Securing phpMyAdmin by IP

americanintel

Verified User
Joined
Mar 1, 2004
Messages
135
Location
Granbury, TX
Just thought I'd share this as DA's deployment of nginx is a bit different than 'stock'. I realize this may be simple to some but I didn't see a whole lot of info here regarding this and anything you find about generic nginx confs will be a bit different.

We (project admins) have a hosted app and do not want any of our users to access phpmyadmin but we want to access phpmyadmin from our current IP addresses.

After tracing how DA set things up I came up with this. It simply restricts it to 'phpMyAdmin' (I'm working on renaming without a rewrite) and by IP.

If you tail /etc/nginx.conf you will see these lines at the end:

}
include /etc/nginx/directadmin-settings.conf;
include /etc/nginx/nginx-includes.conf;
include /etc/nginx/directadmin-vhosts.conf;
}

So obviously that starts you down that path. If you take a look at directadmin-vhosts.conf you will have some lines as such:

include /usr/local/directadmin/data/users/ouruser/nginx.conf;

'ouruser' being whatever username exists for that directory.

However, after sniffing around I find that dealing with phpMyAdmin or webmail will entail playing with /etc/nginx/webapps.conf.

You will find:

location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
include /usr/local/directadmin/data/users/ouruser/allow.conf;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}

which I changed to:


location /phpMyAdmin {
root /var/www/html/;
include /usr/local/directadmin/data/users/ouruser/allow.conf;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
# location /phpmyadmin {
# rewrite ^/* /phpMyAdmin last;
# include /usr/local/directadmin/data/users/ouruser/allow.conf;
# }
# location /pma {
# rewrite ^/* /phpMyAdmin last;
# }


Now, let me confuse you a bit, I was playing around with the allow.conf using includes in the main and vhost nginx.conf files first, you can place the allow.conf anywhere and probably /etc/nginx/allow.conf would be best and then you can delete the lines we have commented out so it would look like this:


location /phpMyAdmin {
root /var/www/html/;
include /etc/nginx/allow.conf;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}

Then you need an allow.conf:

location /phpMyAdmin {
allow 97.93.222.55;
allow more.ip.addresses
deny all;
}

chown to directadmin:eek:uruser

If you change the 'location / ' label in webapps.conf you will need to change it here too or the conf tests will fail.


You could do this with / or whatever dir within the vhost if you want. I'm still playing around with this some and someone may have a better way or some input but thought I'd toss this out there.

Ideally I'd like to change the webapps.conf from /phpMyAdmin to /anythingelse and no rewrites, totally obscure but this basically does the same thing so far as an .htaccess IP restriction under Apache.

More to come.
 
Last edited:
There is also a little simpler way.

You just go to /var/www/html/ and create a .htaccess file with allow directive. After that you can use the DirectAdmin control panel File Editor to edit that .htaccess file to add and remove IP addresses.
 
The .htaccess file needs to be created in the phpmyadmin folder offcourse.
 
Directadmin vhost ?

I know it is an old thread.

I'm new DA user. I just installed DA with Custom Build 2 BETA . I want to use NGINX allow, deny for Directadmin access. I'm the only who will login to DA, so I want to restrict to only allow my IP. But I cant find where is Directadmin vhost.

Anyone can help me please ?
 
Back
Top