Welcome to Centmin Mod Community
Become a Member

phpmyadmin.sh Addon

Discussion in 'Add Ons' started by eva2000, May 25, 2014.

  1. quicksalad

    quicksalad Member

    223
    13
    18
    May 31, 2015
    Ratings:
    +20
    Local Time:
    12:20 PM
    Kindly ignore above, I managed to reinstall phpmyadmin and make it work as normal
    I wonder why hostname.mydomain.com I set during first Centminmod setup disappear after I restore from backup (DO droplet).
    I set that via this
    Code:
    hostnamectl set-hostname hostname.mydomain.com
    Is that normal behavior when you restore droplet backup?
    This is what my SSH command prompt after restore goes like below
    Code:
    [root@hostname ~]#
    and after setting hostnamectl set-hostname, it goes back to this
    Code:
    [root@hostname.mydomain.com ~]#
    Now I'm able to install and access phpmyadmin without this error
    Code:
    400 Bad Request No required SSL certificate was sent


     
  2. eva2000

    eva2000 Administrator Staff Member

    50,896
    11,797
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,252
    Local Time:
    4:50 PM
    Nginx 1.25.x
    MariaDB 10.x
    For folks having issues with phpmyadmin.sh, try this test updated version that switches back to using phpmyadmin zip file install instead of git
    Code (Text):
    /root/tools/phpmyadmin_uninstall.sh
    cd /usr/local/src/centminmod/addons
    rm -rf phpmyadmin.sh
    wget https://gist.github.com/centminmod/e4ba66fbae5f7527d278b8aa48233d0f/raw/phpmyadmin.sh -O phpmyadmin.sh
    ./phpmyadmin.sh install
    

    let me know how this test updated version fairs and I'll update official phpmyadmin.sh later.
     
  3. pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    8:50 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    I am getting also many times the above issue as @quicksalad has unfortunately.
     
  4. quicksalad

    quicksalad Member

    223
    13
    18
    May 31, 2015
    Ratings:
    +20
    Local Time:
    12:20 PM
    I'm using it right now @eva2000 I'll let you know once I encounter that css error again.
    Also I notice yarntmp folders prior to installing this
     
  5. eva2000

    eva2000 Administrator Staff Member

    50,896
    11,797
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,252
    Local Time:
    4:50 PM
    Nginx 1.25.x
    MariaDB 10.x
  6. quicksalad

    quicksalad Member

    223
    13
    18
    May 31, 2015
    Ratings:
    +20
    Local Time:
    12:20 PM
    @eva2000
    Just saw this notice on phpmyadmin after few weeks of using it, or maybe I didn't notice it right away
    Code:
    The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. Find out why.
    Or alternately go to 'Operations' tab of any database to set it up there.
    Code:
    phpMyAdmin configuration storage Documentation
    Configuration of pmadb… not OK Documentation
    General relation features Disabled
     
  7. eva2000

    eva2000 Administrator Staff Member

    50,896
    11,797
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,252
    Local Time:
    4:50 PM
    Nginx 1.25.x
    MariaDB 10.x
    AFAIK, you can ignore storage config as it's optional.
     
  8. quicksalad

    quicksalad Member

    223
    13
    18
    May 31, 2015
    Ratings:
    +20
    Local Time:
    12:20 PM
    Thanks for the info.
     
  9. Markku

    Markku New Member

    14
    2
    3
    Jun 1, 2014
    Ratings:
    +5
    Local Time:
    8:50 AM
    I'm using a .dev domain for a project and it has HSTS forced and I can't use self-signed certs.

    How can I use lets encrypt cert for phpmyadmin using this addon script? Thanks kindly.
     
  10. eva2000

    eva2000 Administrator Staff Member

    50,896
    11,797
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,252
    Local Time:
    4:50 PM
    Nginx 1.25.x
    MariaDB 10.x
    One solution is you can change HSTS on apex dev domain to not include subdomains and then for each specific subdomain also add HSTS excluding subdomains.

    Are the host.domain.com and HTTPS enabled site also on same top level domain.com ? did you enable HSTS with include subdomain too ? if you did then you're telling browsers to force HTTP to HTTPS redirected connections for domain.com and any *.domain.com subdomain as well

    see Enabling HSTS for SSL for specifics
    As accessing host.domain.com is usually reserved for stats and admin pages the Centmin Mod LEMP stack owner only needs to access, you can just clear your web browser's HSTS record for the domain.com and host.domain.com so the web browser no longer redirects from HTTP to HTTPS. I posted a thread at SSL - How to clear HSTS browser cache | Centmin Mod Community specifically for this :)

    Browser validated/trusted SSL certificates are issued for hostname/domain names, not IP addresses. Generally, you don't want trusted SSL certificates like Letsencrypt for the main hostname/IP anyway as every time you issue an SSL certificate, the certificate can be publicly searched for via Certificate Transparency logs at crt.sh | Certificate Search and Certificate Transparency Monitoring - Facebook for Developers. See https://securitytrails.com/blog/what-are-certificate-transparency-logs for an explanation of CT logs.

    What this means is malicious folks can also search the CT logs for hostnames belonging to an attacker who wants to target your domain and see if you have any exposed hostnames listed in CT logs. Once you issue a browser trusted SSL certificate, you better be prepared to protect it too. Note you can't enable Cloudflare orange cloud DNS on main hostname either as your server's Postfix mail server for sending outbound emails is also sent from server's Postfix mail server using this main hostname. If you enable Cloudflare orange cloud, receiving mail servers will reject your emails as it can't look up main hostname's real IP address hidden behind Cloudflare orange cloud enabled DNS services.

    If you don't plan on having sites other than default Nginx HTML index page served from main hostname/IP, then having a browser trusted SSL certificate/HTTPS isn't essential. You can probably use a self-signed non-browser trusted SSL certificate just as well to encrypt data but not log to CT logs the hostname + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing. Or just keep it non-https + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing

    Now if after reading above and still you want phpmyadmin.sh using letsencrypt trusted and CT logged main hostname, read my reply at https://community.centminmod.com/th...tsencrypt-for-main-hostname.19624/#post-83458

    Or if you have another domain not using HSTS just change the main hostname as it isn't used for web site hosting anyway
     
  11. Markku

    Markku New Member

    14
    2
    3
    Jun 1, 2014
    Ratings:
    +5
    Local Time:
    8:50 AM
    Thanks bud, very comprehensive reply.

    In this case the issue is that Google operates the tld .dev and they have made it so that HSTS is forced enabled. I don't even have it enabled via centminmod.

    "The .dev top-level domain is incorporated on the HSTS preload list, requiring HTTPS on all .dev domains without individual HSTS enlistment." (source: Wikipedia)

    So I don't think it is possible to use self-signed cert at all if I want to access Phpmyadmin e.g. via subdomain.domain.dev

    And the hostname of the server is indeed subdomain.domain.dev

    I guess I could just access the phpmyadmin with direct IP address of the server and then self-signed cert would work?
     
  12. eva2000

    eva2000 Administrator Staff Member

    50,896
    11,797
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,252
    Local Time:
    4:50 PM
    Nginx 1.25.x
    MariaDB 10.x
    Try and see.

    Ah one of those types of domains. You can if you want just change the assigned main hostname on Centmin Mod to be a different domain you have spare that doesn't force HSTS.
     
  13. Markku

    Markku New Member

    14
    2
    3
    Jun 1, 2014
    Ratings:
    +5
    Local Time:
    8:50 AM
    I do have a spare domain, yes. Is it as simple as making the change in the nginx virtual host manually? Or what's the best way to achieve that so that the phpmyadmin.sh uses it, etc?
     
  14. eva2000

    eva2000 Administrator Staff Member

    50,896
    11,797
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,252
    Local Time:
    4:50 PM
    Nginx 1.25.x
    MariaDB 10.x
    Change main hostname as per Getting Started Guide step 1 https://centminmod.com/getstarted.html