Nginx SSL conf to access phpMyAdmin

Hi,
I have some trouble to configure correctly the access to phpMyAdmin via
SSL.

1. problem: when i call the URL https://mydomain.com/phpmyadmin/ I don’t
   have access.
2. problem: If I call the URL https://mydomain.com/phpmyadmin/index.php,
   I see the login page. I enter the account and password and after I’m
   redirected to the port 443 (http://mydomain.com:443/phpmyadmin/) with
   the message:

400 Bad Request
The plain HTTP request was sent to HTTPS port

At this point, if I press the back button of the browser and reload the
login page, I can enter on the phpMyAdmin.

I read that is needed the conf “fastcgi_param HTTPS on;”, that I have
included on my SSL section, but doesn’t have any effect…

Here my SSL conf:

[i]server {
listen 443;
server_name mydomain.com;
server_tokens off;
root /var/www/html;

            ssl                     on;
            ssl_certificate         /etc/nginx/mydomain.crt;
            ssl_certificate_key     /etc/nginx/mydomain.key;

            keepalive_timeout       70;
            add_header              Front-End-Https    on;

            client_max_body_size    50M;

            fastcgi_param           HTTPS on;

            ## Protect some directory and files
            location ~ 

(^/(app/|includes/|lib/|/pkginfo/|var/|report/config.xml)|/.svn/|/.hta.+)
{
deny all;
}

            ## Specific SSL log files
            access_log              /var/log/nginx/ssl.access.log;
            error_log               /var/log/nginx/ssl.error.log;

            ## this rewrites all the requests to the 

maintenance.html
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html
last;
break;
}

            ## Handle all .php files, /downloader and /report
            location ~ (\.php|/downloader/?|/report/?)$ {
                    if ($request_uri ~ /(downloader|report)$){
                            # no trailing /, redirecting
                            rewrite  ^(.*)$ $1/ permanent;
                    }

                    fastcgi_index index.php;
                    include /etc/nginx/fastcgi_params;
                    fastcgi_param SCRIPT_FILENAME 

$document_root$fastcgi_script_name;

                    if (-e $request_filename) { # check if requested 

path exists
fastcgi_pass backend;
}

            }

            ## Magento specific configuration
            location / {
                    # set expire headers
                    if ($request_uri ~* 

“.(ico|css|js|gif|jpe?g|png)$”) {
expires max;
}

                    # set fastcgi settings, not allowed in the "if" 

block
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root/index.php;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param HTTPS on;
fastcgi_read_timeout 240;

                    # rewrite a file not found, pass it to the 

backend
if (!-f $request_filename) {
fastcgi_pass backend;
break;
}
}

    }[/i]

Thank you for any help
Luca

Posted at Nginx Forum:

On Fri, May 7, 2010 at 8:30 PM, ideanet [email protected] wrote:

I read that is needed the conf “fastcgi_param HTTPS on;”, that I have included on my SSL section, but doesn’t have any effect…
        ssl_certificate     /etc/nginx/mydomain.crt;
        location ~ (^/(app/|includes/|lib/|/pkginfo/|var/|report/config.xml)|/.svn/|/.hta.+) {
            break;
            include /etc/nginx/fastcgi_params;
            # set expire headers

            # rewrite a file not found, pass it to the backend
            if (!-f $request_filename) {
                fastcgi_pass backend;
                break;
                }
        }

    }[/i]

I’m so confused on where to start. Is that config only for running
phpmyadmin?

Here’s my phpmyadmin config:

server {
listen 443 ssl;
server_name myserver.com;
ssl_certificate /srv/conf/cert/myserver.pem;
ssl_certificate_key /srv/conf/cert/myserver.key;
location ~ ^/phpmyadmin/.*.php$ {
root /srv/http/php;
fastcgi_params HTTPS on;
fastcgi_pass 127.0.0.1:9100;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
location = /phpmyadmin {
rewrite ^ $scheme://$host$uri/?$args permanent;
}
location /phpamyadmin/ {
index index.php;
root /srv/http/php;
expires max;
}
}

On Fri, May 07, 2010 at 09:30:18AM -0400, ideanet wrote:

I read that is needed the conf “fastcgi_param HTTPS on;”, that I have included on my SSL section, but doesn’t have any effect…
ssl_certificate /etc/nginx/mydomain.crt;
location ~ (^/(app/|includes/|lib/|/pkginfo/|var/|report/config.xml)|/.svn/|/.hta.+) {
break;
include /etc/nginx/fastcgi_params;
# set expire headers

Luca
Try to simplify configuration and to make it more scaleable:

 fastcgi_read_timeout 240;

 location ~ 

(^/(app/|includes/|lib/|pkginfo/|var/|report/config.xml)|/.svn/|/.hta.+)
{
deny all;
}

 location ~ (\.php|/downloader/?|/report/?)$ {
     try_files  /system/maintenance.html  $uri  =404;

     fastcgi_pass backend;
     include /etc/nginx/fastcgi_params;
     fastcgi_param SCRIPT_FILENAME 

$document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}

 location = /downloader { rewrite  ^  /downloader/ permanent; }

 location = /downloader/ {
     try_files  /system/maintenance.html  $uri/  =404;

     fastcgi_pass backend;
     include /etc/nginx/fastcgi_params;
     fastcgi_param SCRIPT_FILENAME 

$document_root/downloader/index.php;
fastcgi_param HTTPS on;
}

 location = /report { rewrite  ^  /report/ permanent; }

 location = /report/ {
     try_files  /system/maintenance.html  $uri/  =404;

     fastcgi_pass backend;
     include /etc/nginx/fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root/report/index.php;
     fastcgi_param HTTPS on;
 }

 location ~* "\.(ico|css|js|gif|jpe?g|png)$") {
     try_files  $uri  @magento;
     expires max;
 }

 location / {
     try_files  $uri  $uri/  @magento;
     index      index.php;
     expires max;
 }

 location @magento {
     fastcgi_pass backend;
     include /etc/nginx/fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root/index.php
     fastcgi_param HTTPS on;
 }

 location = /phpmyadmin { rewrite ^  /phpmyadmin/ permanent; }

–
Igor S.
http://sysoev.ru/en/

thank you Igor!
just another question: it’s possible to define an “allow hosts list” (IP
or range of IP) for the phpmyadmin directory ?

Posted at Nginx Forum:

On Fri, May 07, 2010 at 11:00:50PM +0700, Edho P Arief wrote:

server {
listen 443 ssl;
server_name myserver.com;

location = /phpmyadmin {
rewrite ^ $scheme://$host$uri/?$args permanent;
}

You may use just:

location = /phpmyadmin { rewrite ^  /phpmyadmin/ permanent; }

nginx should add https, server name, and query string.

–
Igor S.
http://sysoev.ru/en/

On Fri, May 07, 2010 at 08:04:38PM -0400, ideanet wrote:

thank you Igor!
just another question: it’s possible to define an “allow hosts list” (IP or range of IP) for the phpmyadmin directory ?

 location ~ ^/phpmyadmin/.+\.php$ {
     try_files  /system/maintenance.html  $uri  =404;

     allow  192.168.1.0/24;
     allow  192.168.3.0/24;
     deny   all;

     fastcgi_pass backend;
     include /etc/nginx/fastcgi_params;
     fastcgi_param SCRIPT_FILENAME 

$document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}

 location ~ \.php$ {
     ...

–
Igor S.
http://sysoev.ru/en/

thanks Igor!

now I beginning to understand how it works…

Posted at Nginx Forum:

On Sat, May 08, 2010 at 03:06:58PM -0400, ideanet wrote:

thanks Igor!

now I beginning to understand how it works…

Read also this:
http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration

–
Igor S.
http://sysoev.ru/en/

On Sat, May 08, 2010 at 12:59:02AM +0400, Igor S. wrote:

At this point, if I press the back button of the browser and reload the login page, I can enter on the phpMyAdmin.

            if (-f $document_root/system/maintenance.html) {

            ## Magento specific configuration
                    fastcgi_param HTTPS on;

 location ~ (\.php|/downloader/?|/report/?)$ {

•  location ~ (\.php|/downloader/?|/report/?)$ {
  

•  location ~ \.php$ {
  

 location = /downloader/ {
 location = /report/ {
     expires max;
     include /etc/nginx/fastcgi_params;

---

nginx mailing list
[email protected]
nginx Info Page

–
Igor S.
http://sysoev.ru/en/