Enable / Disable phpmyadmin

[jferstl]

By default there is a public facing login page to phpmyadmin. For security reasons I would like to be able to configure the Web App in a way that either:

• this page can only be acessed by me
• phpmyadmin can be enabled / disabled through configuration of the Web App

Is there a configuration / setting where I can achive this behaviour?

[dexter-dopping-ekco]

Hey @jferstl, this is our approach:

In /home/dev/startup.sh I have the following lines:

if ! grep -q '# phpmyadmin-access-restriction' /etc/nginx/conf.d/default.conf; then
  # IP whitelist for phpmyadmin access
  sed -i '/location \/phpmyadmin {/a\
  include /home/dev/allow-admins.conf; # phpmyadmin-access-restriction\
  deny all;
  ' /etc/nginx/conf.d/default.conf
fi

# ... We have a bunch more customisations

# Finally reload nginx
/usr/sbin/nginx -s reload

sed is used to modify the config. The grep at the start is to prevent the replacement from running multiple times (can be useful when rerunning startup.sh for development).

/home/dev/allow-admins.config just has lines like this:

# <Person's name>
allow 123.45.67.89;

[ZubaeyrMSFT]

@dexter-dopping-ekco

You can disable PhpMyAdmin by setting SETUP_PHPMYADMIN Application Setting to false in your App Service.

Reference: https://github.com/Azure/wordpress-linux-appservice/blob/main/WordPress/wordpress_phpmyadmin.md

[jferstl]

@ZubaeyrMSFT I read about this setting but according to the description it doesn't seem to be fittet for frequently turning the phpmyadmin on and off:

Installation of PhpMyAdmin happens only once along with the WordPress setup process. It is recommended to not change this value once the WordPress installation is complete, as it might change the routing rules

[samrueby]

Correct, the container only pays attention to this setting on the first initialization.