1. 首页
  2. 问答
  3. Phpmyadmin在单个子域上使用SSL

Phpmyadmin在单个子域上使用SSL

2014-10-27 93 views
0

我想访问唯一子域上的phpmyadmin。我创建了一个虚拟主机,一切正常,但我使用了许多子域,他们都让我访问phpmyadmin。Phpmyadmin在单个子域上使用SSL

我想只有一个子域指向phpmyadmin。

https://static01.domain.com =>点到phpMyAdmin(也不应该)

https://pma.domain.com =>点到phpMyAdmin(OK,但我想只有这一个)

这里是我的虚拟主机:

<VirtualHost *:80> 
    ServerName static01.domain.com 
    DocumentRoot /var/www/public_html/O2/.. 
</VirtualHost> 
.. 
<VirtualHost *:443> 
    ServerName pma.domain.com 
    DocumentRoot /usr/share/phpmyadmin 

    SSLEngine On 
    SSLCertificateFile /etc/apache2/certificate/server.crt 
    SSLCertificateKeyFile /etc/apache2/certificate/server.key 
    SSLProxyEngine on 
</VirtualHost>

有什么想法?

来源

2014-10-27 Julien

+0

从apache2配置文档中删除PHPMyAdmin的别名声明。 'Alias/phpmyadmin/usr/share/phpmyadmin' – 2014-10-27 14:28:53

+0

谢谢你的回答,但是apache2.conf中没有别名,即使我删除include /etc/phpmyadmin/apache.conf,仍然是一样的..任何想法? – Julien 2014-10-27 14:35:58

+0

尝试将''更改为''并重新启动服务器 – 2014-10-27 14:40:22

回答

0

在apache2.conf,你会发现在底部的一行:

Include conf.d/

这样做是包括在/etc/apache2/conf.d/目录中的所有文件。

所以看看这个文件夹,你可能会发现一个名为phpmyadmin.conf的文件。你可以简单地删除它。

来源

2014-10-27 14:46:02 rjdown

+0

谢谢但在/ etc /中没有cond.d目录) apache2 /,我用ubuntu 14 – Julien 2014-10-27 14:52:33

+0

好的,在apache2.conf的底部寻找类似的东西(例如,只是'include somefolder /'),然后从那里删除它 – rjdown 2014-10-27 14:55:13

+0

我已经放入评论include/etc/phpmyadmin/apache.conf但没有任何改变,grr,这让我疯狂,任何想法? – Julien 2014-10-27 14:57:43

0

我找到了一个解决方案,为那些有兴趣这个东西做的伎俩:

<VirtualHost *:443> (need to be 1st, for any subdomains) 
    ServerName domain.com 
    RedirectPermanent/"http://www.domain.com:80" 

    SSLEngine On 
    SSLCertificateFile /etc/apache2/certificate/server.crt 
    SSLCertificateKeyFile /etc/apache2/certificate/server.key 
    SSLProxyEngine on 
</VirtualHost> 

<VirtualHost *:443> 
    ServerName pma.domain.com 
    DocumentRoot /usr/share/phpmyadmin 

    SSLEngine On 
    SSLCertificateFile /etc/apache2/certificate/server.crt 
    SSLCertificateKeyFile /etc/apache2/certificate/server.key 
    SSLProxyEngine on 
</VirtualHost>

来源

2014-10-28 15:36:39 Julien

0

你在正确的方向走,但我想你应该添加一些额外的安全指令。

下面我目前的配置基础上,这是在CentOS的7. yum软件包的安装对于其他系统路径之后创建的可能是不同的,或者如果您使用的是不同的Apache/PHP版本,一些命令也可以改变原来的phpMyAdmin.conf ,但你应该能够找到替代品。

我评论的原始指令,以及一些其他的指令可能是有用的:

# phpMyAdmin - Web based MySQL browser written in php 
# 
# Allows only localhost by default 
# 
# But allowing phpMyAdmin to anyone other than localhost should be considered 
# dangerous unless properly secured by SSL 

#Alias /phpMyAdmin /usr/share/phpMyAdmin 
#Alias /phpmyadmin /usr/share/phpMyAdmin 

<Directory /usr/share/phpMyAdmin/> 
    AddDefaultCharset UTF-8 

    #<IfModule mod_authz_core.c> 
    # # Apache 2.4 
    # <RequireAny> 
    # Require ip 127.0.0.1 
    # Require ip ::1 
    # </RequireAny> 
    #</IfModule> 
    #<IfModule !mod_authz_core.c> 
    # # Apache 2.2 
    # Order Deny,Allow 
    # Deny from All 
    # Allow from 127.0.0.1 
    # Allow from ::1 
    #</IfModule> 
</Directory> 

<Directory /usr/share/phpMyAdmin/setup/> 
    <IfModule mod_authz_core.c> 
    # Apache 2.4 
    <RequireAny> 
     Require ip 127.0.0.1 
     Require ip ::1 
    </RequireAny> 
    </IfModule> 
    <IfModule !mod_authz_core.c> 
    # Apache 2.2 
    Order Deny,Allow 
    Deny from All 
    Allow from 127.0.0.1 
    Allow from ::1 
    </IfModule> 
</Directory> 

# These directories do not require access over HTTP - taken from the original 
# phpMyAdmin upstream tarball 
# 
<Directory /usr/share/phpMyAdmin/libraries/> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
</Directory> 

<Directory /usr/share/phpMyAdmin/setup/lib/> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
</Directory> 

<Directory /usr/share/phpMyAdmin/setup/frames/> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
</Directory> 

# This configuration prevents mod_security at phpMyAdmin directories from 
# filtering SQL etc. This may break your mod_security implementation. 
# 
#<IfModule mod_security.c> 
# <Directory /usr/share/phpMyAdmin/> 
#  SecRuleInheritance Off 
# </Directory> 
#</IfModule> 

<VirtualHost XXX.XXX.XX.XX:443> 
    ServerName your.domain.com 

    DocumentRoot /usr/share/phpMyAdmin 

    <Directory /usr/share/phpMyAdmin> 
    Options Indexes FollowSymLinks MultiViews 
     AllowOverride all 
     DirectoryIndex index.php 
     Require all granted 

    AddType application/x-httpd-php .php 
    php_flag magic_quotes_gpc Off 
    php_flag track_vars On 
    php_flag register_globals Off 
    php_admin_flag allow_url_fopen Off 
    php_value include_path . 
    php_admin_value upload_tmp_dir /var/lib/phpMyAdmin/tmp 
    php_admin_value open_basedir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin:/usr/share/php/gettext:doc/html 
    </Directory> 

    <Directory /usr/share/phpMyAdmin/libraries> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
    </Directory> 

    #ErrorLog ${APACHE_LOG_DIR}/error.log 
    #LogLevel warn 

    #CustomLog ${APACHE_LOG_DIR}/access.log combined 

    SSLEngine on 
    SSLCertificateFile /path/to/your/certificate.crt 
    SSLCertificateKeyFile /path/to/your/key.key 
    #SSLVerifyClient none 
    #SSLOptions +StrictRequire 
    SSLProtocol -all +TLSv1 +SSLv3 
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM 
    SSLProxyEngine off 
    #<IfModule mime.c> 
    # AddType application/x-509-ca-cert .crt 
    # AddType application/x-pkcs7-crl .crl 
    #</IfModule> 

</VirtualHost>

这应该给你一个更安全的安装对公众开放。如果有人有进一步的建议,我很高兴听到。

来源

2015-10-10 18:02:49

相关问题

 相关问题