search

phpmyadmin / docker

Docker container for phpMyAdmin
https://hub.docker.com/_/phpmyadmin
GNU General Public License v3.0
675 stars 455 forks source link

PMA_ABSOLUTE_URI not working #296

Closed dannyyy closed 4 years ago

dannyyy commented 4 years ago

I try to run phpMyAdmin on Kubernetes with the following config:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpmyadmin
  labels:
    app: phpmyadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpmyadmin
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      containers:
        - name: phpmyadmin
          image: phpmyadmin/phpmyadmin:latest
          env:
            - name: TZ
              value: Europe/Zurich
            - name: PMA_HOST
              value: ***
            - name: PMA_USER
              value: ***
            - name: PMA_PASSWORD
              value: ***
            - name: PMA_ABSOLUTE_URI
              value: http://***.media.int/phpmyadmin/
          ports:
          - containerPort: 80
            name: http
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 200m
              memory: 200Mi

---
apiVersion: v1
kind: Service
metadata:
    name: phpmyadmin
    labels:
      app: phpmyadmin
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: http
  selector:
    app: phpmyadmin

---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: phpmyadmin
  annotations:
    nginx.ingress.kubernetes.io/proxy-buffering: "on"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/whitelist-source-range: ***
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  rules:
    - host: ***.media.int
      http:
        paths:
          - path: /phpmyadmin(/|$)(.*)
            backend:
              serviceName: phpmyadmin
              servicePort: 80

Even I've set the PMA_ABSOLUTE_URI environment variable phpMyAdmin is greatly ignoring it: image

williamdes commented 4 years ago

Hi @dannyyy To force a value could you try ENV PMA_USER_CONFIG_BASE64 with the value of echo -e "<?php \n$cfg['PmaAbsoluteUri'] = 'http://***.media.int/phpmyadmin/';\n" | base64

nolandg commented 4 years ago

Has anyone solved this? PMA_ABSOLUTE_URI seems to have no effect. My phpmyadmin instance running behind Traefik keeps trying to load resources from the root url / and not https://mydomain.com/phpmyadmin so everything 404s.

nolandg commented 4 years ago

OMFG trailing slash.

From PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin to PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin/ solved all my worldly problems.

williamdes commented 4 years ago

OMFG trailing slash.

From PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin to PMA_ABSOLUTE_URI=https://mydomain.com/phpmyadmin/ solved all my worldly problems.

Could you post your working configuration?

nolandg commented 4 years ago

docker-compose.yaml for one Wordpress + MySql + PhpMyAdmin instance:

version: '3.6'

volumes:
  wordpress:
  mysql:

networks:
  edge_web:
    external: true
  default:
    driver: bridge

services:
  wordpress:
    container_name: qcj_wordpress
    image: wordpress
    restart: always
    environment:
      WORDPRESS_DB_HOST: qcj_mysql
      WORDPRESS_DB_USER: x
      WORDPRESS_DB_PASSWORD: x
      WORDPRESS_DB_NAME: x
    volumes:
      - wordpress:/var/www/html
    labels:
      - traefik.enable=true
      - traefik.http.routers.qcj-wordpress.rule=Host(`xxx.ca`)
      - traefik.http.services.qcj-wordpress.loadbalancer.server.port=80
      - traefik.http.routers.qcj-wordpress.middlewares=compress
      - traefik.http.routers.qcj-wordpress.tls.certresolver=tlsresolver
    networks:
      - default
      - edge_web

  db:
    container_name: qcj_mysql
    image: mysql:5.7
    restart: always
    environment:
      MYSQL_DATABASE: x
      MYSQL_USER: x
      MYSQL_PASSWORD: x
      MYSQL_ROOT_PASSWORD: x
    volumes:
      - mysql:/var/lib/mysql
    networks:
      - default
      - edge_web

  phpmyadmin:
    container_name: qcj_phpmyadmin
    image: phpmyadmin:5.0.2
    restart: always
    environment:
      PMA_HOST: qcj_mysql
      MYSQL_ROOT_PASSWORD: x
      PMA_ABSOLUTE_URI: https://xxx.ca/phpmyadmin/ # <-- !
    volumes:
      - mysql:/var/lib/mysql
    labels:
      # Route with Traefik
      - traefik.enable=true
      - traefik.http.routers.qcj-phpmyadmin.rule=Host(`xxx.ca`) && PathPrefix(`/phpmyadmin`) # <-- !
      - traefik.http.routers.qcj-phpmyadmin.entrypoints=admin
      - traefik.http.services.qcj-phpmyadmin.loadbalancer.server.port=80
      # Middleware
      - traefik.http.middlewares.qcj-phpmyadmin.stripprefix.prefixes=/phpmyadmin
      - traefik.http.middlewares.qcj-phpmyadmin.stripprefix.forceslash=false
      - traefik.http.middlewares.proto.headers.customrequestheaders.X-Forwarded-Proto=https # not sure if this was needed
      - traefik.http.routers.qcj-phpmyadmin.middlewares=qcj-phpmyadmin@docker,compress
      # TLS
      - traefik.http.routers.qcj-phpmyadmin.tls.certresolver=tlsresolver
    networks:
      - default
      - edge_web

And the reverse proxy docker-compose.yaml including the Traefik admin dashboard accessible at a port secured by an external firewall. This container must be spun up first because it provides the network definition.

version: '3.6'

networks:
  web:
    driver: bridge
  default:
    driver: bridge

volumes:
  edge_traefik_tls_persistance:

services:
  traefik:
    container_name: traefik
    restart: always
    image: 'traefik:v2.3'
    command: >-
      --log.level=INFO 
      --api.dashboard=true
      --providers.docker 
      --providers.docker.exposedByDefault=false 
      --providers.docker.network=edge_web
      --entryPoints.web.address=:80
      --entrypoints.web.http.redirections.entryPoint.to=websecure
      --entrypoints.web.http.redirections.entryPoint.scheme=https
      --entrypoints.websecure.address=:443
      --entrypoints.admin.address=:xxx # admin port protected by firewall
      --certificatesresolvers.tlsresolver.acme.email=xxxx
      --certificatesresolvers.tlsresolver.acme.storage=acme.json
      --certificatesresolvers.tlsresolver.acme.tlschallenge=true
      --certificatesresolvers.tlsresolver.acme.httpchallenge.entrypoint=web
      --certificatesresolvers.tlsresolver.acme.storage=/etc/traefik/acme/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(xxx.xxx.ca`)"
      - "traefik.http.routers.dashboard.entrypoints=admin"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls.certresolver=tlsresolver"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=xxxx
      - "traefik.http.routers.dashboard.middlewares=traefik-auth"
      - "traefik.http.middlewares.compress.compress=true"
    ports:
      - '80:80'
      - '443:443'
      - 'xxxx:xxxx' # admin port protected by firewall
    networks:
      - web
    volumes:
      - 'edge_traefik_tls_persistance:/etc/traefik/acme'
      - '/var/run/docker.sock:/var/run/docker.sock'
nolandg commented 4 years ago

let me know if I forgot to redact something there :-D

williamdes commented 4 years ago

let me know if I forgot to redact something there :-D

Everything seems fine, thank you