Jesin's Blog

Welcome to the Portal of Technology

  • Facebook
  • GitHub
  • Google+
  • RSS
  • Twitter
  • Home
  • Categories
    • Domains
    • Linux
    • Networking
    • PHP
    • Virtualization
    • Web Design
    • Web Servers
    • Windows
  • WordPress Plugins
    • Custom Error Pages
    • HTTP Digest Authentication
    • Mailgun Email Validator
  • Toolbox
    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool
  • About Me
  • Contact Me
  • Sitemap
Home ›
Web Servers ›
Installing phpMyAdmin behind Varnish

Installing phpMyAdmin behind Varnish

February 15, 2013 Web Servers Jesin A 10 Comments

Recently I chanced upon installing phpMyAdmin on a Linux server running nginx as a backend and Varnish as a reverse proxy. I faced a few problems which took hours of googling to solve so here I am writing this article to make your life easier. This article assumes you already have a web server up and running along with PHP, MySQL and have configured Varnish as a reverse proxy. Most of the problems I faced are because I already had wordpress running on that server, so I had configured Varnish to accept cookies from ONLY “(wp-admin|wp-login)” URLs this turned out to be a disaster for phpMyAdmin even after I configured a “return(pass)” for its URL.

First things first, download phpMyAdmin to your server. I used the following commands to directly download it to the server, extract and copy it.

wget -O phpmyadmin-STABLE.tar.gz https://github.com/phpmyadmin/phpmyadmin/archive/STABLE.tar.gz
tar -xvf phpmyadmin-STABLE.tar.gz
cd /var/www/html/pma
mv -f -v /home/username/phpmyadmin-STABLE/* .

Now it is crucial you edit the config.inc.php file and add the website name through which phpMyAdmin will be accessed.

cd /var/www/html/pma
cp config.sample.inc.php config.inc.php
nano config.inc.php

Add or edit the following line

$cfg['PmaAbsoluteUri'] = 'http://www.example.com/pma/';

Replace “example.com” with your website’s domain name and change “pma” to the directory which contains the phpMyAdmin files.

Without doing this on my nginx server when I tried logging into my database using phpMyAdmin the login form POSTed the username and password I entered to “http://www.example.com:8080/index.php” which resulted in a “connection timed out” error from my web browser. This is because nginx being the backend was listening on “127.0.0.1:8080” so after adding the above configuration this problem was solved.

Second, I is to tell Varnish NOT to cache the pages of phpMyAdmin to do this open the default.vcl file

nano /etc/varnish/default.vcl

Add the following inside “sub vcl_recv” subroutine

if (req.url ~ "^/pma") {
return (pass);
}

If you are using a dedicated domain for accessing phpMyAdmin use req.http.Host inside “sub vcl_recv” subroutine

if (req.http.Host == "pmadomain.com") {
return (pass);
}

Replace default.vcl with the name of your configuration file. This will ensure Varnish passes all the requests received for phpMyAdmin to the backend web server without caching anything.

Finally I faced a problem which ate up lots of my time (and hair!). PhpMyAdmin loaded properly, I entered the credentials of a database user, some processing went and then it came back to the same login page !!! Looking at the URL on the address bar of the browser I found that a session had been created because the URL looked like http://www.example.com/pma/index.php?token=<some random alphabets and numbers> but why was it coming back to the login page ? Having a look at the HTTP headers going back and forth using LiveHTTPheaders Firefox plugin unraveled the mystery behind what was happening, Varnish was striping out cookies in the responses sent FROM the web server, hence each time I entered my database credentials the web server (nginx in my case) was creating a session, redirecting me to another page and sending some cookies, but since the cookie did NOT reach my browser my browser did not send back any cookies to the newly redirected page which caused the authentication to fail redirecting back to the login page. But why did Varnish remove those cookies ? Remember what I said in the beginning of this article, I had configured Varnish to strip out cookies for all pages except “(wp-admin|wp-login)”.

So add the following lines toย the default.vcl file under the “sub vcl_fetch” suboutine

For users accessing phpMyAdmin through a directory

if (req.url ~ "^/pma") {
return (hit_for_pass);
}

Users using a dedicated domain for phpMyAdmin

if (req.http.Host == "pmadomain.com") {
return (hit_for_pass);
}

Save the file and reload Varnish your life will be much simpler ๐Ÿ˜‰

Related posts:

nginx phpmyadmin thumbnailHow to install PHPMyAdmin on an Nginx Web Server php category thumbnailCreating a PHP MySQL Login Page Script php category thumbnailRedirecting WordPress archives to a page wordpress custom 403 error pageCustom 403 and 401 error pages in WordPress linux category thumbnailConfigure Apache Web Server Load Balancing

Tags: phpmyadmin, varnish

Comments

  1. David Hilowitz says

    April 21, 2013 at 1:41 am

    Yes! Thank you for this. Really saved me some time…

    Reply
  2. Adam says

    November 5, 2013 at 7:11 pm

    Thank you very much for this! Also saved me a massive headache and a load of time ๐Ÿ˜€

    Reply
  3. Yto says

    May 16, 2014 at 4:12 pm

    For the parameters passed by phpmyadmin in the url you can also set eception

    #Add   authorisation GET parameters for url like
    sub vcl_hash{
     if(req.url !~ "^/(phpmyadmin).*$" ){
       set req.url = regsuball(req.url,"\?.*$","");
      }
    }
    Reply
  4. Jerome says

    August 1, 2014 at 8:11 pm

    Thank you so much, it really, really helped me ๐Ÿ™‚
    It works like a charm with varnish 4 !

    Reply
    • Adam R says

      October 16, 2015 at 9:38 pm

      @Jermoe

      How did you got that example to work with Varnish 4 where hit_for_pas doesn’t exists any more and sub vcl_fetch became vcl_backend_response?

      Thanks

      Reply
  5. Rhys Clay says

    April 16, 2015 at 10:40 am

    Thanks so much Jesin – that did the trick for me. One piece of advice for n00bs with this line:

    if (req.url ~ "^/pma") {
    return (pass);
    }
    
    replace the "pma" with your phpmyadmin folder directory i.e:
    
    if (req.url ~ "^/phpmyadmin") {
    return (pass);
    }
    Reply
  6. Adam R says

    October 16, 2015 at 9:25 pm

    I’m not able to get phpMyAdmin to work behind Varnish (4) using similar method. More here: http://virtualmin.com/node/38272

    Reply
    • Jesin A says

      October 17, 2015 at 8:42 pm

      The following config is based on this document, I haven’t tested it yet. Place it inside vcl_backend_response.

      if ( bereq.url ~ "^/pma" || bereq.http.Host == "pmadomain.com" ) {
          set beresp.uncacheable = true;
          set beresp.ttl = 120s;
          return (deliver);
      }
      Reply
      • eifersucht says

        March 17, 2017 at 2:43 pm

        Thank you very much. I was trying to configure the access for phpmyadmin for several months, and finally it works with this code.

        Thank you!

        Reply
  7. Juanmi says

    July 5, 2016 at 11:03 pm

    Donยดt work for me ๐Ÿ™

    When I loged in, with cookie auth_type, the browser redirect me to a URL like this:

    http://www.example.com/pma/index.php?token=

    and show me a blank page

    I tried with this:

    sub vlc_fetch
        # phpmyadmin
        if (req.url ~ "^/bbdd") {
            return (hit_for_pass);
        }
    
    sub vlc_recv
        # Exclude this site because it breaks if cached
        if (req.url ~ "^/bbdd") {
            return (pass);
        }

    And add to /etc/phpmyadmin/config.inc.php the line:

    $cfg['PmaAbsoluteUri'] = 'http://www.example.com/bbdd/';

    What am I doing wrong?

    Thanks in advance ๐Ÿ˜‰

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get a wealth of information delivered to your inbox. Subscribe and never miss a single article.

  • Tutorials and howtos
  • Code, scripts and commands
  • Online Tools

* No spam, unsubscribe anytime

Hire Me

  • SSL installation and hardening (A+ on Qualys SSL test)
  • Apache & Nginx configuration
  • Email deliverability improvement (10/10 on Mail Tester & MailGenius)
  • WordPress customization, optimization and migration
  • and much more…

    Tools

    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool

    Nav

    • Home
    • About Me
    • Contact Me
    • Privacy Policy
    • Sitemap
    Vultr SSD VPS

    Creative Commons License
    Jesin's Blog by Jesin A is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Based on a work at websistent.com.