From e3f29d8d2eb4e74d4b42fe051f7575e96dd66c19 Mon Sep 17 00:00:00 2001 From: TasdidurRahman Date: Thu, 1 Aug 2024 15:20:01 +0600 Subject: [PATCH 1/5] enable ssl for all server Signed-off-by: TasdidurRahman --- apache/config.inc.php | 1 + 1 file changed, 1 insertion(+) diff --git a/apache/config.inc.php b/apache/config.inc.php index 9a391347..5c59d611 100644 --- a/apache/config.inc.php +++ b/apache/config.inc.php @@ -77,6 +77,7 @@ /* Server settings */ for ($i = 1; isset($hosts[$i - 1]); $i++) { + $cfg['Servers'][$i]['ssl'] = true; $cfg['Servers'][$i]['host'] = $hosts[$i - 1]; if (isset($verbose[$i - 1])) { $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1]; From 2d6be82ec666064b165414a565bcffc19178c829 Mon Sep 17 00:00:00 2001 From: TasdidurRahman Date: Thu, 1 Aug 2024 18:34:36 +0600 Subject: [PATCH 2/5] enable server specific ssl Signed-off-by: TasdidurRahman --- apache/config.inc.php | 8 +++++++- apache/docker-entrypoint.sh | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/apache/config.inc.php b/apache/config.inc.php index 5c59d611..9f5d2ac7 100644 --- a/apache/config.inc.php +++ b/apache/config.inc.php @@ -27,6 +27,8 @@ 'MEMORY_LIMIT', 'PMA_UPLOADDIR', 'PMA_SAVEDIR', + 'PMA_SSL', + 'PMA_SSLS', ]; foreach ($vars as $var) { @@ -63,10 +65,12 @@ $hosts = [$_ENV['PMA_HOST']]; $verbose = [$_ENV['PMA_VERBOSE']]; $ports = [$_ENV['PMA_PORT']]; + $ssls = [$_ENV['PMA_SSL']]; } elseif (! empty($_ENV['PMA_HOSTS'])) { $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS'])); $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES'])); $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS'])); + $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS'])); } if (! empty($_ENV['PMA_SOCKET'])) { @@ -77,7 +81,9 @@ /* Server settings */ for ($i = 1; isset($hosts[$i - 1]); $i++) { - $cfg['Servers'][$i]['ssl'] = true; + if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') { + $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1]; + } $cfg['Servers'][$i]['host'] = $hosts[$i - 1]; if (isset($verbose[$i - 1])) { $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1]; diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh index 5d748548..ff9e486b 100755 --- a/apache/docker-entrypoint.sh +++ b/apache/docker-entrypoint.sh @@ -55,6 +55,8 @@ get_docker_secret MYSQL_ROOT_PASSWORD get_docker_secret MYSQL_PASSWORD get_docker_secret PMA_HOSTS get_docker_secret PMA_HOST +get_docker_secret PMA_SSL +get_docker_secret PMA_SSLS get_docker_secret PMA_CONTROLHOST get_docker_secret PMA_CONTROLUSER get_docker_secret PMA_CONTROLPASS From 88b594a77f6e7706a6559f5369b1813b0f06a7e6 Mon Sep 17 00:00:00 2001 From: TasdidurRahman Date: Mon, 19 Aug 2024 15:45:28 +0600 Subject: [PATCH 3/5] enable server specific ssl Signed-off-by: TasdidurRahman --- apache/docker-entrypoint.sh | 4 ++-- config.inc.php | 7 +++++++ docker-entrypoint.sh | 2 ++ fpm-alpine/config.inc.php | 7 +++++++ fpm-alpine/docker-entrypoint.sh | 2 ++ fpm/config.inc.php | 7 +++++++ fpm/docker-entrypoint.sh | 2 ++ 7 files changed, 29 insertions(+), 2 deletions(-) diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh index ff9e486b..5c146dfe 100755 --- a/apache/docker-entrypoint.sh +++ b/apache/docker-entrypoint.sh @@ -55,10 +55,10 @@ get_docker_secret MYSQL_ROOT_PASSWORD get_docker_secret MYSQL_PASSWORD get_docker_secret PMA_HOSTS get_docker_secret PMA_HOST -get_docker_secret PMA_SSL -get_docker_secret PMA_SSLS get_docker_secret PMA_CONTROLHOST get_docker_secret PMA_CONTROLUSER get_docker_secret PMA_CONTROLPASS +get_docker_secret PMA_SSL +get_docker_secret PMA_SSLS exec "$@" diff --git a/config.inc.php b/config.inc.php index 9a391347..9f5d2ac7 100644 --- a/config.inc.php +++ b/config.inc.php @@ -27,6 +27,8 @@ 'MEMORY_LIMIT', 'PMA_UPLOADDIR', 'PMA_SAVEDIR', + 'PMA_SSL', + 'PMA_SSLS', ]; foreach ($vars as $var) { @@ -63,10 +65,12 @@ $hosts = [$_ENV['PMA_HOST']]; $verbose = [$_ENV['PMA_VERBOSE']]; $ports = [$_ENV['PMA_PORT']]; + $ssls = [$_ENV['PMA_SSL']]; } elseif (! empty($_ENV['PMA_HOSTS'])) { $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS'])); $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES'])); $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS'])); + $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS'])); } if (! empty($_ENV['PMA_SOCKET'])) { @@ -77,6 +81,9 @@ /* Server settings */ for ($i = 1; isset($hosts[$i - 1]); $i++) { + if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') { + $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1]; + } $cfg['Servers'][$i]['host'] = $hosts[$i - 1]; if (isset($verbose[$i - 1])) { $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1]; diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 5d748548..5c146dfe 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -58,5 +58,7 @@ get_docker_secret PMA_HOST get_docker_secret PMA_CONTROLHOST get_docker_secret PMA_CONTROLUSER get_docker_secret PMA_CONTROLPASS +get_docker_secret PMA_SSL +get_docker_secret PMA_SSLS exec "$@" diff --git a/fpm-alpine/config.inc.php b/fpm-alpine/config.inc.php index 9a391347..9f5d2ac7 100644 --- a/fpm-alpine/config.inc.php +++ b/fpm-alpine/config.inc.php @@ -27,6 +27,8 @@ 'MEMORY_LIMIT', 'PMA_UPLOADDIR', 'PMA_SAVEDIR', + 'PMA_SSL', + 'PMA_SSLS', ]; foreach ($vars as $var) { @@ -63,10 +65,12 @@ $hosts = [$_ENV['PMA_HOST']]; $verbose = [$_ENV['PMA_VERBOSE']]; $ports = [$_ENV['PMA_PORT']]; + $ssls = [$_ENV['PMA_SSL']]; } elseif (! empty($_ENV['PMA_HOSTS'])) { $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS'])); $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES'])); $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS'])); + $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS'])); } if (! empty($_ENV['PMA_SOCKET'])) { @@ -77,6 +81,9 @@ /* Server settings */ for ($i = 1; isset($hosts[$i - 1]); $i++) { + if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') { + $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1]; + } $cfg['Servers'][$i]['host'] = $hosts[$i - 1]; if (isset($verbose[$i - 1])) { $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1]; diff --git a/fpm-alpine/docker-entrypoint.sh b/fpm-alpine/docker-entrypoint.sh index 24c45e8c..6fe64b96 100755 --- a/fpm-alpine/docker-entrypoint.sh +++ b/fpm-alpine/docker-entrypoint.sh @@ -50,5 +50,7 @@ get_docker_secret PMA_HOST get_docker_secret PMA_CONTROLHOST get_docker_secret PMA_CONTROLUSER get_docker_secret PMA_CONTROLPASS +get_docker_secret PMA_SSL +get_docker_secret PMA_SSLS exec "$@" diff --git a/fpm/config.inc.php b/fpm/config.inc.php index 9a391347..9f5d2ac7 100644 --- a/fpm/config.inc.php +++ b/fpm/config.inc.php @@ -27,6 +27,8 @@ 'MEMORY_LIMIT', 'PMA_UPLOADDIR', 'PMA_SAVEDIR', + 'PMA_SSL', + 'PMA_SSLS', ]; foreach ($vars as $var) { @@ -63,10 +65,12 @@ $hosts = [$_ENV['PMA_HOST']]; $verbose = [$_ENV['PMA_VERBOSE']]; $ports = [$_ENV['PMA_PORT']]; + $ssls = [$_ENV['PMA_SSL']]; } elseif (! empty($_ENV['PMA_HOSTS'])) { $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS'])); $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES'])); $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS'])); + $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS'])); } if (! empty($_ENV['PMA_SOCKET'])) { @@ -77,6 +81,9 @@ /* Server settings */ for ($i = 1; isset($hosts[$i - 1]); $i++) { + if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') { + $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1]; + } $cfg['Servers'][$i]['host'] = $hosts[$i - 1]; if (isset($verbose[$i - 1])) { $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1]; diff --git a/fpm/docker-entrypoint.sh b/fpm/docker-entrypoint.sh index 24c45e8c..6fe64b96 100755 --- a/fpm/docker-entrypoint.sh +++ b/fpm/docker-entrypoint.sh @@ -50,5 +50,7 @@ get_docker_secret PMA_HOST get_docker_secret PMA_CONTROLHOST get_docker_secret PMA_CONTROLUSER get_docker_secret PMA_CONTROLPASS +get_docker_secret PMA_SSL +get_docker_secret PMA_SSLS exec "$@" From 752da8f2d9f961b9cedf37c27ad011f8ea1a0ebc Mon Sep 17 00:00:00 2001 From: TasdidurRahman Date: Mon, 19 Aug 2024 16:49:04 +0600 Subject: [PATCH 4/5] update README.md for PMA_SSL Signed-off-by: TasdidurRahman --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index a034b40d..89a41065 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,18 @@ In order to keep your sessions active between container updates you will need to -v /some/local/directory/sessions:/sessions:rw ``` +## Connect over SSL with backend + +Set the variable ``PMA_SSL`` to '1' and enable ssl usage from phpmyadmin to mysql server. The default value is 0. Variable ``PMA_SSLS`` can be used as a comma seperated sequence of 0 and 1 where multiple hosts are mentioned. Values order must follow the ``PMA_HOSTS`` and will be computed accordingly. + +```sh +docker run --name phpmyadmin -d -e PMA_HOSTS=sslhost -e PMA_SSL=1 -p 8080:80 phpmyadmin:latest +``` + +```sh +docker run --name phpmyadmin -d -e PMA_HOSTS='sslhost,nosslhost' -e PMA_SSLS='1,0' -p 8080:80 phpmyadmin:latest +``` + ## Environment variables summary * ``PMA_ARBITRARY`` - when set to 1 connection to the arbitrary server will be allowed @@ -191,6 +203,10 @@ In order to keep your sessions active between container updates you will need to For usage with Docker secrets, appending ``_FILE`` to the ``PMA_PASSWORD`` environment variable is allowed (it overrides ``PMA_PASSWORD`` if it is set): +* ``PMA_SSL`` - define ssl usage for MySQL server + +* ``PMA_SSLS`` - comma separated list of 0 and 1 defining ssl usage for corresponding MySQL servers + ```sh docker run --name phpmyadmin -d -e PMA_PASSWORD_FILE=/run/secrets/db_password.txt -p 8080:80 phpmyadmin:latest ``` @@ -206,6 +222,8 @@ docker run --name phpmyadmin -d -e PMA_PASSWORD_FILE=/run/secrets/db_password.tx - `PMA_CONTROLHOST` - `PMA_CONTROLUSER` - `PMA_CONTROLPASS` +- `PMA_SSL` +- `PMA_SSLS` ## Run the E2E tests for this docker image From 928a52ebcb34a1b922a79d384194395a7b8bc59d Mon Sep 17 00:00:00 2001 From: TasdidurRahman Date: Mon, 19 Aug 2024 17:45:37 +0600 Subject: [PATCH 5/5] update README.md Signed-off-by: TasdidurRahman --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 89a41065..ba55f0f3 100644 --- a/README.md +++ b/README.md @@ -160,7 +160,7 @@ In order to keep your sessions active between container updates you will need to ## Connect over SSL with backend -Set the variable ``PMA_SSL`` to '1' and enable ssl usage from phpmyadmin to mysql server. The default value is 0. Variable ``PMA_SSLS`` can be used as a comma seperated sequence of 0 and 1 where multiple hosts are mentioned. Values order must follow the ``PMA_HOSTS`` and will be computed accordingly. +Set the variable ``PMA_SSL`` to '1' and enable ssl usage from phpmyadmin to mysql server. The default value is 0. Variable ``PMA_SSLS`` can be used as a comma seperated sequence of `0` and `1` where multiple hosts are mentioned. Values order must follow the ``PMA_HOSTS`` and will be computed accordingly. ```sh docker run --name phpmyadmin -d -e PMA_HOSTS=sslhost -e PMA_SSL=1 -p 8080:80 phpmyadmin:latest @@ -203,13 +203,11 @@ docker run --name phpmyadmin -d -e PMA_HOSTS='sslhost,nosslhost' -e PMA_SSLS='1, For usage with Docker secrets, appending ``_FILE`` to the ``PMA_PASSWORD`` environment variable is allowed (it overrides ``PMA_PASSWORD`` if it is set): -* ``PMA_SSL`` - define ssl usage for MySQL server - -* ``PMA_SSLS`` - comma separated list of 0 and 1 defining ssl usage for corresponding MySQL servers - ```sh docker run --name phpmyadmin -d -e PMA_PASSWORD_FILE=/run/secrets/db_password.txt -p 8080:80 phpmyadmin:latest ``` +* ``PMA_SSL`` - define ssl usage for MySQL server +* ``PMA_SSLS`` - comma separated list of 0 and 1 defining ssl usage for corresponding MySQL servers #### Variables that can be read from a file using ``_FILE``