1. 首頁
  2. 問答
  3. Phpmyadmin在單個子域上使用SSL

Phpmyadmin在單個子域上使用SSL

2014-10-27 85 views
0

我想訪問唯一子域上的phpmyadmin。我創建了一個虛擬主機,一切正常,但我使用了許多子域,他們都讓我訪問phpmyadmin。Phpmyadmin在單個子域上使用SSL

我想只有一個子域指向phpmyadmin。

https://static01.domain.com =>點到phpMyAdmin(也不應該)

https://pma.domain.com =>點到phpMyAdmin(OK,但我想只有這一個)

這裏是我的虛擬主機:

<VirtualHost *:80> 
    ServerName static01.domain.com 
    DocumentRoot /var/www/public_html/O2/.. 
</VirtualHost> 
.. 
<VirtualHost *:443> 
    ServerName pma.domain.com 
    DocumentRoot /usr/share/phpmyadmin 

    SSLEngine On 
    SSLCertificateFile /etc/apache2/certificate/server.crt 
    SSLCertificateKeyFile /etc/apache2/certificate/server.key 
    SSLProxyEngine on 
</VirtualHost>

有什麼想法?

來源

2014-10-27 Julien

+0

從apache2配置文檔中刪除PHPMyAdmin的別名聲明。 'Alias/phpmyadmin/usr/share/phpmyadmin' – 2014-10-27 14:28:53

+0

謝謝你的回答,但是apache2.conf中沒有別名,即使我刪除include /etc/phpmyadmin/apache.conf,仍然是一樣的..任何想法? – Julien 2014-10-27 14:35:58

+0

嘗試將''更改爲''並重新啓動服務器 – 2014-10-27 14:40:22

回答

0

在apache2.conf,你會發現在底部的一行:

Include conf.d/

這樣做是包括在/etc/apache2/conf.d/目錄中的所有文件。

所以看看這個文件夾,你可能會發現一個名爲phpmyadmin.conf的文件。你可以簡單地刪除它。

來源

2014-10-27 14:46:02 rjdown

+0

謝謝但在/ etc /中沒有cond.d目錄) apache2 /,我用ubuntu 14 – Julien 2014-10-27 14:52:33

+0

好的,在apache2.conf的底部尋找類似的東西(例如,只是'include somefolder /'),然後從那裏刪除它 – rjdown 2014-10-27 14:55:13

+0

我已經放入評論include/etc/phpmyadmin/apache.conf但沒有任何改變,grr,這讓我瘋狂,任何想法? – Julien 2014-10-27 14:57:43

0

我找到了一個解決方案,爲那些有興趣這個東西做的伎倆:

<VirtualHost *:443> (need to be 1st, for any subdomains) 
    ServerName domain.com 
    RedirectPermanent/"http://www.domain.com:80" 

    SSLEngine On 
    SSLCertificateFile /etc/apache2/certificate/server.crt 
    SSLCertificateKeyFile /etc/apache2/certificate/server.key 
    SSLProxyEngine on 
</VirtualHost> 

<VirtualHost *:443> 
    ServerName pma.domain.com 
    DocumentRoot /usr/share/phpmyadmin 

    SSLEngine On 
    SSLCertificateFile /etc/apache2/certificate/server.crt 
    SSLCertificateKeyFile /etc/apache2/certificate/server.key 
    SSLProxyEngine on 
</VirtualHost>

來源

2014-10-28 15:36:39 Julien

0

你在正確的方向走,但我想你應該添加一些額外的安全指令。

下面我目前的配置基礎上,這是在CentOS的7. yum軟件包的安裝對於其他系統路徑之後創建的可能是不同的,或者如果您使用的是不同的Apache/PHP版本,一些命令也可以改變原來的phpMyAdmin.conf ,但你應該能夠找到替代品。

我評論的原始指令,以及一些其他的指令可能是有用的:

# phpMyAdmin - Web based MySQL browser written in php 
# 
# Allows only localhost by default 
# 
# But allowing phpMyAdmin to anyone other than localhost should be considered 
# dangerous unless properly secured by SSL 

#Alias /phpMyAdmin /usr/share/phpMyAdmin 
#Alias /phpmyadmin /usr/share/phpMyAdmin 

<Directory /usr/share/phpMyAdmin/> 
    AddDefaultCharset UTF-8 

    #<IfModule mod_authz_core.c> 
    # # Apache 2.4 
    # <RequireAny> 
    # Require ip 127.0.0.1 
    # Require ip ::1 
    # </RequireAny> 
    #</IfModule> 
    #<IfModule !mod_authz_core.c> 
    # # Apache 2.2 
    # Order Deny,Allow 
    # Deny from All 
    # Allow from 127.0.0.1 
    # Allow from ::1 
    #</IfModule> 
</Directory> 

<Directory /usr/share/phpMyAdmin/setup/> 
    <IfModule mod_authz_core.c> 
    # Apache 2.4 
    <RequireAny> 
     Require ip 127.0.0.1 
     Require ip ::1 
    </RequireAny> 
    </IfModule> 
    <IfModule !mod_authz_core.c> 
    # Apache 2.2 
    Order Deny,Allow 
    Deny from All 
    Allow from 127.0.0.1 
    Allow from ::1 
    </IfModule> 
</Directory> 

# These directories do not require access over HTTP - taken from the original 
# phpMyAdmin upstream tarball 
# 
<Directory /usr/share/phpMyAdmin/libraries/> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
</Directory> 

<Directory /usr/share/phpMyAdmin/setup/lib/> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
</Directory> 

<Directory /usr/share/phpMyAdmin/setup/frames/> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
</Directory> 

# This configuration prevents mod_security at phpMyAdmin directories from 
# filtering SQL etc. This may break your mod_security implementation. 
# 
#<IfModule mod_security.c> 
# <Directory /usr/share/phpMyAdmin/> 
#  SecRuleInheritance Off 
# </Directory> 
#</IfModule> 

<VirtualHost XXX.XXX.XX.XX:443> 
    ServerName your.domain.com 

    DocumentRoot /usr/share/phpMyAdmin 

    <Directory /usr/share/phpMyAdmin> 
    Options Indexes FollowSymLinks MultiViews 
     AllowOverride all 
     DirectoryIndex index.php 
     Require all granted 

    AddType application/x-httpd-php .php 
    php_flag magic_quotes_gpc Off 
    php_flag track_vars On 
    php_flag register_globals Off 
    php_admin_flag allow_url_fopen Off 
    php_value include_path . 
    php_admin_value upload_tmp_dir /var/lib/phpMyAdmin/tmp 
    php_admin_value open_basedir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin:/usr/share/php/gettext:doc/html 
    </Directory> 

    <Directory /usr/share/phpMyAdmin/libraries> 
    Order Deny,Allow 
    Deny from All 
    Allow from None 
    </Directory> 

    #ErrorLog ${APACHE_LOG_DIR}/error.log 
    #LogLevel warn 

    #CustomLog ${APACHE_LOG_DIR}/access.log combined 

    SSLEngine on 
    SSLCertificateFile /path/to/your/certificate.crt 
    SSLCertificateKeyFile /path/to/your/key.key 
    #SSLVerifyClient none 
    #SSLOptions +StrictRequire 
    SSLProtocol -all +TLSv1 +SSLv3 
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM 
    SSLProxyEngine off 
    #<IfModule mime.c> 
    # AddType application/x-509-ca-cert .crt 
    # AddType application/x-pkcs7-crl .crl 
    #</IfModule> 

</VirtualHost>

這應該給你一個更安全的安裝對公衆開放。如果有人有進一步的建議,我很高興聽到。

來源

2015-10-10 18:02:49

相關問題

 相關問題