PhpMyAdmin: Difference between revisions

<VirtualHost *:80>

    ServerName phpmyadmin.<domain>:80

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

<VirtualHost *:443>

    DocumentRoot "/var/www/phpmyadmin.<domain>/htdocs"
    ServerName phpmyadmin.<domain>:443
    DirectoryIndex index.php

    <Directory "/var/www/phpmyadmin.<domain>/htdocs">
        Options None
        AllowOverride Limit
        Require ip 10.133 10.132
    </Directory>

    # PHP-FPM
    <FilesMatch "\.(php|php5|phtml)$">
        SetHandler "proxy:unix:/run/php-fpm-phpmyadmin.<domain>.sock|fcgi://localhost"
    </FilesMatch>

    SSLEngine On
    SSLCertificateFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.crt
    SSLCertificateKeyFile /etc/ssl/apache2/phpmyadmin.<domain>/phpmyadmin.<domain>.key

    # Forward Secrecy
    # Source: https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

    # OCSP stapling
    SSLUseStapling on

    # Strict Transport Security (HSTS)
    # 180 days
    Header always set Strict-Transport-Security "max-age=15552000"

</VirtualHost>

# useradd --system --shell /bin/false --no-create-home --home /var/www/phpmyadmin.<domain> -g apache www-phpmyadmin

[phpmyadmin.<domain>]

prefix = /var/www/$pool

user = www-phpmyadmin
group = apache

listen = /run/php-fpm-$pool.sock

listen.owner = www-phpmyadmin
listen.group = apache
listen.mode = 0660

pm = dynamic
pm.max_children = 50
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

php_admin_value[date.timezone] = Europe/Berlin
php_admin_value[mysqli.default_socket] = /run/mysqld/mysqld.sock
php_admin_value[open_basedir] = /var/www/phpmyadmin.<domain>:/usr/bin:/usr/share/php:/run/mysqld
php_admin_value[post_max_size] = 50M
php_admin_value[session.save_path] = /var/www/phpmyadmin.<domain>/session
php_admin_value[sys_temp_dir] = /var/www/phpmyadmin.<domain>/tmp
php_admin_value[upload_max_filesize] = 50M
php_admin_value[upload_tmp_dir] = /var/www/phpmyadmin.<domain>/tmp

; enable logging
catch_workers_output = yes
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = /var/log/php-fpm.phpmyadmin.<domain>.log

dev-db/phpmyadmin vhosts

# emerge phpmyadmin

# webapp-config -h phpmyadmin.<domain> -d / -I phpmyadmin 5.0.2

# mysql -u root -p < /usr/share/webapps/phpmyadmin/<version>/htdocs/sql/create_tables.sql

# mysql -u root -p

SELECT PASSWORD('some_pass');

CREATE USER 'phpmyadmin'@'localhost' IDENTIFIED VIA mysql_native_password USING 'some_hash';

GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost';

<?php

/* Servers configuration */
$i = 0;

/* Server localhost (http) [1] */
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* User for advanced features */
$cfg['Servers'][$i]['controluser'] = 'phpmyadmin';
$cfg['Servers'][$i]['controlpass'] = 'xxx';
/* Advanced phpMyAdmin features */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['users'] = 'pma__users';
/* Hide lost+found if on a separate partition */
$cfg['Servers'][$i]['hide_db'] = '#mysql50#lost|^(information\_schema|performance\_schema|mysql|phpmyadmin)$';
/* End of servers configuration */

/* Misc settings */
$cfg['blowfish_secret'] = 'xxx';
$cfg['Export']['compression'] = 'bzip2';
$cfg['DefaultLang'] = 'de';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['VersionCheck'] = 0;
$cfg['TempDir'] = '/var/www/phpmyadmin.<domain>/tmp';

?>

# emerge phpmyadmin

# webapp-config -h phpmyadmin.<domain> -d / -U phpmyadmin 5.0.3

# CONFIG_PROTECT="/var/www/phpmyadmin.<domain>/htdocs//libraries" etc-update

# emerge -C phpmyadmin-<oldversion>