Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PMA_ABSOLUTE_URI not working #296

Closed
dannyyy opened this issue Jul 22, 2020 · 7 comments
Closed

PMA_ABSOLUTE_URI not working #296

dannyyy opened this issue Jul 22, 2020 · 7 comments
Assignees
@williamdes
Labels
invalid

Comments

@dannyyy
Copy link

dannyyy commented Jul 22, 2020
edited by williamdes
Loading

I try to run phpMyAdmin on Kubernetes with the following config:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpmyadmin
  labels:
    app: phpmyadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpmyadmin
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      containers:
        - name: phpmyadmin
          image: phpmyadmin/phpmyadmin:latest
          env:
            - name: TZ
              value: Europe/Zurich
            - name: PMA_HOST
              value: ***
            - name: PMA_USER
              value: ***
            - name: PMA_PASSWORD
              value: ***
            - name: PMA_ABSOLUTE_URI
              value: http://***.media.int/phpmyadmin/
          ports:
          - containerPort: 80
            name: http
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 200m
              memory: 200Mi

---
apiVersion: v1
kind: Service
metadata:
    name: phpmyadmin
    labels:
      app: phpmyadmin
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: http
  selector:
    app: phpmyadmin

---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: phpmyadmin
  annotations:
    nginx.ingress.kubernetes.io/proxy-buffering: "on"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/whitelist-source-range: ***
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  rules:
    - host: ***.media.int
      http:
        paths:
          - path: /phpmyadmin(/|$)(.*)
            backend:
              serviceName: phpmyadmin
              servicePort: 80

Even I've set the PMA_ABSOLUTE_URI environment variable phpMyAdmin is greatly ignoring it:
image
@williamdes
Copy link
Member

williamdes commented Jul 22, 2020
edited
Loading

Hi @dannyyy
To force a value could you try ENV PMA_USER_CONFIG_BASE64 with the value of echo -e "<?php \n$cfg['PmaAbsoluteUri'] = 'http://***.media.int/phpmyadmin/';\n" | base64

@nolandg
Copy link

nolandg commented Oct 23, 2020

Has anyone solved this? PMA_ABSOLUTE_URI seems to have no effect. My phpmyadmin instance running behind Traefik keeps trying to load resources from the root url / and not https://mydomain.com/phpmyadmin so everything 404s.

@nolandg
Copy link

nolandg commented Oct 23, 2020

OMFG trailing slash.

From PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin to PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin/ solved all my worldly problems.

@williamdes
Copy link
Member

OMFG trailing slash.

From PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin to PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin/ solved all my worldly problems.

Could you post your working configuration?

@nolandg
Copy link

nolandg commented Oct 23, 2020

docker-compose.yaml for one Wordpress + MySql + PhpMyAdmin instance:

version: '3.6'

volumes:
  wordpress:
  mysql:

networks:
  edge_web:
    external: true
  default:
    driver: bridge

services:
  wordpress:
    container_name: qcj_wordpress
    image: wordpress
    restart: always
    environment:
      WORDPRESS_DB_HOST: qcj_mysql
      WORDPRESS_DB_USER: x
      WORDPRESS_DB_PASSWORD: x
      WORDPRESS_DB_NAME: x
    volumes:
      - wordpress:/var/www/html
    labels:
      - traefik.enable=true
      - traefik.http.routers.qcj-wordpress.rule=Host(`xxx.ca`)
      - traefik.http.services.qcj-wordpress.loadbalancer.server.port=80
      - traefik.http.routers.qcj-wordpress.middlewares=compress
      - traefik.http.routers.qcj-wordpress.tls.certresolver=tlsresolver
    networks:
      - default
      - edge_web

  db:
    container_name: qcj_mysql
    image: mysql:5.7
    restart: always
    environment:
      MYSQL_DATABASE: x
      MYSQL_USER: x
      MYSQL_PASSWORD: x
      MYSQL_ROOT_PASSWORD: x
    volumes:
      - mysql:/var/lib/mysql
    networks:
      - default
      - edge_web

  phpmyadmin:
    container_name: qcj_phpmyadmin
    image: phpmyadmin:5.0.2
    restart: always
    environment:
      PMA_HOST: qcj_mysql
      MYSQL_ROOT_PASSWORD: x
      PMA_ABSOLUTE_URI: https://xxx.ca/phpmyadmin/ # <-- !
    volumes:
      - mysql:/var/lib/mysql
    labels:
      # Route with Traefik
      - traefik.enable=true
      - traefik.http.routers.qcj-phpmyadmin.rule=Host(`xxx.ca`) && PathPrefix(`/phpmyadmin`) # <-- !
      - traefik.http.routers.qcj-phpmyadmin.entrypoints=admin
      - traefik.http.services.qcj-phpmyadmin.loadbalancer.server.port=80
      # Middleware
      - traefik.http.middlewares.qcj-phpmyadmin.stripprefix.prefixes=/phpmyadmin
      - traefik.http.middlewares.qcj-phpmyadmin.stripprefix.forceslash=false
      - traefik.http.middlewares.proto.headers.customrequestheaders.X-Forwarded-Proto=https # not sure if this was needed
      - traefik.http.routers.qcj-phpmyadmin.middlewares=qcj-phpmyadmin@docker,compress
      # TLS
      - traefik.http.routers.qcj-phpmyadmin.tls.certresolver=tlsresolver
    networks:
      - default
      - edge_web

And the reverse proxy docker-compose.yaml including the Traefik admin dashboard accessible at a port secured by an external firewall. This container must be spun up first because it provides the network definition.

version: '3.6'

networks:
  web:
    driver: bridge
  default:
    driver: bridge

volumes:
  edge_traefik_tls_persistance:

services:
  traefik:
    container_name: traefik
    restart: always
    image: 'traefik:v2.3'
    command: >-
      --log.level=INFO 
      --api.dashboard=true
      --providers.docker 
      --providers.docker.exposedByDefault=false 
      --providers.docker.network=edge_web
      --entryPoints.web.address=:80
      --entrypoints.web.http.redirections.entryPoint.to=websecure
      --entrypoints.web.http.redirections.entryPoint.scheme=https
      --entrypoints.websecure.address=:443
      --entrypoints.admin.address=:xxx # admin port protected by firewall
      --certificatesresolvers.tlsresolver.acme.email=xxxx
      --certificatesresolvers.tlsresolver.acme.storage=acme.json
      --certificatesresolvers.tlsresolver.acme.tlschallenge=true
      --certificatesresolvers.tlsresolver.acme.httpchallenge.entrypoint=web
      --certificatesresolvers.tlsresolver.acme.storage=/etc/traefik/acme/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(xxx.xxx.ca`)"
      - "traefik.http.routers.dashboard.entrypoints=admin"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls.certresolver=tlsresolver"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=xxxx
      - "traefik.http.routers.dashboard.middlewares=traefik-auth"
      - "traefik.http.middlewares.compress.compress=true"
    ports:
      - '80:80'
      - '443:443'
      - 'xxxx:xxxx' # admin port protected by firewall
    networks:
      - web
    volumes:
      - 'edge_traefik_tls_persistance:/etc/traefik/acme'
      - '/var/run/docker.sock:/var/run/docker.sock'

@nolandg
Copy link

nolandg commented Oct 23, 2020

let me know if I forgot to redact something there :-D

@williamdes williamdes self-assigned this Oct 23, 2020
@williamdes
Copy link
Member

williamdes commented Oct 23, 2020
edited
Loading

let me know if I forgot to redact something there :-D

Everything seems fine, thank you

@ag-gaphp ag-gaphp mentioned this issue Jul 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@williamdes williamdes

Labels
invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dannyyy @nolandg @williamdes