3

I have 2 MySQL users, a regular 'tommy' and a control user 'tommy_ctl'
The Apache httpd 2.4.7 runs on 9090 for http and 9080 for https

phpMyAdmin (v4.1.6) config.inc.php file has user/password for 'tommy_ctl'
I am logging into phpMyAdmin home page as 'tommy'

Now
a) In config.inc.php
with 

$cfg['Servers'][$i]['ssl'] = false;  
$cfg['ForceSSL'] = false;

I can logon to 

http://linuxboxA:9090/phpMyAdmin/index.php  
https://linuxboxA:9080/phpMyAdmin/index.php

b) When I set 

$cfg['Servers'][$i]['ssl'] = true;

why does 

https://linuxboxA:9080/phpMyAdmin/index.php

on logon give the error ?: 

 #1043 Cannot log in to the MySQL server  
 Connection for controluser as defined in your configuration failed

Is this SSL option not for communication over Apache?

c) When i set 

$cfg['Servers'][$i]['ssl'] = true;  
$cfg['ForceSSL'] = true;

The https 9080 url takes many many seconds to open 

https://lnappd201.hphc.org:9080/phpMyAdmin/index.php

and on logon becomes 

https://lnappd201.hphc.org/phpMyAdmin/index.php?token=23771cb3b3851979903c6eb233465fd8

Note, that there's no port# in the redirected url

Also,

http://lnappd201.hphc.org:9090/phpMyAdmin/index.php

becomes immediately (without any logon)

https://lnappd201.hphc.org/phpMyAdmin/?SID

When 'ForceSSL' is set, phpMyAdmin apparently doesn't know that apache SSL is on port 9080,
so how does the ForceSSL option work?

My intention is, even if Apache is running on both the ports, I want phpMyAdmin to use SSL and ForceSSL (to Apache SSL)

srinivas yelamanchili
  • 61
  • 2
  • 2
  • 5

2 Answers2

2

$cfg['Servers'][$i]['ssl'] is for communication between the web server and MySQL server.

$cfg['ForceSSL'] should force your web browser connection to phpMyAdmin to be over HTTPS.

As noted in the documentation for ForceSSL, enabling it in certain configurations (I suspect a nonstandard https port may apply) will require you to set $cfg['PmaAbsoluteUri'] so phpMyAdmin knows what port to use.

Hope that helps!

Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
  • As stated in the documentation of `$cfg['ForceSSL']` , `Deprecated since version 4.6.0: This setting is no longer available since phpMyAdmin 4.6.0. Please adjust your webserver instead.` – HosseyNJF Jan 09 '20 at 21:29
  • True, but this question and answer that you've responded to is nearly six years old and the original poster clearly specified using phpMyAdmin version 4.1.6. If you're having trouble with this, I think posting a new question with more details about your specific problem is going to get you better results than downvoting my quite old answer. – Isaac Bennetch Jan 10 '20 at 01:14
  • I just wanted to let people coming here know that this solution no longer works for newer versions; because this question is on the first page of google for related searches. – HosseyNJF Jan 10 '20 at 04:29
  • Commenting again since this was recently revisited by another commenter...There's no good way to clean up this answer for phpMyAdmin after 4.6.0; the solution is to properly configure the webserver. Prior to 4.6.0, phpMyAdmin forced the connection to behave particular ways (especially useful with a proxy or SSL server or other solution that re-wrapped the initial response). Since then, phpMyAdmin does not attempt to force the webserver to act in a specific way, so the conditions presented by the problem shouldn't exist. If there's a similar problem since 4.6.0, it should be a new question. – Isaac Bennetch Dec 29 '20 at 18:08
0

Instead of reconfiguring the web server, you can re-wash everything putting your phpmyadmin behind a load balancer, e.g. nginx which will take care (upon SSL configuration) to proxy your http phpmyadmin into an https service.

Fabio Ricci
  • 89
  • 1
  • 9