0

I'm currently migrating a small dev server from Apache to Nginx and I'm wondering about the "standard" way to manage PhpMyAdmin :

I've simply symlinked the phpmyadmin folder to my nginx site root folder. I've also seen a lot of posts saying to manage this the other way around, using the nginx conf files instead.

My question is : "what is the standard way to do it ? What are the pro/cons of both methods ?"

Among the pro of the second solution, I guess it's global (no need to do it for every domain if we want it on every domain.) But since I don't care about having it on any other domain, I'd just like to be sure I'm not missing some security concerns.

Lery
  • 111
  • 5

1 Answers1

0

I use Adminer instead of PhpMyAdmin, but it's the same concept.

I would recommend adding a location for PhpMyAdmin in your nginx site config, and protecting it with HTTP Basic Authentication. PhpMyAdmin is a major target for hackers and bots, so it's best to protect it. 

#Location for Adminer
location /db {
alias /var/www/adminer/;
auth_basic "Restricted";                        #Enable HTTP authentication
auth_basic_user_file /etc/nginx/pass;           #Set authentication file location
try_files $uri $uri/ /index.php;
        location ~* ^/db(.+\.php)$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        include fastcgi_params;
        }
}
Logan M.
  • 11
  • 3