phpmyadmin.sh Addon

quicksalad · Sep 29, 2023

Kindly ignore above, I managed to reinstall phpmyadmin and make it work as normal
I wonder why hostname.mydomain.com I set during first Centminmod setup disappear after I restore from backup (DO droplet).
I set that via this
Code:
hostnamectl set-hostname hostname.mydomain.com
Is that normal behavior when you restore droplet backup?
This is what my SSH command prompt after restore goes like below
Code:
[root@hostname ~]#
and after setting hostnamectl set-hostname, it goes back to this
Code:
[root@hostname.mydomain.com ~]#
Now I'm able to install and access phpmyadmin without this error
Code:
400 Bad Request No required SSL certificate was sent

eva2000 · Sep 30, 2023

For folks having issues with phpmyadmin.sh, try this test updated version that switches back to using phpmyadmin zip file install instead of git
Code (Text):
/root/tools/phpmyadmin_uninstall.sh
cd /usr/local/src/centminmod/addons
rm -rf phpmyadmin.sh
wget https://gist.github.com/centminmod/e4ba66fbae5f7527d278b8aa48233d0f/raw/phpmyadmin.sh -O phpmyadmin.sh
./phpmyadmin.sh install
let me know how this test updated version fairs and I'll update official phpmyadmin.sh later.

pamamolf · Sep 30, 2023

I am getting also many times the above issue as @quicksalad has unfortunately.

quicksalad · Sep 30, 2023

eva2000 said: ↑
For folks having issues with phpmyadmin.sh, try this test updated version that switches back to using phpmyadmin zip file install instead of git
Code (Text):
/root/tools/phpmyadmin_uninstall.sh
cd /usr/local/src/centminmod/addons
rm -rf phpmyadmin.sh
wget https://gist.github.com/centminmod/e4ba66fbae5f7527d278b8aa48233d0f/raw/phpmyadmin.sh -O phpmyadmin.sh
let me know how this test updated version fairs and I'll update official phpmyadmin.sh later.
Click to expand...
I'm using it right now @eva2000 I'll let you know once I encounter that css error again.
Also I notice yarntmp folders prior to installing this

eva2000 · Sep 30, 2023

If https://community.centminmod.com/posts/97228/ wasn't clear, updated to list you have to run phpmyadmin.sh install command at end

quicksalad · Oct 17, 2023

@eva2000
Just saw this notice on phpmyadmin after few weeks of using it, or maybe I didn't notice it right away

Code:

The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. Find out why.
Or alternately go to 'Operations' tab of any database to set it up there.

Code:

phpMyAdmin configuration storage Documentation
Configuration of pmadb… not OK Documentation
General relation features Disabled

eva2000 · Oct 17, 2023

quicksalad said: ↑
@eva2000
Just saw this notice on phpmyadmin after few weeks of using it, or maybe I didn't notice it right away
Code:
The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. Find out why.
Or alternately go to 'Operations' tab of any database to set it up there.
Code:
phpMyAdmin configuration storage Documentation
Configuration of pmadb… not OK Documentation
General relation features Disabled
Click to expand...
AFAIK, you can ignore storage config as it's optional.

quicksalad · Oct 17, 2023

eva2000 said: ↑

AFAIK, you can ignore storage config as it's optional.
Click to expand...

Thanks for the info.

Markku · Oct 21, 2023

I'm using a .dev domain for a project and it has HSTS forced and I can't use self-signed certs.

How can I use lets encrypt cert for phpmyadmin using this addon script? Thanks kindly.

eva2000 · Oct 21, 2023

One solution is you can change HSTS on apex dev domain to not include subdomains and then for each specific subdomain also add HSTS excluding subdomains.

Are the host.domain.com and HTTPS enabled site also on same top level domain.com ? did you enable HSTS with include subdomain too ? if you did then you're telling browsers to force HTTP to HTTPS redirected connections for domain.com and any *.domain.com subdomain as well

see Enabling HSTS for SSL for specifics
Enabling HSTS For SSL
HTTP Strict Transport Security (HSTS) header for Nginx SSL is only used for SSL certificates HTTPS based web sites if you want to force redirect all non-HTTPS (HTTP) traffic to HTTPS version of the site for a sepcific max-age time ins econds. HSTS header is disabled and commented out by default as some folks don't realise that it can mess up your site for HTTP traffic if you want to be able to use your site on both HTTP and HTTPS versions.

if SSL certificate covers subdomains
Code (Text):
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
if SSL certificate DOES NOT cover subdomains
Code (Text):
  #add_header Strict-Transport-Security "max-age=31536000;";
To enable HSTS header, uncomment and remove hash # in front of either above lines.
Click to expand...
As accessing host.domain.com is usually reserved for stats and admin pages the Centmin Mod LEMP stack owner only needs to access, you can just clear your web browser's HSTS record for the domain.com and host.domain.com so the web browser no longer redirects from HTTP to HTTPS. I posted a thread at SSL - How to clear HSTS browser cache | Centmin Mod Community specifically for this

Browser validated/trusted SSL certificates are issued for hostname/domain names, not IP addresses. Generally, you don't want trusted SSL certificates like Letsencrypt for the main hostname/IP anyway as every time you issue an SSL certificate, the certificate can be publicly searched for via Certificate Transparency logs at crt.sh | Certificate Search and Certificate Transparency Monitoring - Facebook for Developers. See https://securitytrails.com/blog/what-are-certificate-transparency-logs for an explanation of CT logs.

The main goal of Certificate Transparency is to provide a publicly available system of logs, where any domain owner can verify whether a certificate was issued by a trusted CA or issued maliciously, and to prevent users from being tricked by any fraudulent certificates.
Click to expand...

Certificate Transparency logs
Every Certificate Transparency log is a record of all publicly trusted digital certificates. Those certificates contain information about the public key, the subject and information about the issuer.

Certificate Transparency logs keep cryptographically secured records of certificates which are append-only, meaning that certificates can only be added to the log — it’s impossible to delete, modify or in any way retroactively change or insert certificates into the log.
Click to expand...

What this means is malicious folks can also search the CT logs for hostnames belonging to an attacker who wants to target your domain and see if you have any exposed hostnames listed in CT logs. Once you issue a browser trusted SSL certificate, you better be prepared to protect it too. Note you can't enable Cloudflare orange cloud DNS on main hostname either as your server's Postfix mail server for sending outbound emails is also sent from server's Postfix mail server using this main hostname. If you enable Cloudflare orange cloud, receiving mail servers will reject your emails as it can't look up main hostname's real IP address hidden behind Cloudflare orange cloud enabled DNS services.

If you don't plan on having sites other than default Nginx HTML index page served from main hostname/IP, then having a browser trusted SSL certificate/HTTPS isn't essential. You can probably use a self-signed non-browser trusted SSL certificate just as well to encrypt data but not log to CT logs the hostname + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing. Or just keep it non-https + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing

Now if after reading above and still you want phpmyadmin.sh using letsencrypt trusted and CT logged main hostname, read my reply at https://community.centminmod.com/th...tsencrypt-for-main-hostname.19624/#post-83458

Or if you have another domain not using HSTS just change the main hostname as it isn't used for web site hosting anyway

Markku · Oct 22, 2023

eva2000 said: ↑

One solution is you can change HSTS on apex dev domain to not include subdomains and then for each specific subdomain also add HSTS excluding subdomains.

Are the host.domain.com and HTTPS enabled site also on same top level domain.com ? did you enable HSTS with include subdomain too ? if you did then you're telling browsers to force HTTP to HTTPS redirected connections for domain.com and any *.domain.com subdomain as well

see Enabling HSTS for SSL for specifics

As accessing host.domain.com is usually reserved for stats and admin pages the Centmin Mod LEMP stack owner only needs to access, you can just clear your web browser's HSTS record for the domain.com and host.domain.com so the web browser no longer redirects from HTTP to HTTPS. I posted a thread at SSL - How to clear HSTS browser cache | Centmin Mod Community specifically for this

Browser validated/trusted SSL certificates are issued for hostname/domain names, not IP addresses. Generally, you don't want trusted SSL certificates like Letsencrypt for the main hostname/IP anyway as every time you issue an SSL certificate, the certificate can be publicly searched for via Certificate Transparency logs at crt.sh | Certificate Search and Certificate Transparency Monitoring - Facebook for Developers. See https://securitytrails.com/blog/what-are-certificate-transparency-logs for an explanation of CT logs.

What this means is malicious folks can also search the CT logs for hostnames belonging to an attacker who wants to target your domain and see if you have any exposed hostnames listed in CT logs. Once you issue a browser trusted SSL certificate, you better be prepared to protect it too. Note you can't enable Cloudflare orange cloud DNS on main hostname either as your server's Postfix mail server for sending outbound emails is also sent from server's Postfix mail server using this main hostname. If you enable Cloudflare orange cloud, receiving mail servers will reject your emails as it can't look up main hostname's real IP address hidden behind Cloudflare orange cloud enabled DNS services.

If you don't plan on having sites other than default Nginx HTML index page served from main hostname/IP, then having a browser trusted SSL certificate/HTTPS isn't essential. You can probably use a self-signed non-browser trusted SSL certificate just as well to encrypt data but not log to CT logs the hostname + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing. Or just keep it non-https + then empty the main hostname index page at /usr/local/nginx/html/index.html as a blank page serving nothing

Now if after reading above and still you want phpmyadmin.sh using letsencrypt trusted and CT logged main hostname, read my reply at https://community.centminmod.com/th...tsencrypt-for-main-hostname.19624/#post-83458

Or if you have another domain not using HSTS just change the main hostname as it isn't used for web site hosting anyway
Click to expand...

Thanks bud, very comprehensive reply.

In this case the issue is that Google operates the tld .dev and they have made it so that HSTS is forced enabled. I don't even have it enabled via centminmod.

"The .dev top-level domain is incorporated on the HSTS preload list, requiring HTTPS on all .dev domains without individual HSTS enlistment." (source: Wikipedia)

So I don't think it is possible to use self-signed cert at all if I want to access Phpmyadmin e.g. via subdomain.domain.dev

And the hostname of the server is indeed subdomain.domain.dev

I guess I could just access the phpmyadmin with direct IP address of the server and then self-signed cert would work?

eva2000 · Oct 22, 2023

Markku said: ↑

I guess I could just access the phpmyadmin with direct IP address of the server and then self-signed cert would work?
Click to expand...

Try and see.

Markku said: ↑

In this case the issue is that Google operates the tld .dev and they have made it so that HSTS is forced enabled. I don't even have it enabled via centminmod.
Click to expand...

Ah one of those types of domains. You can if you want just change the assigned main hostname on Centmin Mod to be a different domain you have spare that doesn't force HSTS.

Markku · Oct 22, 2023

eva2000 said: ↑

You can if you want just change the assigned main hostname on Centmin Mod to be a different domain you have spare that doesn't force HSTS.
Click to expand...

I do have a spare domain, yes. Is it as simple as making the change in the nginx virtual host manually? Or what's the best way to achieve that so that the phpmyadmin.sh uses it, etc?

eva2000 · Oct 22, 2023

Markku said: ↑

I do have a spare domain, yes. Is it as simple as making the change in the nginx virtual host manually? Or what's the best way to achieve that so that the phpmyadmin.sh uses it, etc?
Click to expand...

Change main hostname as per Getting Started Guide step 1 https://centminmod.com/getstarted.html

dcg · Mar 15, 2024

FYI update- This was on setting up a new Almalinux 8 install
phpmyadmin install went "fine"
However it didn't work properly when loading page - blank page but phpmyadmin icon shows in bar

I realized that the js wasn't complied and it looks like node wasn't installed. I ran nodejs.sh addon to install, but it gave GPG key error. Seems like keys changed at some point.

GitHub - nodesource/distributions: NodeSource Node.js Binary Distributions
used:
Code:
curl -fsSL https://rpm.nodesource.com/setup_lts.x | bash -
Then ran nodejs.sh install
Installed fine

Then ran tools/phpmyadmin_update.sh
it updated npm and then recompiled phpmyadmin js files and all is good.

eva2000 · Mar 15, 2024

dcg said: ↑
FYI update- This was on setting up a new Almalinux 8 install
phpmyadmin install went "fine"
However it didn't work properly when loading page - blank page but phpmyadmin icon shows in bar

I realized that the js wasn't complied and it looks like node wasn't installed. I ran nodejs.sh addon to install, but it gave GPG key error. Seems like keys changed at some point.

GitHub - nodesource/distributions: NodeSource Node.js Binary Distributions
used:
Code:
curl -fsSL https://rpm.nodesource.com/setup_lts.x | bash -
Then ran nodejs.sh install
Installed fine

Then ran tools/phpmyadmin_update.sh
it updated npm and then recompiled phpmyadmin js files and all is good.
Click to expand...
cheers need to add EL8/EL9 support for initial setup for addons/nodejs.sh

was this the message you received?

GPG key at file:///etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL (0x9B1BE0B4) is already installed
The GPG keys listed for the "Node.js Packages for Linux RPM based distros - x86_64" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: nodejs-2:20.11.1-1nodesource.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/NODESOURCE-NSOLID-GPG-SIGNING-KEY-EL
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED
Click to expand...

eva2000 · Mar 15, 2024

dcg said: ↑

FYI update- This was on setting up a new Almalinux 8 install
phpmyadmin install went "fine"
However it didn't work properly when loading page - blank page but phpmyadmin icon shows in bar

I realized that the js wasn't complied and it looks like node wasn't installed. I ran nodejs.sh addon to install, but it gave GPG key error. Seems like keys changed at some point.
Click to expand...

Centmin Mod 124.00stable and 130.00beta01 have been updated with fixed routines for addons/nodejs.sh now

dcg · Mar 15, 2024

eva2000 said: ↑

cheers need to add EL8/EL9 support for initial setup for addons/nodejs.sh

was this the message you received?
Click to expand...

Yes that was the message

eva2000 · Apr 17, 2024

Decided to try a new phpmyadmin-tar.sh version which installs the tarball .tar.gz phpmyadmin instead of via Git, folks can try it out using below commands

Code (Text):

# uninstall existing phpmyadmin install
/root/tools/phpmyadmin_uninstall.sh

# download phpmyadmin-tar.sh
cd /usr/local/src/centminmod/addons
wget --no-check-certificate https://github.com/centminmod/phpmyadmin/raw/master/phpmyadmin-tar.sh -O phpmyadmin-tar.sh

# permissions
chmod 0700 /usr/local/src/centminmod/addons/phpmyadmin-tar.sh

# install phpmyadmin lastest stable
./phpmyadmin-tar.sh install

pamamolf · Apr 19, 2024

It's working great !!!!!

Don't know how but i got it under https too that usually i had to do some custom edits to virtual.ssl.conf previously about it...

Now it's ok by having only the phpmyadmin_ssl.conf..

Not sure if i have to do anything else now for auto updating it...

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

phpmyadmin.sh Addon

quicksalad Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

quicksalad Member

eva2000 Administrator Staff Member

quicksalad Member

eva2000 Administrator Staff Member

quicksalad Member

Markku New Member

eva2000 Administrator Staff Member

Markku New Member

eva2000 Administrator Staff Member

Markku New Member

eva2000 Administrator Staff Member

dcg Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

dcg Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

phpmyadmin.sh Addon

quicksalad Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

quicksalad Member

eva2000 Administrator Staff Member

quicksalad Member

eva2000 Administrator Staff Member

quicksalad Member

Markku New Member

eva2000 Administrator Staff Member

Markku New Member

eva2000 Administrator Staff Member

Markku New Member

eva2000 Administrator Staff Member

dcg Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

dcg Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

.