I’ve just been installing phpMyAdmin on a Debian server. This is very easy; simply:
# apt-get install phpmyadmin
However, if you are working on a machine with many vhosts, you need to set up a vhost for pma. Again this is not difficult, the vhost is mostly standard. The following allows access to the phpMyAdmin vhost over HTTPS on port 50002 with basic authentication. It assumes that the public (/etc/apache2/ssl/phpmyadmin.example.com.public.pem) and private (/etc/apache2/ssl/phpmyadmin.example.com.private.pem) key files, the password file (/etc/apache2/passwords/passwords) and the group file (/etc/apache2/passwords/groups) exist and that port 50002 is not blocked by the firewall.
<VirtualHost 1.2.3.4:80>
ServerName phpmyadmin.example.com
Redirect permanent / https://phpmyadmin.example.com:50002/
</VirtualHost>
Listen 50002
NameVirtualHost 1.2.3.4:50002
<VirtualHost 1.2.3.4:50002>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/phpmyadmin.example.com.public.pem
SSLCertificateKeyFile /etc/apache2/ssl/phpmyadmin.example.com.private.pem
ServerName phpmyadmin.example.com
DocumentRoot /var/www/phpmyadmin
<Location />
AuthType Basic
AuthName "phpmyadmin on example.com"
AuthUserFile /etc/apache2/passwords/passwords
AuthGroupFile /etc/apache2/passwords/groups
Require group developers
</Location>
</VirtualHost>
You run into difficulties, though, when you restart the server if you have the default AllowOverride settings. Normally it’s a good security practice to keep your Apache configuration as locked down as possible and only allow directives to be overridden when it’s necessary. Equivalent statements are true in any field of computer with regards to security. phpMyAdmin’s .htaccess file (as supplied via apt) has a number of directives that are not allowed by default config and it’s necessary to allow them in the vhost conf file.
I came up with:
<Directory /var/www/phpmyadmin>
AllowOverride Options Indexes FileInfo Limit AuthConfig
</Directory>
Details of the AllowOverride dirctive can be found at
http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
I have to admit that I’m a little confused about the way that they grouped the directives that you can allow to be overridden. Why are AuthConfig and Limit separate groups? There seems to be a lot of semantic overlap there. What about allowing Options to be overridden? What if a sys admin wants to limit which individual options can be overridden?
Altogether, that’s:
<VirtualHost 1.2.3.4:80>
ServerName phpmyadmin.example.com
Redirect permanent / https://phpmyadmin.example.com:50002/
</VirtualHost>
Listen 50002
NameVirtualHost 1.2.3.4:50002
<VirtualHost 1.2.3.4:50002>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/phpmyadmin.example.com.public.pem
SSLCertificateKeyFile /etc/apache2/ssl/phpmyadmin.example.com.private.pem
ServerName phpmyadmin.example.com
DocumentRoot /var/www/phpmyadmin
<Directory /var/www/phpmyadmin>
AllowOverride Options Indexes FileInfo Limit AuthConfig
</Directory>
<Location />
AuthType Basic
AuthName "phpmyadmin on example.com"
AuthUserFile /etc/apache2/passwords/passwords
AuthGroupFile /etc/apache2/passwords/groups
Require group developers
</Location>
</VirtualHost>
Reversing Entropy 