Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

[GUIDE] Running PhpMyAdmin from vesta service

https://forum.vestacp.com/viewtopic.php?f=11&t=16978

Page 1 of 2

[GUIDE] Running PhpMyAdmin from vesta service

Posted: Thu May 24, 2018 10:05 pm
by ivcha92
This will make PHP my admin run with PHP from vesta and be available on port 8083.

This guide is for setup with Nginx + PHP-FPM tested on Centos 7

First we make new temp directory for PHPMyAdmin to avoid permission issue.

Code: Select all

mkdir /tmp/phpMyAdmin
chmod 777 /tmp/phpMyAdmin
Then we add set this directory as TempDir to PhpMyAdmin configuration.

in file: /etc/phpMyAdmin/config.inc.php

Code: Select all

$cfg['TempDir'] = '/tmp/phpMyAdmin';
Nest thing we want to add admin user to apache group so that PhpMyAdmin can access the config file.

Code: Select all

 usermod -a -G apache admin
Next we edit the nginx configuration file to look like this. This also fixes the issue with documentation .
If you want you can pick change url suffix from phpmyadmin to something else by replacing "phpmyadmin" on each location parameter

in file: /etc/nginx/conf.d/phpmyadmin.inc

Code: Select all

location ^~ /phpmyadmin {
    alias /usr/share/phpMyAdmin;
    index index.php;

    location ^~ /[phpmyadmin/(libraries|setup) {
        return 404;
    }

    location ~ ^/phpmyadmin/(.*\.php)$ {
	alias /usr/share/phpMyAdmin/$1;
        fastcgi_pass unix:/var/run/vesta-php.sock;
	fastcgi_index index.php;
	include         /usr/local/vesta/nginx/conf/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $request_filename;
    }
    location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
        alias /usr/share/phpMyAdmin/$1;
    }
}
next we include phpmyadmin.ini vesta nginx.conf by adding the following line at the bottom of the server section

in file: /usr/local/vesta/nginx/conf/nginx.conf

Code: Select all

include /etc/nginx/conf.d/phpmyadmin.inc;
next restart the vesta service

Code: Select all

service vesta restart
In order to have link in admin panel working properly. open Vesta CP and under DB set phpMyAdmin URL as:

Code: Select all

/phpmyadmin/
Now you have PhpMyAdmin running via vesta service but it will sill be accessible at /phpmyadmin for each domain in order to disable it there modify your templates at /usr/local/vesta/data/templates/web/nginx/php-fpm/ and comment out with # or remove the following line :

Code: Select all

include /etc/nginx/conf.d/phpmyadmin.inc;
After modifying templates make sure to rebuild the users either from cli or by chaining template in Vesta CP

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Fri May 25, 2018 2:25 am
by Stesh
Very very bad idea. In case of hacking PhpMyAdmin, the whole server will be hacked

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Fri May 25, 2018 9:31 pm
by ivcha92
Stesh wrote:
Fri May 25, 2018 2:25 am
 Very very bad idea. In case of hacking PhpMyAdmin, the whole server will be hacked
Why do you think so. PhpMyAdmin will be running as vesta default user admin which does not have root access. It have same access as if you were running it from virtual host on admin user

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Sat May 26, 2018 9:19 am
by Stesh
new install

Code: Select all

# v-delete-web-domain admin blabla.com
# service vesta stop
# v-add-user user password [email protected]
# v-add-web-domain user blabla.com

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Sun May 27, 2018 2:56 am
by mehargags
ivcha92 wrote:
Fri May 25, 2018 9:31 pm
 Why do you think so. PhpMyAdmin will be running as vesta default user admin which does not have root access. It have same access as if you were running it from virtual host on admin user
Absolutely wrong on this point... the user "admin" has sudo privileges, so it as elevated access always.

However, I'm not sure if this guide is right or not, I guess Roundcube and PHPMyAdmin are installed globally and not sure if there is any security difference between using it this way.

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Sun May 27, 2018 3:07 am
by dpeca
Bad idea for sure, brate.

Vesta-php is running as superuser.

In fact, phpmyadmin is also running as 'admin' via apache, but at least, you can disable dangerous functions in php.ini.
In vesta-php you can not disable 'eval' for example.

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Sun May 27, 2018 4:10 pm
by dpeca
If your idea is to run phpmyadmin via php-fpm, to avoid apache, then it's pretty easy to install separate php-fpm, trust me... mostly one apt-get/yum command...

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Mon May 28, 2018 6:56 pm
by ivcha92
Let me explain why I did that and why it is not so bad Idea. If you run phpmyadmin on vhosts it is accessible on port 80 and 443. Now I am running it on Vesta Nginx server so it is only accessible on port 8083 on which I can set firewall rule to allow only specific ip addresses to access it.

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Mon May 28, 2018 6:57 pm
by ivcha92
dpeca wrote:
Sun May 27, 2018 4:10 pm
 If your idea is to run phpmyadmin via php-fpm, to avoid apache, then it's pretty easy to install separate php-fpm, trust me... mostly one apt-get/yum command...
I don't use Apache it's Nginx + php-fpm setup

Re: [GUIDE] Running PhpMyAdmin from vesta service

Posted: Mon May 28, 2018 7:05 pm
by ivcha92
I have another idea for the super user permission. A new pool can be added for Vesta PHP-FPM and separate user can be created for phpmyadmin
All times are UTC
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/