americanintel
Verified User
Just thought I'd share this as DA's deployment of nginx is a bit different than 'stock'. I realize this may be simple to some but I didn't see a whole lot of info here regarding this and anything you find about generic nginx confs will be a bit different.
We (project admins) have a hosted app and do not want any of our users to access phpmyadmin but we want to access phpmyadmin from our current IP addresses.
After tracing how DA set things up I came up with this. It simply restricts it to 'phpMyAdmin' (I'm working on renaming without a rewrite) and by IP.
If you tail /etc/nginx.conf you will see these lines at the end:
}
include /etc/nginx/directadmin-settings.conf;
include /etc/nginx/nginx-includes.conf;
include /etc/nginx/directadmin-vhosts.conf;
}
So obviously that starts you down that path. If you take a look at directadmin-vhosts.conf you will have some lines as such:
include /usr/local/directadmin/data/users/ouruser/nginx.conf;
'ouruser' being whatever username exists for that directory.
However, after sniffing around I find that dealing with phpMyAdmin or webmail will entail playing with /etc/nginx/webapps.conf.
You will find:
location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
include /usr/local/directadmin/data/users/ouruser/allow.conf;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}
which I changed to:
location /phpMyAdmin {
root /var/www/html/;
include /usr/local/directadmin/data/users/ouruser/allow.conf;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
# location /phpmyadmin {
# rewrite ^/* /phpMyAdmin last;
# include /usr/local/directadmin/data/users/ouruser/allow.conf;
# }
# location /pma {
# rewrite ^/* /phpMyAdmin last;
# }
Now, let me confuse you a bit, I was playing around with the allow.conf using includes in the main and vhost nginx.conf files first, you can place the allow.conf anywhere and probably /etc/nginx/allow.conf would be best and then you can delete the lines we have commented out so it would look like this:
location /phpMyAdmin {
root /var/www/html/;
include /etc/nginx/allow.conf;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
Then you need an allow.conf:
location /phpMyAdmin {
allow 97.93.222.55;
allow more.ip.addresses
deny all;
}
chown to directadmin
uruser
If you change the 'location / ' label in webapps.conf you will need to change it here too or the conf tests will fail.
You could do this with / or whatever dir within the vhost if you want. I'm still playing around with this some and someone may have a better way or some input but thought I'd toss this out there.
Ideally I'd like to change the webapps.conf from /phpMyAdmin to /anythingelse and no rewrites, totally obscure but this basically does the same thing so far as an .htaccess IP restriction under Apache.
More to come.
We (project admins) have a hosted app and do not want any of our users to access phpmyadmin but we want to access phpmyadmin from our current IP addresses.
After tracing how DA set things up I came up with this. It simply restricts it to 'phpMyAdmin' (I'm working on renaming without a rewrite) and by IP.
If you tail /etc/nginx.conf you will see these lines at the end:
}
include /etc/nginx/directadmin-settings.conf;
include /etc/nginx/nginx-includes.conf;
include /etc/nginx/directadmin-vhosts.conf;
}
So obviously that starts you down that path. If you take a look at directadmin-vhosts.conf you will have some lines as such:
include /usr/local/directadmin/data/users/ouruser/nginx.conf;
'ouruser' being whatever username exists for that directory.
However, after sniffing around I find that dealing with phpMyAdmin or webmail will entail playing with /etc/nginx/webapps.conf.
You will find:
location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
include /usr/local/directadmin/data/users/ouruser/allow.conf;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}
which I changed to:
location /phpMyAdmin {
root /var/www/html/;
include /usr/local/directadmin/data/users/ouruser/allow.conf;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
# location /phpmyadmin {
# rewrite ^/* /phpMyAdmin last;
# include /usr/local/directadmin/data/users/ouruser/allow.conf;
# }
# location /pma {
# rewrite ^/* /phpMyAdmin last;
# }
Now, let me confuse you a bit, I was playing around with the allow.conf using includes in the main and vhost nginx.conf files first, you can place the allow.conf anywhere and probably /etc/nginx/allow.conf would be best and then you can delete the lines we have commented out so it would look like this:
location /phpMyAdmin {
root /var/www/html/;
include /etc/nginx/allow.conf;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/(.+\.php)$ {
include /etc/nginx/webapps_settings.conf;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html/;
}
}
Then you need an allow.conf:
location /phpMyAdmin {
allow 97.93.222.55;
allow more.ip.addresses
deny all;
}
chown to directadmin
uruser If you change the 'location / ' label in webapps.conf you will need to change it here too or the conf tests will fail.
You could do this with / or whatever dir within the vhost if you want. I'm still playing around with this some and someone may have a better way or some input but thought I'd toss this out there.
Ideally I'd like to change the webapps.conf from /phpMyAdmin to /anythingelse and no rewrites, totally obscure but this basically does the same thing so far as an .htaccess IP restriction under Apache.
More to come.
Last edited:
