Wednesday, December 17, 2014

apache 2.2 - phpmyadmin login redirect fails with custom ssl port

The server is running Ubuntu 10.10, Apache 2.2.16, PHP 5.3.3-1ubuntu9.3, phpMyAdmin 3.3.7deb5build0.10.10.1. Since this same server is also running Zimbra on port 443, I've configured apache to serve SSL on port 81. So far, I have one CMS script running on this virtual host successfully.



However, when I access /phpmyadmin (set up with the default alias) on my custom ssl port and submit the login form, I am redirected to http://vhost.domain.com:81/index.php?TOKEN=foo (note the http:// instead of the https:// that the login url was using). This generates an Error 400 Bad Request complaining about "speaking plain HTTP to an SSL-enabled server port." I can then manually change the http:// to https:// in the URL and use phpmyadmin as expected.




I was annoyed enough to spend an hour trying to fix it and now even more annoyed that I cannot figure it out. I've tried various things, including:




  • Adding $cfg['PmaAbsoluteUri'] = 'https://vhost.domain.com:81/phpmyadmin/'; to the /usr/share/phpmyadmin/config.inc.php file but this did not correct the problem (even though /usr/share/phpmyadmin/libraries/auth/cookie.auth.lib.php looks like it should honor it and use it as the redirect).


  • Adding $cfg['ForceSSL'] = 1; to the same config.inc.php but then apache spirals into an infinite redirect.


  • Adding a rewrite rule to the vhost-ssl conf file in apache but I was unable to figure out the condition to use when http:// was present along with the correct ssl port of :81.


  • Lots of googling.





Here are the relevant Apache configuration pieces:



/etc/apache2/ports.conf




    NameVirtualHost *:81
    Listen 81




/etc/apache2/sites-enabled/vhost-nonssl




        ServerAdmin webmaster@localhost
        ServerName vhost.domain.com
        DocumentRoot /home/xxx/sites/vhost/html
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}:81%{REQUEST_URI}




/etc/apache2/sites-enabled/vhost-ssl




        ServerAdmin webmaster@localhost
        ServerName vhost.domain.com
        DocumentRoot /home/xxx/sites/vhost/html
        
                Options FollowSymLinks

                AllowOverride None

                AuthType Basic
                AuthName "Restricted Vhost"
                AuthUserFile /home/xxx/sites/vhost/.users
                Require valid-user
        
        
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride None

                Order allow,deny
                allow from all



/etc/apache2/conf.d/phpmyadmin.conf



Alias /phpmyadmin /usr/share/phpmyadmin



(The rest of the default .conf truncated.)



Everything in the apache config seems to work ok - the rewrite from non-ssl to ssl, the http authentication, the problem only happens when I am submitting the login form for phpmyadmin from https://vhost.domain.com:81/index.php.



Other configs:



The phpmyadmin config is completely default and the php.ini has only had some minor changes to memory and timeout limits. These seem to work fine, as mentioned, another php script runs with no problem and phpmyadmin works great once I manually enter in the correct schema after login.



I'm looking for either a bandaid I can add to save me the trouble of manually entering in the https:// after login, a real fix that will make phpmyadmin behave as I think it should or some greater understanding of why my desired config is not possible.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...