How to access /admin/pma

[anildalar]

.env file

phpMyAdmin

PMA_ALIAS=/admin/pma PMA_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 Also tried PMA_ALLOW_FROM=0.0.0.0/0

[ugoviti]

Hi,

strange, do you enabled PMA with PMA_ENABLED=true ?

[anildalar]

Yes i did enabled PMA_ENABLED=true

Here is my .env file

Persistent data management

enable persistent data storage (comment if you want disable persistence of data) (default: /data)

APP_DATA=/data

lookup for custom script to execute during izPBX startup

APP_CUSTOM_SCRIPTS=/data/scripts

TimeZone configuration

set the timezone based on your geographical location (default: TZ=UTC)

TZ=Europe/Rome

Database

WARNING: default izPBX security passwords. please change it according to your security defaults

NOTE1: to avoid writing the mysql root password here, the MYSQL_ROOT_PASSWORD variable can be disabled

if the MYSQL_USER can create the asterisk database or if it already exist

MYSQL_PASSWORD=PleaseCHANGEM3 MYSQL_ROOT_PASSWORD=PleaseCHANGEM3

NOTE2: for enhanced security, if can comment the above vars and use pre-created docker secrets instead

create the docker secret using the following commands:

echo -n YourSuperSecretMySQLFPBXPASSWORD | docker secret create IZPBX_MYSQL_PASSWORD -

echo -n YourSuperSecretMySQLROOTPASSWORD | docker secret create IZPBX_MYSQL_ROOT_PASSWORD -

IZPBX_MYSQL_PASSWORD_FILE=/run/secrets/IZPBX_MYSQL_PASSWORD

IZPBX_MYSQL_ROOT_PASSWORD_FILE=/run/secrets/IZPBX_MYSQL_ROOT_PASSWORD

WARNING: enable the following vars only for testing

MYSQL_RANDOM_ROOT_PASSWORD=true

MYSQL_ALLOW_EMPTY_ROOT_PASSWORD=true

WARNING: if docker-compose is configured with "network_mode: host" then use "MYSQL_SERVER=127.0.0.1" or the address of the remote database server

WARNING: if docker-compose is not configured with "network_mode: host" then use "MYSQL_SERVER=db" or the address of the remote database server

MYSQL_SERVER=db

MYSQL_SERVER=127.0.0.1 MYSQL_DATABASE=asterisk MYSQL_DATABASE_CDR=asteriskcdrdb MYSQL_USER=asterisk

Email addreses and SMTP smarthost

outgoing mails will set as From as: (default: izpbx@localhost.localdomain)

SMTP_MAIL_FROM=izpbx@example.com

outgoing mails will to send notifications, like cron, fail2ban, etc... (default: root@localhost.localdomain)

SMTP_MAIL_TO=admin@example.com

specify DNS name or IP address for the SMTP RelayHost (default: none)

SMTP_RELAYHOST=smtp.example.com

SMTP_RELAYHOST_PORT=25

SMTP_RELAYHOST_USERNAME=yourusername

SMTP_RELAYHOST_PASSWORD=yoursecurepassword

SMTP_STARTTLS=true

SMTP_ALLOWED_SENDER_DOMAINS=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

SMTP_MESSAGE_SIZE_LIMIT=67108864

Webserver and HTTP/HTTPS

enable if the pbx is exposed to internet and want autoconfigure virtualhosting based on the following FQDN (default: none)

APP_FQDN=pbx.oceanpbx.club

enable https protocols (default: false)

by default izpbx will use a self-signed certificate generated on first run if missing

HTTPD_HTTPS_ENABLED=true

use custom ssl certificates (only used when LETSENCRYPT_ENABLED=false) place you certs into: /etc/asterisk/keys

NOTE: if you want recreate the self-signed certificates after initial deploy, you must delete the certs and restart izpbx

HTTPD_HTTPS_CERT_FILE=/etc/asterisk/keys/default.crt

HTTPD_HTTPS_KEY_FILE=/etc/asterisk/keys/default.key

HTTPD_HTTPS_CHAIN_FILE=/etc/asterisk/keys/default.chain.crt

redirect unencrypted http connetions to https (default: false)

HTTPD_REDIRECT_HTTP_TO_HTTPS=true

auto generate Let's Encrypt SSL certificates if the pbx is exposed to Internet and want enable https protocol (default: false)

To use LETSENCRYPT make sure SMTP_MAIL_TO and APP_FQDN are set to correct values

LETSENCRYPT_ENABLED=true LETSENCRYPT_COUNTRY_CODE=IN LETSENCRYPT_COUNTRY_STATE=MP

by default everyone can connect to HTTP/HTTPS WEB interface, comment out to restrict the access and enhance the security (default: 0.0.0.0/0)

HTTPD_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

phpMyAdmin

PMA_ALIAS=/admin/pma

PMA_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

FOP2 configuration (https://www.fop2.com/docs/)

Note: If FOP2_AUTOUPGRADE=true, you must have purchased a valid upgrade subscription from fop.com, otherwise FOP2 will become unsupported.

FOP2_AUTOUPGRADE=false FOP2_AUTOACTIVATION=false FOP2_LICENSE_NAME= FOP2_LICENSE_CODE= FOP2_LICENSE_IFACE=eth0

the following variables are not mandatory, you can leave commented (FOP2_AMI_PASSWORD will be a random hash)

FOP2_AMI_HOST=localhost FOP2_AMI_PORT=5038 FOP2_AMI_USERNAME=admin FOP2_AMI_PASSWORD=amp111

Zabbix Network Monitoring

for automatic discovery of HOSTNAME leave ZABBIX_HOSTNAME commented

ZABBIX_SERVER=zabbixserver.example.com

ZABBIX_HOSTNAME=izpbx.example.com

ZABBIX_HOSTMETADATA=izPBX CHANGEM3WithAS3cur3HA$H

Fail2ban

format: FAIL2BAN_SECTION_KEY=VALUE

by default izpbx will will use: FAIL2BAN_DEFAULT_SENDER=$SMTP_MAIL_FROM and FAIL2BAN_DEFAULT_DESTEMAIL=$SMTP_MAIL_TO, anyway you can override it bellow

FAIL2BAN_ENABLED=true FAIL2BAN_ASTERISK_ENABLED=true

FAIL2BAN_ASTERISK_LOGPATH=/var/log/asterisk/security

FAIL2BAN_DEFAULT_SENDER=fail2ban@example.com

FAIL2BAN_DEFAULT_DESTEMAIL=security@example.com

FAIL2BAN_DEFAULT_BANACTION=iptables-allports[blocktype=DROP]

FAIL2BAN_DEFAULT_IGNOREIP=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 FAIL2BAN_DEFAULT_BANTIME=300 FAIL2BAN_DEFAULT_FINDTIME=3600 FAIL2BAN_DEFAULT_MAXRETRY=10 FAIL2BAN_RECIDIVE_ENABLED=true FAIL2BAN_RECIDIVE_BANTIME=1814400 FAIL2BAN_RECIDIVE_FINDTIME=15552000 FAIL2BAN_RECIDIVE_MAXRETRY=10

FreePBX Advanced Settings

prefix every FreePBX internal variable with FREEPBX_

modules enabled on first startup

FREEPBX_MODULES_EXTRA=soundlang callrecording cdr conferences customappsreg featurecodeadmin infoservices logfiles music manager arimanager filestore recordings announcement asteriskinfo backup callforward callwaiting daynight calendar certman cidlookup contactmanager donotdisturb fax findmefollow iaxsettings miscapps miscdests ivr parking phonebook presencestate printextensions queues cel timeconditions pm2

enable automatic upgrading FreePBX on izpbx startup from previous version to a new major version (ex. from 15 to 16)

WARNING: this is a dangerous task!!! be sure to have a backup before enabling core autoupgrade!

FREEPBX_AUTOUPGRADE_CORE=true

enable automatic modules updates (NOTE: only on initial deploy)

FREEPBX_AUTOUPGRADE_MODULES=true

fix permission of freepbx and asterisk files on every start

FREEPBX_FIX_PERMISSION=false

customize default freepbx settings on every start

FREEPBX_FREEPBX_SYSTEM_IDENT=izPBX FREEPBX_AS_DISPLAY_READONLY_SETTINGS=1 FREEPBX_AS_OVERRIDE_READONLY=1 FREEPBX_ENABLECW=0 FREEPBX_TONEZONE=it FREEPBX_PHPTIMEZONE=Europe/Rome

FREEPBX_BRAND_IMAGE_TANGO_LEFT=images/tango.png

FREEPBX_BRAND_IMAGE_FREEPBX_FOOT=images/freepbx_small.png

FREEPBX_BRAND_IMAGE_SPONSOR_FOOT=images/sangoma-horizontal_thumb.png

FREEPBX_BRAND_FREEPBX_ALT_LEFT=FreePBX

FREEPBX_BRAND_FREEPBX_ALT_FOOT=FreePBX®

FREEPBX_BRAND_SPONSOR_ALT_FOOT=www.sangoma.com

FREEPBX_BRAND_IMAGE_FREEPBX_LINK_LEFT=http://www.freepbx.org

FREEPBX_BRAND_IMAGE_FREEPBX_LINK_FOOT=http://www.freepbx.org

FREEPBX_BRAND_IMAGE_SPONSOR_LINK_FOOT=http://www.sangoma.com

FREEPBX_RSSFEEDS=

WORKAROUND @20200322 https://issues.freepbx.org/browse/FREEPBX-20559 : fwconsole setting SIGNATURECHECK 0

FREEPBX_SIGNATURECHECK=0

PhoneBook Settings

PhoneBook server address used by VoiP Phones.

You can specify IP or DNS name. If empty, by default will be used in order: 'http://$APP_FQDN' or 'http://PBXIP'

PHONEBOOK_ADDRESS=https://izpbx.example.com

DHCP/NTP/TFTP Server

DHCP_DOMAIN=izpbx.local

DHCP_POOL_START=10.1.1.10

DHCP_POOL_END=10.1.1.250

DHCP_POOL_LEASE=72h

DHCP_DNS: leave commented to use docker container DNS ip address

DHCP_DNS=10.1.1.1

DHCP_GW=10.1.1.1

DHCP_NTP=10.1.1.1

NTP Server

NTP_SERVERS=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org

NTP_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Container Network Ports

webserver and freepbx ports

APP_PORT_HTTP=80 APP_PORT_HTTPS=443

asterisk ports

APP_PORT_IAX=4569 APP_PORT_PJSIP=5060 APP_PORT_SIP=5160 APP_PORT_WEBRTC=8089 APP_PORT_UCP_HTTP=8001 APP_PORT_UCP_HTTPS=8003 APP_PORT_AMI=8088

WARNING: tune the APP_PORT_RTP_END to a lower value (ex. 10200) if 'network_mode: host' is not used

APP_PORT_RTP_START=10000 APP_PORT_RTP_END=20000

database port

APP_PORT_MYSQL=3306

other services ports

APP_PORT_DHCP=67 APP_PORT_TFTP=69 APP_PORT_NTP=123 APP_PORT_FOP2=4445 APP_PORT_ZABBIX=10050

Container Services

MSMTP_ENABLED=true

POSTFIX_ENABLED=true

CRON_ENABLED=true HTTPD_ENABLED=true IZPBX_ENABLED=true FAIL2BAN_ENABLED=true

DHCP_ENABLED=true

TFTP_ENABLED=true

NTP_ENABLED=true

FOP2_ENABLED=true

ZABBIX_ENABLED=true

PMA_ENABLED=true

PHONEBOOK_ENABLED=true

[anildalar]

I am building with latest version docker compose -f docker-compose.yml -f docker-compose-dev-20.16.yml up -d --build

[ugoviti]

why do you build izpbx by yourself?

anyway in your config PMA_ALLOW_FROM is commented:

PMA_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

if you want reach phpMyAdmin from internet (decisely not suggested), you need to open all IP with:

PMA_ALLOW_FROM=0.0.0.0/0

or:

PMA_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 YOURPUBLICIP