7

PhpMyAdmin should be installed with SSL

  • Live

N
boundless

phpMyAdmin is currently installed without SSL, which makes it highly insecure.

Even though phpMyAdmin is discouraged, it should still be installed securely when it is used.

Also it should be possible to enter a custom hostname.

A

Activity Newest / Oldest

Avatar

Dennis

Status changed to: Live

N

boundless

It works!

The only issue I had was when I installed it using the server IP, added a cert, uninstalled it, and then tried to install it again but on a subdomain. The second install failed, as did further attempts on the subdomain or the IP. It was a new server, so I just spun up another one.


  • Avatar
Avatar

Zachary Claret-Scott

Let's Encrypt doesn't support issuing an SSL for an IP address, @Dennis it may be worth checking this and not displaying the button in the panel to users to stop them trying it

community.letsencrypt.org/t/ssl-on-a-ip-instead-of-domain/90635


Avatar

Dennis

It would be great if any of you can test this. We've added support for custom domain & SSL.

If you already have phpmyadmin installed, you will need to remove it and install it again.


  • Avatar
Avatar

Zachary Claret-Scott

Seems to work perfectly for me. Thanks so much for implementing this!

Only issue I see is the SSL request failed because DNS hadn't fully propagated and there was no way to retry without uninstalling and reinstalling again

I also had to restart the PHP FPM workers after the install to clear a 500 error being thrown by phpmyadmin


  • Avatar
Avatar

Dennis

Great suggestion, we will add a check for requesting SSL & DNS indeed.


  • Avatar
Avatar

Dennis

Status changed to: In progress

Avatar

Dennis

Status changed to: Planned

N

boundless

phpMyAdmin is still being installed without SSL. Why was this request closed?


Avatar

Dennis

I am unsure, actually, usually we comment about how/why.

Don't see why this should be closed :)


  • Avatar
Avatar

Dennis

Status changed to: Closed