phpmyadmin login redirect fails with custom ssl port
- by baraboom
The server is running Ubuntu 10.10, Apache 2.2.16, PHP 5.3.3-1ubuntu9.3, phpMyAdmin 3.3.7deb5build0.10.10.1. Since this same server is also running Zimbra on port 443, I've configured apache to serve SSL on port 81. So far, I have one CMS script running on this virtual host successfully.
However, when I access /phpmyadmin (set up with the default alias) on my custom ssl port and submit the login form, I am redirected to http://vhost.domain.com:81/index.php?TOKEN=foo (note the http:// instead of the https:// that the login url was using). This generates an Error 400 Bad Request complaining about "speaking plain HTTP to an SSL-enabled server port." I can then manually change the http:// to https:// in the URL and use phpmyadmin as expected.
I was annoyed enough to spend an hour trying to fix it and now even more annoyed that I cannot figure it out. I've tried various things, including:
Adding $cfg['PmaAbsoluteUri'] = 'https://vhost.domain.com:81/phpmyadmin/'; to the /usr/share/phpmyadmin/config.inc.php file but this did not correct the problem (even though /usr/share/phpmyadmin/libraries/auth/cookie.auth.lib.php looks like it should honor it and use it as the redirect).
Adding $cfg['ForceSSL'] = 1; to the same config.inc.php but then apache spirals into an infinite redirect.
Adding a rewrite rule to the vhost-ssl conf file in apache but I was unable to figure out the condition to use when http:// was present along with the correct ssl port of :81.
Lots of googling.
Here are the relevant Apache configuration pieces:
/etc/apache2/ports.conf
<IfModule mod_ssl.c>
NameVirtualHost *:81
Listen 81
</IfModule>
/etc/apache2/sites-enabled/vhost-nonssl
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName vhost.domain.com
DocumentRoot /home/xxx/sites/vhost/html
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}:81%{REQUEST_URI}
</Virtualhost>
/etc/apache2/sites-enabled/vhost-ssl
<VirtualHost *:81>
ServerAdmin webmaster@localhost
ServerName vhost.domain.com
DocumentRoot /home/xxx/sites/vhost/html
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Restricted Vhost"
AuthUserFile /home/xxx/sites/vhost/.users
Require valid-user
</Directory>
<Directory /home/xxx/sites/vhost/html/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
/etc/apache2/conf.d/phpmyadmin.conf
Alias /phpmyadmin /usr/share/phpmyadmin
(The rest of the default .conf truncated.)
Everything in the apache config seems to work ok - the rewrite from non-ssl to ssl, the http authentication, the problem only happens when I am submitting the login form for phpmyadmin from https://vhost.domain.com:81/index.php.
Other configs:
The phpmyadmin config is completely default and the php.ini has only had some minor changes to memory and timeout limits. These seem to work fine, as mentioned, another php script runs with no problem and phpmyadmin works great once I manually enter in the correct schema after login.
I'm looking for either a bandaid I can add to save me the trouble of manually entering in the https:// after login, a real fix that will make phpmyadmin behave as I think it should or some greater understanding of why my desired config is not possible.