = apache

listen = /run/php-fpm-$pool.sock

listen.owner = www-phpmyadmin
listen.group = apache
listen.mode = 0660

pm = dynamic
pm.max_children = 50
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

php_admin_value[date.timezone] = Europe/Berlin
php_admin_value[mysqli.default_socket] = /run/mysqld/mysqld.sock
php_admin_value[open_basedir] = /var/www/phpmyadmin.<domain>:/usr/bin:/usr/share/php:/run/mysqld
php_admin_value[post_max_size] = 50M
php_admin_value[session.save_path] = /var/www/phpmyadmin.<domain>/session
php_admin_value[sys_temp_dir] = /var/www/phpmyadmin.<domain>/tmp
php_admin_value[upload_max_filesize] = 50M
php_admin_value[upload_tmp_dir] = /var/www/phpmyadmin.<domain>/tmp

; enable logging
catch_workers_output = yes
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = /var/log/php-fpm.phpmyadmin.<domain>.log

Installation

File: /etc/portage/package.use
dev-db/phpmyadmin vhosts
# emerge phpmyadmin
# webapp-config -h phpmyadmin.<domain> -d / -I phpmyadmin 5.0.2
# mysql -u root -p < /usr/share/webapps/phpmyadmin/<version>/htdocs/sql/create_tables.sql
# mysql -u root -p
Code: Generate password hash 
SELECT PASSWORD('some_pass');
Code: Creating phpmyadmin control user 
CREATE USER 'phpmyadmin'@'localhost' IDENTIFIED VIA mysql_native_password USING 'some_hash';
Code: Granting phpmyadmin control user access to the phpMyAdmin database 
GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost';

Configuration

File: /var/www/phpmyadmin.<domain>/htdocs/config.inc.php
<?php

/* Servers configuration */
$i = 0;

/* Server localhost (http) [1] */
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* User for advanced features */
$cfg['Servers'][$i]['controluser'] = 'phpmyadmin';
$cfg['Servers'][$i]['controlpass'] = 'xxx';
/* Advanced phpMyAdmin features */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['users'] = 'pma__users';
/* Hide lost+found if on a separate partition */
$cfg['Servers'][$i]['hide_db'] = '#mysql50#lost|^(information\_schema|performance\_schema|mysql|phpmyadmin)$';
/* End of servers configuration */

/* Misc settings */
$cfg['blowfish_secret'] = 'xxx';
$cfg['Export']['compression'] = 'bzip2';
$cfg['DefaultLang'] = 'de';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['VersionCheck'] = 0;
$cfg['TempDir'] = '/var/www/phpmyadmin.<domain>/tmp';

?>

To make the installation scripts inaccessible you should delete the setup directory.

Update

# emerge phpmyadmin
# webapp-config -h phpmyadmin.<domain> -d / -U phpmyadmin 5.0.3
# CONFIG_PROTECT="/var/www/phpmyadmin.<domain>/htdocs//libraries" etc-update
# emerge -C phpmyadmin-<oldversion>
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=PhpMyAdmin&oldid=4299"