Recently I chanced upon installing phpMyAdmin on a Linux server running nginx as a backend and Varnish as a reverse proxy. I faced a few problems which took hours of googling to solve so here I am writing this article to make your life easier. This article assumes you already have a web server up and running along with PHP, MySQL and have configured Varnish as a reverse proxy. Most of the problems I faced are because I already had wordpress running on that server, so I had configured Varnish to accept cookies from ONLY “(wp-admin|wp-login)” URLs this turned out to be a disaster for phpMyAdmin even after I configured a “return(pass)” for its URL.
First things first, download phpMyAdmin to your server. I used the following commands to directly download it to the server, extract and copy it.
wget -O phpmyadmin-STABLE.tar.gz https://github.com/phpmyadmin/phpmyadmin/archive/STABLE.tar.gz tar -xvf phpmyadmin-STABLE.tar.gz cd /var/www/html/pma mv -f -v /home/username/phpmyadmin-STABLE/* .
Now it is crucial you edit the config.inc.php file and add the website name through which phpMyAdmin will be accessed.
cd /var/www/html/pma cp config.sample.inc.php config.inc.php nano config.inc.php
Add or edit the following line
$cfg['PmaAbsoluteUri'] = 'http://www.example.com/pma/';
Replace “example.com” with your website’s domain name and change “pma” to the directory which contains the phpMyAdmin files.
Without doing this on my nginx server when I tried logging into my database using phpMyAdmin the login form POSTed the username and password I entered to “http://www.example.com:8080/index.php” which resulted in a “connection timed out” error from my web browser. This is because nginx being the backend was listening on “127.0.0.1:8080” so after adding the above configuration this problem was solved.
Second, I is to tell Varnish NOT to cache the pages of phpMyAdmin to do this open the default.vcl file
nano /etc/varnish/default.vcl
Add the following inside “sub vcl_recv” subroutine
if (req.url ~ "^/pma") {
return (pass);
}
If you are using a dedicated domain for accessing phpMyAdmin use req.http.Host inside “sub vcl_recv” subroutine
if (req.http.Host == "pmadomain.com") {
return (pass);
}
Replace default.vcl with the name of your configuration file. This will ensure Varnish passes all the requests received for phpMyAdmin to the backend web server without caching anything.
Finally I faced a problem which ate up lots of my time (and hair!). PhpMyAdmin loaded properly, I entered the credentials of a database user, some processing went and then it came back to the same login page !!! Looking at the URL on the address bar of the browser I found that a session had been created because the URL looked like http://www.example.com/pma/index.php?token=<some random alphabets and numbers> but why was it coming back to the login page ? Having a look at the HTTP headers going back and forth using LiveHTTPheaders Firefox plugin unraveled the mystery behind what was happening, Varnish was striping out cookies in the responses sent FROM the web server, hence each time I entered my database credentials the web server (nginx in my case) was creating a session, redirecting me to another page and sending some cookies, but since the cookie did NOT reach my browser my browser did not send back any cookies to the newly redirected page which caused the authentication to fail redirecting back to the login page. But why did Varnish remove those cookies ? Remember what I said in the beginning of this article, I had configured Varnish to strip out cookies for all pages except “(wp-admin|wp-login)”.
So add the following lines toย the default.vcl file under the “sub vcl_fetch” suboutine
For users accessing phpMyAdmin through a directory
if (req.url ~ "^/pma") {
return (hit_for_pass);
}
Users using a dedicated domain for phpMyAdmin
if (req.http.Host == "pmadomain.com") {
return (hit_for_pass);
}
Save the file and reload Varnish your life will be much simpler ๐
Yes! Thank you for this. Really saved me some time…
Thank you very much for this! Also saved me a massive headache and a load of time ๐
For the parameters passed by phpmyadmin in the url you can also set eception
#Add authorisation GET parameters for url like sub vcl_hash{ if(req.url !~ "^/(phpmyadmin).*$" ){ set req.url = regsuball(req.url,"\?.*$",""); } }Thank you so much, it really, really helped me ๐
It works like a charm with varnish 4 !
@Jermoe
How did you got that example to work with Varnish 4 where hit_for_pas doesn’t exists any more and sub vcl_fetch became vcl_backend_response?
Thanks
Thanks so much Jesin – that did the trick for me. One piece of advice for n00bs with this line:
if (req.url ~ "^/pma") { return (pass); } replace the "pma" with your phpmyadmin folder directory i.e: if (req.url ~ "^/phpmyadmin") { return (pass); }I’m not able to get phpMyAdmin to work behind Varnish (4) using similar method. More here: http://virtualmin.com/node/38272
The following config is based on this document, I haven’t tested it yet. Place it inside
vcl_backend_response.if ( bereq.url ~ "^/pma" || bereq.http.Host == "pmadomain.com" ) { set beresp.uncacheable = true; set beresp.ttl = 120s; return (deliver); }Thank you very much. I was trying to configure the access for phpmyadmin for several months, and finally it works with this code.
Thank you!
Donยดt work for me ๐
When I loged in, with cookie auth_type, the browser redirect me to a URL like this:
http://www.example.com/pma/index.php?token=
and show me a blank page
I tried with this:
sub vlc_fetch # phpmyadmin if (req.url ~ "^/bbdd") { return (hit_for_pass); } sub vlc_recv # Exclude this site because it breaks if cached if (req.url ~ "^/bbdd") { return (pass); }And add to /etc/phpmyadmin/config.inc.php the line:
What am I doing wrong?
Thanks in advance ๐