phpmyadmin.sh Addon

For folks having issues with phpmyadmin.sh, try this test updated version that switches back to using phpmyadmin zip file install instead of git

Code (Text):

/root/tools/phpmyadmin_uninstall.sh
cd /usr/local/src/centminmod/addons
rm -rf phpmyadmin.sh
wget https://gist.github.com/centminmod/e4ba66fbae5f7527d278b8aa48233d0f/raw/phpmyadmin.sh -O phpmyadmin.sh
./phpmyadmin.sh install

let me know how this test updated version fairs and I'll update official phpmyadmin.sh later.

 

If https://community.centminmod.com/posts/97228/ wasn't clear, updated to list you have to run phpmyadmin.sh install command at end

 

AFAIK, you can ignore storage config as it's optional.

 

One solution is you can change HSTS on apex dev domain to not include subdomains and then for each specific subdomain also add HSTS excluding subdomains.

Are the host.domain.com and HTTPS enabled site also on same top level domain.com ? did you enable HSTS with include subdomain too ? if you did then you're telling browsers to force HTTP to HTTPS redirected connections for domain.com and any *.domain.com subdomain as well

see Enabling HSTS for SSL for specifics

As accessing host.domain.com is usually reserved for stats and admin pages the Centmin Mod LEMP stack owner only needs to access, you can just clear your web browser's HSTS record for the domain.com and host.domain.com so the web browser no longer redirects from HTTP to HTTPS. I posted a thread at SSL - How to clear HSTS browser cache | Centmin Mod Community specifically for this

Browser validated/trusted SSL certificates are issued for hostname/domain names, not IP addresses. Generally, you don't want trusted SSL certificates like Letsencrypt for the main hostname/IP anyway as every time you issue an SSL certificate, the certificate can be publicly searched for via Certificate Transparency logs at crt.sh | Certificate Search and Certificate Transparency Monitoring - Facebook for Developers. See https://securitytrails.com/blog/what-are-certificate-transparency-logs for an explanation of CT logs.

What this means is malicious folks can also search the CT logs for hostnames belonging to an attacker who wants to target your domain and see if you have any exposed hostnames listed in CT logs. Once you issue a browser trusted SSL certificate, you better be prepared to protect it too. Note you can't enable Cloudflare orange cloud DNS on main hostname either as your server's Postfix mail server for sending outbound emails is also sent from server's Postfix mail server using this main hostname. If you enable Cloudflare orange cloud, receiving mail servers will reject your emails as it can't look up main hostname's real IP address hidden behind Cloudflare orange cloud enabled DNS services.

If you don't plan on having sites other than default Nginx HTML index page served from main hostname/IP, then having a browser trusted SSL certificate/HTTPS isn't essential. You can probably use a self-signed non-browser trusted SSL certificate just as well to encrypt data but not log to CT logs the hostname + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing. Or just keep it non-https + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing

Now if after reading above and still you want phpmyadmin.sh using letsencrypt trusted and CT logged main hostname, read my reply at https://community.centminmod.com/th...tsencrypt-for-main-hostname.19624/#post-83458

Or if you have another domain not using HSTS just change the main hostname as it isn't used for web site hosting anyway

 

Try and see.

Ah one of those types of domains. You can if you want just change the assigned main hostname on Centmin Mod to be a different domain you have spare that doesn't force HSTS.

 

Change main hostname as per Getting Started Guide step 1 https://centminmod.com/getstarted.html