Sat, Jun 28th, 2008

phpMyAdmin运行在nginx https的问题及解决

在服务器开通了HTTPS服务,打算放置一些不对外公布的页面和应用方便内部使用,比如phpMyAdmin等工具

然而在配置完nginx的HTTPS服务后,phpMyAdmin登录却出现了问题,出现:

"The plain HTTP request was sent to HTTPS port"

Google了一番之后,原来是phpMyAdmin并不会探测它自己传输所经过的协议,所以事实上它会导致php的URL处理如同http://phpmyadmin.mydomain.com:443/那样工作。解决方法也很简单,是在nginx的站点配置文件的fastcgi参数中,加上如下一条即可完美解决

fastcgi_param HTTPS on;

顺便附上完整的站点配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

server {
	listen   443;
	server_name  #YOUR DOMAIN HERE#;

	ssl  on;
	ssl_certificate  #YOUR SSL CERTIFICATE FILE HERE#;
	ssl_certificate_key  #YOUR SSL CERTIFICATE KEY FILE HERE#;

	ssl_session_timeout  5m;
 
	ssl_protocols  SSLv2 SSLv3 TLSv1;
	ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	ssl_prefer_server_ciphers   on;
 
	access_log  #YOUR ACCESS LOG PATH HERE#

	location / {
		root   #YOUR WEB ROOT PATH HERE#;
		index  index.php index.html index.htm;
	}
 
	#error_page  404  /404.html;

	# redirect server error pages to the static page /50x.html
	#
	#error_page   500 502 503 504  /50x.html;
	#location = /50x.html {
	#    root   /var/www/nginx-default;
	#}

	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME  #YOUR_WEB_ROOT_HERE#$fastcgi_script_name;
		fastcgi_param  HTTPS on;
		include /etc/nginx/fastcgi_params; #A FILE INCLUDE YOUR FASTCGI PARAMETERS
	}
}

另外,生成SSL的证书和密匙:

openssl req -new -x509 -nodes -out server.crt -keyout server.key

详细的NGINX HTTPS服务器配置可以参考:
http://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/

关于SSL的相关信息可以参考:

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

You may be interested in

Categories: Website Tags: ,

One Response

Leave a Comment

(Necessary)

(Necessary, will not be published)

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.