Phpmyadmin在单个子域上使用SSL

时间:2014-10-27 14:22:58

标签: apache ssl virtualhost

我想在一个独特的子域上访问phpmyadmin。我已经创建了一个虚拟主机,一切正常,但我使用了很多子域,它们都让我访问phpmyadmin。

我希望只有一个子域指向phpmyadmin。

https://static01.domain.com =>指向phpmyadmin(并且不应该)

https://pma.domain.com =>指向phpmyadmin(好的,但我只想这个)

这是我的虚拟主机:

<VirtualHost *:80>
    ServerName static01.domain.com
    DocumentRoot /var/www/public_html/O2/..
</VirtualHost>
..
<VirtualHost *:443>
   ServerName pma.domain.com
   DocumentRoot /usr/share/phpmyadmin

   SSLEngine On
   SSLCertificateFile /etc/apache2/certificate/server.crt
   SSLCertificateKeyFile /etc/apache2/certificate/server.key
   SSLProxyEngine  on
</VirtualHost>

有什么想法吗?

4 个答案:

答案 0 :(得分:0)

在apache2.conf中,你会在底部找到一行:

Include conf.d/

这样做包括/etc/apache2/conf.d/目录中的所有文件。

因此,请查看此文件夹,您可能会找到名为phpmyadmin.conf的文件。你可以简单地删除它。

答案 1 :(得分:0)

我找到了一个解决方案,对于那些感兴趣的人来说这个诀窍是:

<VirtualHost *:443>  (need to be 1st, for any subdomains)
    ServerName domain.com
    RedirectPermanent / "http://www.domain.com:80"

    SSLEngine On
    SSLCertificateFile /etc/apache2/certificate/server.crt
    SSLCertificateKeyFile /etc/apache2/certificate/server.key
    SSLProxyEngine on
</VirtualHost>

<VirtualHost *:443>
    ServerName pma.domain.com
    DocumentRoot /usr/share/phpmyadmin

    SSLEngine On
    SSLCertificateFile /etc/apache2/certificate/server.crt
    SSLCertificateKeyFile /etc/apache2/certificate/server.key
    SSLProxyEngine on
</VirtualHost>

答案 2 :(得分:0)

您正朝着正确的方向前进,但我认为您应该添加一些额外的安全指令。

在我当前的配置下,基于在CentOS 7中安装phpMyAdmin.conf软件包之后创建的原始yum。对于其他系统路径可能不同,或者如果您使用不同的Apache / PHP版本,一些命令也可以改变,但你应该能够找到替代品。

我正在评论原始指令,以及其他一些可能有用的指令:

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   #<IfModule mod_authz_core.c>
   #  # Apache 2.4
   #  <RequireAny>
   #    Require ip 127.0.0.1
   #    Require ip ::1
   #  </RequireAny>
   #</IfModule>
   #<IfModule !mod_authz_core.c>
   #  # Apache 2.2
   #  Order Deny,Allow
   #  Deny from All
   #  Allow from 127.0.0.1
   #  Allow from ::1
   #</IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

<VirtualHost XXX.XXX.XX.XX:443>
  ServerName your.domain.com

  DocumentRoot /usr/share/phpMyAdmin

  <Directory /usr/share/phpMyAdmin>
    Options Indexes FollowSymLinks MultiViews
      AllowOverride all
        DirectoryIndex index.php
      Require all granted

    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_flag register_globals Off
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/phpMyAdmin/tmp
    php_admin_value open_basedir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin:/usr/share/php/gettext:doc/html
  </Directory>

  <Directory /usr/share/phpMyAdmin/libraries>
    Order Deny,Allow
    Deny from All
    Allow from None
  </Directory>

  #ErrorLog ${APACHE_LOG_DIR}/error.log
  #LogLevel warn

  #CustomLog ${APACHE_LOG_DIR}/access.log combined

  SSLEngine on
  SSLCertificateFile /path/to/your/certificate.crt
  SSLCertificateKeyFile /path/to/your/key.key
  #SSLVerifyClient none
  #SSLOptions +StrictRequire
  SSLProtocol -all +TLSv1 +SSLv3
  SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
  SSLProxyEngine off
  #<IfModule mime.c>
  # AddType application/x-509-ca-cert .crt
  # AddType application/x-pkcs7-crl .crl
  #</IfModule>

</VirtualHost>

这应该会为您提供更加安全的安装方式。如果有人有进一步的建议,我很高兴听到。

答案 3 :(得分:-1)

您可以使用以下命令:

a2disconf phpmyadmin

禁用phpmyadmin网址。

相关问题
最新问题