ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install LAMP phpMyAdmin and MariaDB into CentOS7

    Scheduled Pinned Locked Moved IT Discussion
    33 Posts 5 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403
      last edited by

      So this is a work in progress to setup a Syslog server for XenServer with a graphical interface to use and browse the logs. I'm getting tripped up at a specific point with getting access to the http://ip_addr/phpMyAdmin where I'm receiving an error "403 Forbidden".

      Below is the stock configuation.

      # phpMyAdmin - Web based MySQL browser written in php
      #
      # Allows only localhost by default
      #
      # But allowing phpMyAdmin to anyone other than localhost should be considered
      # dangerous unless properly secured by SSL
      
      Alias /phpMyAdmin /usr/share/phpMyAdmin
      Alias /phpmyadmin /usr/share/phpMyAdmin
      
      <Directory /usr/share/phpMyAdmin/>
         AddDefaultCharset UTF-8
      
         <IfModule mod_authz_core.c>
      	 # Apache 2.4
      	 <RequireAny>
      	   Require ip 127.0.0.1
      	  Require ip ::1
      	</RequireAny>
        </IfModule>
        <IfModule !mod_authz_core.c>
      	 # Apache 2.2
      	 Order Deny,Allow
      	 Deny from All
      	 Allow from 127.0.0.1
      	  AllowOverride None
      	  Options None
      	  Require all granted
         </IfModule>
      </Directory>
      
      <Directory /usr/share/phpMyAdmin/setup/>
         <IfModule mod_authz_core.c>
      	 # Apache 2.4
      	 <RequireAny>
      	   Require ip 127.0.0.1
      	   Require ip ::1
      	 </RequireAny>
         </IfModule>
         <IfModule !mod_authz_core.c>
      	 # Apache 2.2
      	 Order Deny,Allow
      	 Deny from Ally
      	 Allow from 127.0.0.1
      	 Allow from ::1
         </IfModule>
      </Directory>
      
      # These directories do not require access over HTTP - taken from the original
      # phpMyAdmin upstream tarball
      #
      <Directory /usr/share/phpMyAdmin/libraries/>
      	Order Deny,Allow
      	Deny from All
      	Allow from None
      </Directory>
      
      <Directory /usr/share/phpMyAdmin/setup/lib/>
      	Order Deny,Allow
      	Deny from All
      	Allow from None
      </Directory>
      
      <Directory /usr/share/phpMyAdmin/setup/frames/>
      	Order Deny,Allow
      	Deny from All
      	Allow from None
      </Directory>
      
      # This configuration prevents mod_security at phpMyAdmin directories from
      # filtering SQL etc.  This may break your mod_security implementation.
      #
      #<IfModule mod_security.c>
      #    <Directory /usr/share/phpMyAdmin/>
      #        SecRuleInheritance Off
      #    </Directory>
      #</IfModule>
      
      1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403
        last edited by

        This person has tried the same things I've tried...

        1 Reply Last reply Reply Quote 0
        • travisdh1T
          travisdh1
          last edited by

          The only computer allowed to access http://ip_addr/phpMyAdmin is the localhost.... you'd have to be running a web browser on the server to get access to that page. That's what all those 'Deny from All', 'Allow from 172.0.0.1', and 'Allow from ::1' are doing. Easiest thing to do is add an 'Allow from my_ip' to each section, assuming you have a fixed ip address on your workstation.

          stacksofplatesS 1 Reply Last reply Reply Quote 1
          • stacksofplatesS
            stacksofplates @travisdh1
            last edited by

            @travisdh1 said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

            The only computer allowed to access http://ip_addr/phpMyAdmin is the localhost.... you'd have to be running a web browser on the server to get access to that page. That's what all those 'Deny from All', 'Allow from 172.0.0.1', and 'Allow from ::1' are doing. Easiest thing to do is add an 'Allow from my_ip' to each section, assuming you have a fixed ip address on your workstation.

            You could also keep it set as localhost and make an SSH tunnel to access the page. I do that with some of my servers that I don't want the web interface to be completely open.

            1 Reply Last reply Reply Quote 1
            • DustinB3403D
              DustinB3403
              last edited by

              When I put my IP address in the "allow from" fields replacing localhost the page completely fails to load.

              travisdh1T 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403
                last edited by

                I'm comfortable with the phpMyAdmin being accessible on the LAN. I have no issues with that.

                But all of the documentation I'm able to find seems to not go this route. For security reasons I assume.

                1 Reply Last reply Reply Quote 0
                • travisdh1T
                  travisdh1 @DustinB3403
                  last edited by

                  @DustinB3403 You're not getting a "You don't have permission to access this page." error now?

                  Since you don't mind it being available on the LAN, change all the 'Order Deny,Allow' to 'Order Allow,Deny' and each 'Deny from All' to 'Allow from All'.

                  I've never actually used a separate .conf file for phpmyadmin. You could probably make this work, but you'd need to configure proxy and reverse proxy to get that setup working correctly. It's like they went and locked it down to the point of being unusable.

                  1 Reply Last reply Reply Quote 0
                  • DustinB3403D
                    DustinB3403
                    last edited by

                    Ok I got that resolved and now I'm signed in. Followed this here to get it going.

                    travisdh1T 1 Reply Last reply Reply Quote 1
                    • travisdh1T
                      travisdh1 @DustinB3403
                      last edited by

                      @DustinB3403 said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                      Ok I got that resolved and now I'm signed in. Followed this here to get it going.

                      Looks like a much better guide.

                      1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403
                        last edited by

                        Forward progress!

                        0_1471530813904_chrome_2016-08-18_10-33-01.png

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          phpMyAdmin is just another website, there isn't anything unique about it. Don't think of it as something special.

                          1 Reply Last reply Reply Quote 1
                          • DustinB3403D
                            DustinB3403
                            last edited by

                            Stalled... it appears CentOS has some restrictions in place that don't allow the website to get updated.

                            So investigating this issue now..0_1471532229512_chrome_2016-08-18_10-55-44.png

                            travisdh1T 1 Reply Last reply Reply Quote 0
                            • travisdh1T
                              travisdh1 @DustinB3403
                              last edited by

                              @DustinB3403 At least that error tells you how to go fix things.

                              DustinB3403D 1 Reply Last reply Reply Quote 1
                              • DustinB3403D
                                DustinB3403 @travisdh1
                                last edited by

                                @travisdh1 said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                                @DustinB3403 At least that error tells you how to go fix things.

                                Kind of, I've set the permissions on the file in question, and no dice.

                                travisdh1T 1 Reply Last reply Reply Quote 0
                                • stacksofplatesS
                                  stacksofplates
                                  last edited by

                                  Remember if you have SELinux turned on you're going to need to change the type for all of those files.

                                  DustinB3403D 1 Reply Last reply Reply Quote 0
                                  • DustinB3403D
                                    DustinB3403 @stacksofplates
                                    last edited by

                                    @stacksofplates said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                                    Remember if you have SELinux turned on you're going to need to change the type for all of those files.

                                    selinux is on by default.

                                    What do you mean "change the type for all of those files" ?

                                    stacksofplatesS 1 Reply Last reply Reply Quote 0
                                    • travisdh1T
                                      travisdh1 @DustinB3403
                                      last edited by

                                      @DustinB3403 said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                                      @travisdh1 said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                                      @DustinB3403 At least that error tells you how to go fix things.

                                      Kind of, I've set the permissions on the file in question, and no dice.

                                      Either file permissions in the rest of the phpmyadmin folder, of selinux permissions problems. My first guess is normally selinux in these cases.

                                      semanage fcontext -a -t httpd_sys_rw_content_t '/path/to/phpmyadmin(/.*)?'
                                      
                                      1 Reply Last reply Reply Quote 1
                                      • stacksofplatesS
                                        stacksofplates @DustinB3403
                                        last edited by

                                        @DustinB3403 said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                                        @stacksofplates said in Install LAMP phpMyAdmin and MariaDB into CentOS7:

                                        Remember if you have SELinux turned on you're going to need to change the type for all of those files.

                                        selinux is on by default.

                                        What do you mean "change the type for all of those files" ?

                                        You have to change the SELinux context type for the files in apache directory. By default the context should be httpd_sys_rw_content_t.

                                        If you do an ls -lZ on the directory all of the files are in it will show you the context type.

                                        1 Reply Last reply Reply Quote 1
                                        • DustinB3403D
                                          DustinB3403
                                          last edited by

                                          I ran this, and was able to get past the above error.

                                          chcon -R -t httpd_sys_rw_content_t /var/www/html/
                                          
                                          1 Reply Last reply Reply Quote 0
                                          • stacksofplatesS
                                            stacksofplates
                                            last edited by stacksofplates

                                            you can also do a chcon -R --reference=/var/www/html <directory you need to change> but remember if you just use chcon it can be reversed with restorecon to the bad types. I usually use this as a quick test to make sure it works. Then I'll use semanage to permanently change the context.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post