markdown 如何在子域上安装PHPMyAdmin

Posted 2021-05-06

# Installing PHPMyAdmin on a subdomain

I was recently tasked with adding PHPMyAdmin to one of our LAMP servers for a 
3rd party with little/no ssh knowledge to use in order to access the MySQL 
database(s). This gist documents how I configured PHPMyAdmin on the LAMP server
on a subdomain with an SSL.

## Prerequisites 

Before following this guide, it is assumed that you already have a LAMP server up
and running, if not perhaps try following 
[this guide](https://gist.github.com/harryfinn/1d6904c2baf006ad4cf3cdec2704aa70) 
to setup a server. 

Please also ensure that you have setup your subdomain record (CNAME/A record 
depending on domain configuration) and pointed it at your server, making sure 
that it has propagated and responds to a ping or lookup test. 

## Installation

Switch to the `root` user or a `sudo user` depending on your setup.

```TXT
apt-get install phpmyadmin php-mbstring php-gettext
phpenmod mcrypt mbstring
service apache2 restart
```

The above will start the installation process for PHPMyAdmin along with a couple
of associated php modules.

During the installation, you will be asked if you want to use `dbconfig-common`
to setup a database, select `yes` here. You will also be asked to set a password
for this database (the PHPMyAdmin database for the application), ensure you take
note of this password if you do not already have any other mysql users and/or 
database setup.

PHPMyAdmin will now be accessible via your primary domain at `/phpmyadmin` or at
least it should be, there are a couple of caveats with this. For example when 
running on a WordPress enabled site, the `RewriteEngine` in the WordPress 
`.htaccess` will likely block access to `/phpmyadmin` as it will be looking for
page with a slug of `phpmyadmin`. 

This is another good reason for configuring 
PHPMyAdmin on a subdomain as it removes the need to tweak any of the rewrite 
rules.

## Configuration

### Apache

First, we need to setup an apache site (vhost) that can handle the subdomain
routing to the PHPMyAdmin installation. Create a new file in your 
`/etc/apache2/sites-available/` directory i.e. `database.yourdomain.com.conf` 
and add the following setup:

```TXT
<VirtualHost *:80>
    ServerAdmin email@yourdomain.com
    ServerName database.yourdomain.com
    DocumentRoot /usr/share/phpmyadmin

    ErrorLog ${APACHE_LOG_DIR}/phpmyadmin-error.log
    CustomLog ${APACHE_LOG_DIR}/phpmyadmin-access.log combined

    ModPagespeed Off
    
    #Redirect permanent / https://database.yourdomain.com
    
</VirtualHost>
```

Note that if you are not using the Google Pagespeed Module on your server you 
can remove the `ModPagespeed Off` rule.

Also make sure to leave the `Redirect permanent` rule commented for now, we'll 
come back to this later.

Once this is done, you can activate your new site config: 

```TXT
a2ensite database.yourdomain.com.conf
service apache2 reload
```

You will now be able to visit `database.yourdomain.com` and see the PHPMyAdmin
login screen. You could leave this setup alone now if you wanted but bare in 
mind that this is now an active gateway to your MySQL database. Whilst we have 
masked the PHPMyAdmin installation behind a subdomain making it difficult for 
someone to just guess the url i.e. `/phpmyadmin`, it would be better if it was 
at least running with an SSL over HTTPS, so we'll set that up below.

Note: We could also add an htaccess login to this subdomain to further increase
security to the database admin, however, depending on your use-case, the SSL 
configuration on a subdomain may well suffice.

### SSL Configuration

We'll use Letsencrypt as our SSL provider, see 
[this gist](https://gist.github.com/harryfinn/e36e41cdbfba5a6e1d69d6498a4fc5ee)
for instuctions on how to install the SSL.

Before you run the SSL registration command, as documented in the gist above, 
ensure you have amended the `webroot-path` to the PHPMyAdmin install:

```TXT
certbot certonly --webroot --webroot-path /usr/share/phpmyadmin --renew-by-default -d database.yourdomainhere.com
```

Once this has been installed, you can now return to your Apache vhost file to 
add the SSL config, again as documented in the gist above, ensuring you change 
the document path to `/usr/share/phpmyadmin`. You can at this stage also 
uncomment the `Redirect permanent` line in your vhost config.

Before you restart/reload apache with the ssl changes, we need to enforce SSL
mode for PHPMyAdmin, follow the commands below to complete the setup:

Add `$cfg['ForceSSL'] = true;` to the bottom of `/etc/phpmyadmin/config.inc.php`
then restart apache `service apache2 restart`

You will now see that when navigating to `database.yourdomain.com`, it will 
redirect to `https` with a valid Letsencrypt SSL powering it and once logged 
into PHPMyAdmin, all actions are now performed over `HTTPS`.