Open d3xt3r01 opened 2 years ago
Hi @d3xt3r01
I transferred this issue here. I am not sure about where is the mistake but https://github.com/phpmyadmin/docker/issues/253#issuecomment-544242405 may help you And all the thread #253 is filled with examples that could help too let me know
I've looked at it all day long...nothing there for apache... I still don't understand what I'm missing... I've also tried the same thing with the '-fpm' non-alpine image... Same issues with the security.limit_extensions errors. I thought maybe my apache is messed up somehow... so I added these to the services list in docker-compose.yml
httpd:
image: 'httpd:2.4.52-alpine'
restart: always
ports:
- 192.168.1.2:9183:80
networks:
mariadb:
After which I modified httpd's config a bit
docker exec -it docker-mariadb_httpd_1 sh
echo 'Include conf/extra/phpmyadmin.local.lan.conf' >>/usr/local/apache2/conf/httpd.conf
cat >/usr/local/apache2/conf/extra/phpmyadmin.local.lan.conf <<'EOF'
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
<VirtualHost 0.0.0.0:80>
ServerName phpmyadmin.local.lan
ProxyPass / "fcgi://phpmyadmin:9000/var/www/html/"
ProxyPassReverse / "fcgi://phpmyadmin:9000/var/www/html/"
</VirtualHost>
EOF
httpd -t
kill -USR1 1
Further testing resulted in this fix... not sure if it's the right way of doing it...
# cat ./volumes/phpmyadmin/disablesecurity.conf
[www]
security.limit_extensions =
# the service looks like this now
phpmyadmin:
image: 'phpmyadmin:5.1.1-fpm-alpine'
restart: always
hostname: 'phpmyadmin'
ports:
- 127.0.0.1:9180:9000
volumes:
- './volumes/phpmyadmin/disablesecurity.conf:/usr/local/etc/php-fpm.d/disablesecurity.conf'
environment:
HIDE_PHP_VERSION: "true"
PMA_ARBITRARY: 1
PMA_ABSOLUTE_URI: http://phpmyadmin.local.lan/
networks:
mariadb:
# the vhost definition in apache looks like this now
<VirtualHost 192.168.1.2:80>
ServerName phpmyadmin.local.lan
ProxyPreserveHost on
RewriteEngine on
RewriteRule ^/$ /index.php [P,QSA,L]
ProxyPass / "fcgi://127.0.0.1:9180/var/www/html/"
ProxyPassReverse / "fcgi://127.0.0.1:9180/var/www/html/"
<LocationMatch "^/.*\.css">
Header set Content-type "text/css"
</LocationMatch>
<LocationMatch "^/.*\.js">
Header set Content-type "text/javascript"
</LocationMatch>
</VirtualHost>
First of all, thank you all of your effort to make these docker images possible. And sorry, if my text disturbs you, but after one day of searching solutions for the alpine-fpm version of phpmyadmin to work, I have to say, it is almost useless. And why I'm upset, is the lack of documentation. If I could read, how it is working exactly (btw. I think only one solution exists), I don't spend my all day to find out, that is not I want. My scenario are a non-dockerized apche2 reverse proxy and a dockerized alpine-fpm-phpmyadmin. Actually it is not working in this scenario. Why? Becasuse the php in the fpm docker is set to work with a few extensions (php(*), htm, etc.), so when you try to browse the pma directory, you are gonna face with the security.limit_extensions config option. In my oppinion, the weakening of the php security with an empty security.limit_extensions line is not an acceptable solution! You can try to share the pma docroot with a non-dockerized apache for serving the non-php files (like js), but it is impossible, because the docker bind mount actually removes every files in the pma docroot in this case, the docker volume is working actually (/var/lib/docker/volumes), but the path is inaccessable for the non-dockerized apache. I know, I can set the directory permission, but from the point of security is just not acceptable. I don't wanna only complain, so for those who wants to use this version of pma (fpm-alpine without webserver), I can tell, the only solution is a dockerized webserver beside the dockerized fpm-pma, and you can share the pma docroot between them with a docker volume (pma_web:/var/www/html). After that you can serve the rest of the non-php-files by this webserver. Unfortunately this scenario is not a soultion for me. I hope this can help for those who are like me, find the working solution, but don't understand why is it not working. Peace.
Content-type "text/css"
For nginx:
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
HI. I think I got it. Docker-compose.yml:
version: '3.8'
volumes:
phpmyadmin:
services:
www:
image: httpd:alpine
volumes:
- "./www:/usr/local/apache2/htdocs"
- "./conf/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf"
- "./conf/httpd/vhosts:/usr/local/apache2/conf.d/vhosts"
- phpmyadmin:/var/www/html/phpmyadmin #THIS LINE IS KEY
environment:
TZ: "${TZ}"
networks:
- default
restart: always
phpmyadminfpm:
Image: phpmyadmin:5-fpm-alpine
environment:
PMA_HOST: ${MYSQL_HOST}
TZ: ${TZ}
restart: always
volumes:
- phpmyadmin:/var/www/html #THIS LINE IS KEY
phpmyadmin.conf:
<VirtualHost *:80>
ServerName phfpm.localhost
RewriteEngine on
RewriteRule ^/?$ "http://%{SERVER_NAME}/index.php" [P,QSA,L]
ProxyPassMatch "^/(.*\.php)$" "fcgi://phpmyadminfpm:9000/var/www/html/" #THIS LINE IS KEY
ProxyPassReverse "^/(.*\.php)$" "fcgi://phpmyadminfpm:9000/var/www/html/" #THIS LINE IS KEY
DocumentRoot "/var/www/html/phpmyadmin" #THIS LINE IS KEY
<Directory "/var/www/html/phpmyadmin">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
There's no need for security.limit_extensions override or nothing The thing here is that Apache serves static content from PhpMyAdmin and only .php files are parsed by PhpMyAdmin FPM process. For that you need to share the files in PhpMyAdmin, so that's why you need the volumes in Apache container and share the PhpMyAdmin files as a volume
Please test it and tell me!
This custom image might save the problems. https://hub.docker.com/r/beeyev/phpmyadmin-lightweight
Describe the bug
The default security.limit_extensions in php-fpm.d/www.conf doesn't allow the php-fpm to serve the other files.
To Reproduce
Use this docker-compose
Expected behavior
The UI to appear
Screenshots
The text "File not found."
Docker Logs
Server configuration
Client configuration
any ... cli/UI
Additional context
The documentation doesn't say anything about the apache reverse proxy so... I think we also need an example for apache. For example the
/var/www/html
is needed to be appended to the proxypass took me a little bit to figure out. Maybe also something to redirect / to index.php? in my solution / still says File not found. Chrome refuses to show everything probably because of X-Content-Type-Options which if forcely removed will still cause it to render weirdly.