This is an old revision of the document!


phpMyAdmin

Configuration

Setup a new user for PMA:

mysql -e "CREATE USER 'pma'@'localhost' IDENTIFIED BY '';"
mysql -e "GRANT ALL PRIVILEGES ON *.* TO [email protected] WITH GRANT OPTION;"

To setup a configuration that uses the config file for authentication, and ignores the mysql and information_schema tables, here is what to add to config.inc.php:

$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'pma';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['hide_db'] = '^(mysql|information_schema|performance_schema)$';
# $cfg['Servers'][$i]['only_db'] = array('');

Disable version check, which runs over http and breaks the https seal:

$cfg['VersionCheck'] = false;

Lastly, here is the configuration to add to Apache so that it is accessible only to Digital Trike LAN. This can be placed anywhere in the httpd configuration.

Alias /mysql "/var/www/pma"
<Directory "/var/www/pma">
AllowOverride None
Options None
DirectoryIndex index.php
Order deny,allow
Deny from all
Allow from 173.165.130.129
</Directory>

Apache

Here's a sample htaccess file that would apply:

Order deny,allow
Deny from all
Allow from 192.168.12.
# openvpn
Allow from 10.117.209.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTP_HOST} !^pma\.digitaltrike\.com$ [NC] <br>
RewriteRule .? https://pma.digitaltrike.com [R=301,L]

# deny all .htaccess, .DS_Store, .git and ._* (resource fork) files
<Files ~ "^(\.|~)([git]|[Hh][Tt]|[Dd][Ss]_[Ss]|[_])">
Order allow,deny
Deny from all
Satisfy All
</Files>

AuthName "Super Seekrit Access"
AuthType Basic
AuthUserFile /var/www/htpasswd/pma
Require valid-user