我无法决定在哪个网站上提出这个问题(因为我几乎在任何地方都能看到它),所以请随意迁移。
我已经在服务器上设置了自签名 SSL 证书,以保护 phpMyAdmin 的安装。我刚刚从源代码安装到最新版本 (4.2.8),现在想强制使用 SSL。
在我的 /etc/phpMyadmin/config.inc.php 中,我添加了该$cfg['ForceSSL] = true;属性,但是这不会强制使用任何 SSL。我仍然可以通过端口 80 和端口 443 访问该站点。
在我的其他服务器上,该属性强制使用 phpMyAdmin 的 SSL,并且我可以在 URL 中看到它,?SID但在此服务器上看不到它。
基本上,我希望 phpMyAdmin 将所有 http 请求重定向到 https,就像在我的其他服务器上一样。
这是我的 config.inc.php:
<?php
/**
* phpMyAdmin configuration file, you can use it as base for the manual
* configuration. For easier setup you can use "setup/".
*
* All directives are explained in Documentation.html and on phpMyAdmin
* wiki <http://wiki.phpmyadmin.net>.
*/
/*
* This is needed for cookie based authentication to encrypt password in
* cookie
*/
$cfg['blowfish_secret'] = 'MUSTBECHANGEDONINSTALL'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/**
* Server(s) configuration
*/
$i = 0;
// The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use
// $cfg['Servers'][0]. You can disable a server config entry by setting host
// to ''. If you want more than one server, just copy following section
// (including $i incrementation) serveral times. There is no need to define
// full server array, just define values you need to change.
$i++;
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname or IP address
$cfg['Servers'][$i]['port'] = ''; // MySQL port - leave blank for default port
$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
$cfg['Servers'][$i]['extension'] = 'mysqli'; // The php MySQL extension to use ('mysql' or 'mysqli')
$cfg['Servers'][$i]['compress'] = FALSE; // Use compressed protocol for the MySQL connection
// (requires PHP >= 4.3.0)
$cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settings
// (this user must have read-only
$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
// and "mysql/db" tables).
// The controluser is also
// used for all relational
// features (pmadb)
$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user'] = ''; // MySQL user
$cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed
// with 'config' auth_type)
$cfg['Servers'][$i]['only_db'] = ''; // If set to a db-name, only
// this db is displayed in left frame
// It may also be an array of db-names, where sorting order is relevant.
$cfg['Servers'][$i]['hide_db'] = ''; // Database name to be hidden from listings
$cfg['Servers'][$i]['verbose'] = ''; // Verbose name for this host - leave blank to show the hostname
$cfg['Servers'][$i]['pmadb'] = ''; // Database used for Relation, Bookmark and PDF Features
// (see scripts/create_tables.sql)
// - leave blank for no support
// DEFAULT: 'phpmyadmin'
$cfg['Servers'][$i]['bookmarktable'] = ''; // Bookmark table
// - leave blank for no bookmark support
// DEFAULT: 'pma_bookmark'
$cfg['Servers'][$i]['relation'] = ''; // table to describe the relation between links (see doc)
// - leave blank for no relation-links support
// DEFAULT: 'pma_relation'
$cfg['Servers'][$i]['table_info'] = ''; // table to describe the display fields
// - leave blank for no display fields support
// DEFAULT: 'pma_table_info'
$cfg['Servers'][$i]['table_coords'] = ''; // table to describe the tables position for the PDF schema
// - leave blank for no PDF schema support
// DEFAULT: 'pma_table_coords'
$cfg['Servers'][$i]['pdf_pages'] = ''; // table to describe pages of relationpdf
// - leave blank if you don't want to use this
// DEFAULT: 'pma_pdf_pages'
$cfg['Servers'][$i]['column_info'] = ''; // table to store column information
// - leave blank for no column comments/mime types
// DEFAULT: 'pma_column_info'
$cfg['Servers'][$i]['history'] = ''; // table to store SQL history
// - leave blank for no SQL query history
// DEFAULT: 'pma_history'
$cfg['Servers'][$i]['verbose_check'] = TRUE; // set to FALSE if you know that your pma_* tables
// are up to date. This prevents compatibility
// checks and thereby increases performance.
$cfg['Servers'][$i]['AllowRoot'] = TRUE; // whether to allow root login
$cfg['Servers'][$i]['AllowDeny']['order'] // Host authentication order, leave blank to not use
= '';
$cfg['Servers'][$i]['AllowDeny']['rules'] // Host authentication rules, leave blank for defaults
= array();
$cfg['Servers'][$i]['AllowNoPassword'] // Allow logins without a password. Do not change the FALSE
= FALSE; // default unless you're running a passwordless MySQL server
$cfg['Servers'][$i]['designer_coords'] // Leave blank (default) for no Designer support, otherwise
= ''; // set to suggested 'pma_designer_coords' if really needed
$cfg['Servers'][$i]['bs_garbage_threshold'] // Blobstreaming: Recommented default value from upstream
= 50; // DEFAULT: '50'
$cfg['Servers'][$i]['bs_repository_threshold'] // Blobstreaming: Recommented default value from upstream
= '32M'; // DEFAULT: '32M'
$cfg['Servers'][$i]['bs_temp_blob_timeout'] // Blobstreaming: Recommented default value from upstream
= 600; // DEFAULT: '600'
$cfg['Servers'][$i]['bs_temp_log_threshold'] // Blobstreaming: Recommented default value from upstream
= '32M'; // DEFAULT: '32M'
/*
* End of servers configuration
*/
/*
* Directories for saving/loading files from server
*/
$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
/*
* Disable the default warning that is displayed on the DB Details Structure
* page if any of the required Tables for the relation features is not found
*/
$cfg['PmaNoRelation_DisableWarning'] = TRUE;
$cfg['ForceSSL'] = true;
?>
如果您还有什么需要,请询问。
运行 Centos、Apache
答案1
您必须true在最后一行用引号引起来:
cfg['ForceSSL'] = 'true';
否则它将不起作用。
答案2
我不知道为什么 phpMyAdmin 没有这样做,但这应该是在 Web 服务器中配置的设置。
当你允许 HTTP 连接重定向到 HTTPS 时,你将面临 MITM 攻击,这些攻击会剥夺重定向(请参阅此视频SSL条)。
如果你真的想要确保它有效,请查看此 StackOverflow 线程遇到类似问题,但我不建议这么做。如果你可以关闭 80 端口,那就更好了(虽然我认为 MITM 总是可以拦截 SYN 并将你的连接降级为 HTTP。算了……)
答案3
停止使用该配置值,因为自 4.6.0 起该配置值已被弃用
https://docs.phpmyadmin.net/en/latest/config.html#cfg_ForceSSL
改用$cfg['PmaAbsoluteUri']
https://docs.phpmyadmin.net/en/latest/config.html#cfg_PmaAbsoluteUri