Welcome! Log In Create A New Profile

Advanced

Re: PHP below server root not served

nano
January 09, 2014 12:30PM
On 10/01/2014 4:13 AM, Jim Ohlstein wrote:
> Hello,
>
> On 1/9/14, 9:42 AM, nano wrote:
>>
>> I have attempted several variations of this format[1] you recommend and
>> continue to produce a broken site; dialog to download
>> application/octet-stream from the main servername.com and a 'File not
>> found.' from https://servername.com/phpmyadmin.
>>
>> [1]
>> location / {
>> try_files $uri $uri/ /index.php?$args;
>> }
>>
>> location ^~ /phpmyadmin {
>> alias /usr/local/www/phpMyAdmin/;
>> index index.php index.html;
>>
>> location ~ \.php$ {
>> fastcgi_pass unix:/var/run/php-fpm.locatsock;
>> fastcgi_param DOCUMENT_ROOT /usr/local/www/phpMyAdmin;
>> fastcgi_param SCRIPT_FILENAME /usr/local/www/phpMyAdmin/$1;
>> fastcgi_param SCRIPT_FILENAME
>> /usr/local/www/site1/wordpress$fastcgi_script_name;
>> fastcgi_param PATH_INFO $fastcgi_script_name;
>> include fastcgi_params;
>> }
>> }
>>
>> I eagerly anticipate a working example if and when you can provide one.
>> Thank you.
>>
>
> Next to "IfIsEvil" there should be a "DoNotUseAlias (unless necessary)".
> Use the "root" directive and nested locations
>
> location /phpMyAdmin {
> root /usr/local/www;
> index index.php;
> # above probably not necessary as it is inherited from above
> location ~ \.php$ {
> fastcgi_pass ...;
> ...
> }
> }
>
>

If my recollection is correct, I believe I had problems when using root
instead of alias directive. I will try again though.

> A few notes, in no particular order:
>
> You *should* use auth_basic [0] at the very least as exposing this
> functionality the world is a very bad idea.
>
> You should consider using "https only" for this script.
>
> If you want to enter phpmyadmin in all lower case in the URL (it is
> easier), do it via rewrite.
>
> Consider turning off access log on at least rewritten requests once you
> know it's working.
>
> Consider using your server's FQDN, not your server name. It's less
> likely potential intruders would guess it, though far from impossible.
>
> Something like (not tested but should get you very close if not there):
>
> server {
> listen 80;
> server_name foo;
>
> location ^~ /phpmyadmin {
> access_log off;
> rewrite ^ /phpMyAdmin/ permanent;
> }
>
> location /phpMyAdmin {
> access_log off;
> rewrite ^ https://foo$request_uri? break;
> }
> ...
>
> }
>
> server {
> listen 443 ssl;
> server name foo;
>
> ssl_certificate /path/to/cert;
> ssl_certificate_key /path/to/key;
>
> ...
>
> location ^~ /phpmyadmin {
> access_log off;
> rewrite ^ /phpMyAdmin/ permanent;
> }
>
> location /phpMyAdmin {
> auth_basic "Blah";
> auth_basic_usr_file /path/to/auth/file;
> # access_log off; # optional
> location ~ \.php$ {
> fastcgi_pass ...;
> include fastcgi_params;
> fastcgi_index index.php;
> fastcgi_param HTTPS on;
> }
> }
> }
>

I would like the whole server accessible over SSL. Not just for
phpMyAdmin but WordPress administration.

>
> [0] http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
>

Jim, thank you very much for your example(s) and advice, it is very much
appreciated. I had intended to secure phpMyAdmin access after resolving
my basic configuration issues. I will attempt to implement these changes
and report back with results.

--
syn.bsdbox.co

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL ciphers, disable or not to disable RC4?

Anonymous User January 09, 2014 04:30AM

Re: SSL ciphers, disable or not to disable RC4?

nano January 09, 2014 04:44AM

Re: SSL ciphers, disable or not to disable RC4?

Jeffrey Walton January 09, 2014 04:54AM

RE: SSL ciphers, disable or not to disable RC4?

Lukas Tribus January 09, 2014 04:54AM

Re: SSL ciphers, disable or not to disable RC4?

Jeffrey Walton January 09, 2014 05:06AM

PHP below server root not served

nano January 09, 2014 05:26AM

Re: PHP below server root not served

Richard Stanway January 09, 2014 05:30AM

Re: PHP below server root not served

nano January 09, 2014 05:34AM

Re: PHP below server root not served

Francis Daly January 09, 2014 05:56AM

Re: PHP below server root not served

nano January 09, 2014 06:46AM

Re: PHP below server root not served

nano January 09, 2014 07:42AM

Re: PHP below server root not served

B.R. January 09, 2014 08:00AM

Re: PHP below server root not served

nano January 09, 2014 08:52AM

Re: PHP below server root not served

Francis Daly January 09, 2014 04:00PM

Re: PHP below server root not served

nano January 09, 2014 10:08PM

Re: PHP below server root not served

Francis Daly January 10, 2014 04:38AM

Re: PHP below server root not served

nano January 10, 2014 06:40AM

Re: PHP below server root not served

Francis Daly January 10, 2014 10:36AM

Re: PHP below server root not served

nano January 12, 2014 05:28AM

Re: PHP below server root not served

Francis Daly January 14, 2014 05:14PM

Re: PHP below server root not served

Valentin V. Bartenev January 15, 2014 02:20PM

Re: PHP below server root not served

nano January 10, 2014 04:38AM

Re: PHP below server root not served

nano January 09, 2014 09:44AM

Re: PHP below server root not served

Jim Ohlstein January 09, 2014 12:14PM

Re: PHP below server root not served

nano January 09, 2014 12:30PM

Re: SSL ciphers, disable or not to disable RC4?

Axel January 12, 2014 12:44PM

Re: SSL ciphers, disable or not to disable RC4?

Darren Pilgrim January 12, 2014 02:10PM

Re: SSL ciphers, disable or not to disable RC4?

Axel January 13, 2014 04:02AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 115
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready