Phpmyadmin在单个子域上使用SSL
问题描述:
我想访问唯一子域上的phpmyadmin。我创建了一个虚拟主机,一切正常,但我使用了许多子域,他们都让我访问phpmyadmin。Phpmyadmin在单个子域上使用SSL
我想只有一个子域指向phpmyadmin。
https://static01.domain.com
=>点到phpMyAdmin(也不应该)
https://pma.domain.com
=>点到phpMyAdmin(OK,但我想只有这一个)
这里是我的虚拟主机:
<VirtualHost *:80>
ServerName static01.domain.com
DocumentRoot /var/www/public_html/O2/..
</VirtualHost>
..
<VirtualHost *:443>
ServerName pma.domain.com
DocumentRoot /usr/share/phpmyadmin
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/server.crt
SSLCertificateKeyFile /etc/apache2/certificate/server.key
SSLProxyEngine on
</VirtualHost>
有什么想法?
答
在apache2.conf,你会发现在底部的一行:
Include conf.d/
这样做是包括在/etc/apache2/conf.d/
目录中的所有文件。
所以看看这个文件夹,你可能会发现一个名为phpmyadmin.conf
的文件。你可以简单地删除它。
答
我找到了一个解决方案,为那些有兴趣这个东西做的伎俩:
<VirtualHost *:443> (need to be 1st, for any subdomains)
ServerName domain.com
RedirectPermanent/"http://www.domain.com:80"
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/server.crt
SSLCertificateKeyFile /etc/apache2/certificate/server.key
SSLProxyEngine on
</VirtualHost>
<VirtualHost *:443>
ServerName pma.domain.com
DocumentRoot /usr/share/phpmyadmin
SSLEngine On
SSLCertificateFile /etc/apache2/certificate/server.crt
SSLCertificateKeyFile /etc/apache2/certificate/server.key
SSLProxyEngine on
</VirtualHost>
答
你在正确的方向走,但我想你应该添加一些额外的安全指令。
下面我目前的配置基础上,这是在CentOS的7. yum
软件包的安装对于其他系统路径之后创建的可能是不同的,或者如果您使用的是不同的Apache/PHP版本,一些命令也可以改变原来的phpMyAdmin.conf
,但你应该能够找到替代品。
我评论的原始指令,以及一些其他的指令可能是有用的:
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
#<IfModule mod_authz_core.c>
# # Apache 2.4
# <RequireAny>
# Require ip 127.0.0.1
# Require ip ::1
# </RequireAny>
#</IfModule>
#<IfModule !mod_authz_core.c>
# # Apache 2.2
# Order Deny,Allow
# Deny from All
# Allow from 127.0.0.1
# Allow from ::1
#</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
<VirtualHost XXX.XXX.XX.XX:443>
ServerName your.domain.com
DocumentRoot /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
DirectoryIndex index.php
Require all granted
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpMyAdmin/tmp
php_admin_value open_basedir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin:/usr/share/php/gettext:doc/html
</Directory>
<Directory /usr/share/phpMyAdmin/libraries>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
#ErrorLog ${APACHE_LOG_DIR}/error.log
#LogLevel warn
#CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/key.key
#SSLVerifyClient none
#SSLOptions +StrictRequire
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLProxyEngine off
#<IfModule mime.c>
# AddType application/x-509-ca-cert .crt
# AddType application/x-pkcs7-crl .crl
#</IfModule>
</VirtualHost>
这应该给你一个更安全的安装对公众开放。如果有人有进一步的建议,我很高兴听到。
从apache2配置文档中删除PHPMyAdmin的别名声明。 'Alias/phpmyadmin/usr/share/phpmyadmin' – 2014-10-27 14:28:53
谢谢你的回答,但是apache2.conf中没有别名,即使我删除include /etc/phpmyadmin/apache.conf,仍然是一样的..任何想法? – Julien 2014-10-27 14:35:58
尝试将''更改为''并重新启动服务器 –
2014-10-27 14:40:22