Learn about Centmin Mod LEMP Stack today
Register Now

phpmyadmin.sh Addon

Discussion in 'Add Ons' started by eva2000, May 25, 2014.

  1. Dannymh

    Dannymh New Member

    19
    3
    3
    Oct 23, 2014
    Ratings:
    +3
    Local Time:
    11:50 PM
    1.7.x
    5.5
    I ran the phpmyadmin script, but when it got to the part where it restarts php-fpm, it failed as it had set no user for the php-fpm pool so tried to run as root.

    I altered the config and for the pool to the nginx user and tried to run the script again, however now it fails with a duplicate location in the phpmyadminconfig.

    I remove this and then try to re-run the script, it then fails after the same php-fpm restart with


    Code:
    ./phpmyadmin.sh: line 390: cecho: command not found
    
    Restarting nginx (via systemctl):  Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    
                                                              [FAILED]
    
    Gracefully shutting down php-fpm . done
    
    Starting php-fpm  done
    
    ./phpmyadmin.sh: line 489: syntax error near unexpected token `fi'
    
    ./phpmyadmin.sh: line 489: `fi'
    
    It looks like i need to go back and clean everything up, but looks like there is no simple way to do this and will need to scroll back through the .sh and reverse everything from up to line 489.

    Is there any other quick cleanup I could do to try and get the install running again?
     
  2. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    12:50 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Wondering if I can get Phpmyadmin working behind HSTS Cloudflare certificate.....

    I know that it is related to the self signed certificate but is it possible to use Let’s encrypt on it or any other solution?

    As using HSTS there is no way to open phpmyadmin ....

    Thank you
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    can you run your phpmyadmin.sh script in debug mode
    Code (Text):
    bash -x phpmyadmin.sh

    then post output in a gist.github.com or pastebin.com entry and share the link - you can mask any sensitive info
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There's no automated way for main hostname SSL HTTPS. But you can manually setup main hostname outlined in Getting Started Guide step 1 with HTTPS using vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS

    type on domain field in main host name domain which has to have valid DNS A record pointing to server ip i.e. host.domain.com and check box that says Generate Self-Signed SSL / Letsencrypt SSL HTTPS Vhost (File ONLY) *

    Vhost type = basic and hit submit

    follow first 3 acme.sh commands only to get letsencrypt ssl cert but edit web root from
    /home/nginx/domains/host.domain.com/public to point to /usr/local/nginx/html and remove www. domain from -d

    enable letsencrypt in 123.09beta01 - 3 commands
    Code (Text):
    touch /etc/centminmod/custom_config.inc
    echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
    /usr/local/src/centminmod/addons/acmetool.sh acmeupdate
    

    get letsencrypt ssl cert - 1 line cmd - webroot defined by -w /usr/local/nginx/html
    Code (Text):
    /root/.acme.sh/acme.sh --force --issue --days 60 -d host.domain.com -w /usr/local/nginx/html -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-host.domain.com.log --log-level 2
    

    install letsencrypt ssl cert - 2 line cmds
    Code (Text):
    mkdir -p /usr/local/nginx/conf/ssl/host.domain.com
    /root/.acme.sh/acme.sh --installcert -d host.domain.com --certpath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.key --capath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-fullchain-acme.key
    

    then make a copy of /usr/local/nginx/conf/conf.d/virtual.conf as /usr/local/nginx/conf/conf.d/virtual.ssl.conf
    Code (Text):
    cp -a /usr/local/nginx/conf/conf.d/virtual.conf /usr/local/nginx/conf/conf.d/virtual.ssl.conf
    

    now edit within /usr/local/nginx/conf/conf.d/virtual.ssl.conf with ssl cert lines so looks like
    Code (Text):
    server {
      listen 443 ssl http2;
      server_name host.domain.com;
    
      ssl_certificate      /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.key;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/host.domain.com/host.domain.com-acme.cer;
    
            root   html;
            access_log              /var/log/nginx/localhost.access.log     combined buffer=8k flush=1m;
            error_log               /var/log/nginx/localhost.error.log      error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
            location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            #allow youripaddress;
            deny all;
            }
    
                location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #Enables directory listings when index file not found
    #autoindex  on;
         
                }
    
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    #include /usr/local/nginx/conf/vts_mainserver.conf;
    
           }
    

    restart nginx
    Code (Text):
    ngxrestart
    

    now you should be able to access both https and non-https hostname and then if all is working do a non-https to https 302 temp redirect



    If you do have phpmyadmin.sh installed phpmyadmin, you can probably try this to fix the conflict via these steps.

    1. Get the contents of /usr/local/nginx/conf/phpmyadmin_https.conf and place it in your above created
    /usr/local/nginx/conf/conf.d/virtual.ssl.conf main hostname HTTPS nginx vhost within server{} context

    2. Backup locally copy of phpmyadmin.sh auto generated self-signed SSL cert HTTPS vhost at /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf

    3. Then take the below following values contained within /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf and transpose them into your above created
    /usr/local/nginx/conf/conf.d/virtual.ssl.conf main hostname HTTPS nginx vhost within server{} context
    Code (Text):
    keepalive_timeout 3000;
    client_body_buffer_size 256k;
    client_body_timeout 3000s;
    client_header_buffer_size 256k;
    ## how long a connection has to complete sending
    ## it's headers for request to be processed
    client_header_timeout 60s;
    client_max_body_size 512m;
    connection_pool_size 512;
    directio 512m;
    ignore_invalid_headers on;
    large_client_header_buffers 8 256k;
    


    4. Then remove /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf

    5. Test Nginx config & Restart Nginx & PHP-FPM
    Code (Text):
    nginx -t
    nprestart
    
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    12:50 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    One question....
    Should i generate the vhost for my hostname using menu 2 or i just need only to generate the vhost from the online generator?

    Thank you
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no generating needed ;)
     
  7. Dannymh

    Dannymh New Member

    19
    3
    3
    Oct 23, 2014
    Ratings:
    +3
    Local Time:
    11:50 PM
    1.7.x
    5.5
    will do shortly, because the world has a sardonic sense of humor, a week after OS and software hell, my server just ran into an SSD disk array issue
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    12:50 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hello

    I did it and I have a valid certificate now and all are ok ...

    Before that I was create a valid certificate for my domain using the same tool acme and I got one entry at crontab related to auto updating of it...

    That previous entry will auto update the certificate for the Phpmyadmin also or I should do something else for it ?

    Thank you
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    acme.sh cron renews all ssl certs created via acme.sh and thus via acmetool.sh addon.
     
  10. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    11:50 PM
    Well I am using Adminer instead of phpmyadmin. Single php file, less then 500 kb in size. You just need to put it in public folder of your domain, rename it and you are done :)

    Adminer: https://www.adminer.org/

    You just rename it into something like this:

    Code:
    From adminer-4.7.1.php
    
    Into something like this:
    
    Q3TjHmau67xwsB6E7ZUCXYhJuQJuY23q.php
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I would put it in a http password and/or IP restricted directory instead or even on a nginx vhost created site on a subdomain without a valid DNS entry and just use local host file edit on your local pc devices etc + http password and/or IP restricted directory so only you can resolve the subdomain to access it. Much safer :)
     
  12. alex_cmm

    alex_cmm New Member

    16
    7
    3
    Apr 2, 2019
    Ratings:
    +7
    Local Time:
    11:50 PM
    Well I only need to import my .sql file into db and delete adminer .php file from my vps. No need to hold it there :)
     
  13. ndha

    ndha Member

    83
    10
    8
    Sep 28, 2014
    Ratings:
    +29
    Local Time:
    5:50 AM
    1.27
    10.6
    @eva2000 i got error 502 Bad Gateway today when access PMA url from 2 servers of mine..
    Both has been Upgrade from php 5.6 to 7.2 then error 502 Bad Gateway show up..
    In before with php 5.6 PMA url is access fine, after upgrade php 7.2 it's error..
    Already tried reinstall PMA but still same problem..
    Centmin, Nginx + PHP Latest update..
    is there anything change in PMA config after php upgrade??

    Already check nginx error log, i got:
    Code:
    unix:/tmp/phpfpm_myadmin.sock failed (2: No such file or directory) while connecting to upstream
    phpfpm_myadmin.conf is :
    Code:
    [phpmyadmin]
    user = phpmyadmin
    group = nginx
    
    ;listen = 127.0.0.1:9001
    listen = /tmp/phpfpm_myadmin.sock
    listen.allowed_clients = 127.0.0.1
    listen.owner=phpmyadmin
    listen.group=nginx
    
    pm = ondemand
    pm.max_children = 5
    ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
    pm.start_servers = 1
    pm.min_spare_servers = 1
    pm.max_spare_servers = 3
    pm.max_requests = 500
    
    pm.process_idle_timeout = 3600s;
    
    rlimit_files = 65536
    rlimit_core = 0
    
    ; The timeout for serving a single request after which the worker process will
    ; be killed. This option should be used when the 'max_execution_time' ini option
    ; does not stop script execution for some reason. A value of '0' means 'off'.
    ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
    ; Default Value: 0
    ;request_terminate_timeout = 0
    ;request_slowlog_timeout = 0
    slowlog = /var/log/php-fpm/www-slowmyadmin.log
    
    security.limit_extensions = .php .php3 .php4 .php5
    
    php_admin_value[open_basedir] = /usr/local/nginx/html/11135_mysqladmin17390:/tmp
    php_flag[display_errors] = off
    php_admin_value[error_log] = /var/log/php_myadmin_error.log
    php_admin_flag[log_errors] = on
    php_admin_value[memory_limit] = 582M
    php_admin_value[max_execution_time] = 3600
    php_admin_value[post_max_size] = 1280M
    php_admin_value[upload_max_filesize] = 1280M
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    before reinstall, update and redownload phpmyadmin.sh as it has been updated
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI, if you get errrors due to unix:/tmp/phpfpm_myadmin.sock with phpmyadmin installed via phpmyadmin.sh like
    Code (Text):
    connect() to unix:/tmp/phpfpm_myadmin.sock failed (2: No such file or directory) while connecting to upstream
    

    Then it's due to 123.09beta01 updated php-fpm default config so phpmyadmin's php-fpm pool needs to switch over to using TCP instead of unix sockets.

    The fix is to:

    1. uninstall existing phpmyadmin install made via phpmyadmin.sh by running uninstaller
    Code (Text):
    /root/tools/phpmyadmin_uninstall.sh


    2. download updated phpmyadmin.sh as per Addon phpmyadmin.sh - CentminMod.com LEMP Nginx web stack for CentOS
    Code (Text):
    cd /usr/local/src/centminmod/addons
    wget --no-check-certificate https://github.com/centminmod/phpmyadmin/raw/master/phpmyadmin.sh -O phpmyadmin.sh
    


    3. install phpmyadmin again - the location of install will change as it's randomly generated and unique to each install run
    Code (Text):
    cd /usr/local/src/centminmod/addons/
    ./phpmyadmin.sh install
    
     
  16. lushen

    lushen New Member

    16
    2
    3
    Nov 13, 2017
    Ratings:
    +4
    Local Time:
    11:50 PM
    Can't access PHPMyAdmin from the IP, it always resolves into the hostname of the VPS.

    I have setup a test VPS which hostname is something random and therefore doesnt have a valid domain name.

    I have tried to change the server_name in the vhostconf and phpmyadmin.conf to the IP but it always goes to the server hostname when I try to access PMA via the ip.

    Is there a way to access PMA when you dont have a valid domain name/hostname setup?

    Forgot to add:

    Code:
    STATICIP='y'
    
     
    Last edited: Jul 24, 2019
  17. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what's output for curl header check
    Code (Text):
    curl -I http://ipaddress/path/to/phpmyadmin

    and
    Code (Text):
    curl -I https://ipaddress/path/to/phpmyadmin

    for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  18. lushen

    lushen New Member

    16
    2
    3
    Nov 13, 2017
    Ratings:
    +4
    Local Time:
    11:50 PM
    Code:
    curl -I http://MYIP/21571_mysqladmin4386
    HTTP/1.1 301 Moved Permanently
    Date: Wed, 24 Jul 2019 13:36:47 GMT
    Content-Type: text/html
    Content-Length: 162
    Location: http://MYIP/21571_mysqladmin4386/
    Connection: keep-alive
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    Code:
    curl -I https://MYIP/21571_mysqladmin4386
    curl: (60) SSL certificate problem: self signed certificate
    More details here: https://curl.haxx.se/docs/sslcerts.html
    
    curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.
    
    

    Edit:

    I found this gem and I might start using HeidiSQL, but it still would be interesting to know why PHPMyAdmin isnt working with the IP.
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    for self-signed https need to add -k flag to test
    Code (Text):
    curl -Ik https://MYIP/21571_mysqladmin4386
    
     
  20. lushen

    lushen New Member

    16
    2
    3
    Nov 13, 2017
    Ratings:
    +4
    Local Time:
    11:50 PM
    Code:
    curl -Ik https://MYIP/21571_mysqladmin4386
    HTTP/2 302
    date: Wed, 24 Jul 2019 16:08:23 GMT
    content-type: text/html
    content-length: 138
    location: http://MYIP/21571_mysqladmin4386
    server: nginx centminmod
    x-powered-by: centminmod
    x-frame-options: SAMEORIGIN