I have a docker container that runs phpMyAdmin.
It uses a self generated lets encrypt certificate via traefik.
I use the setting - PMA_ARBITRARY=1 so that it will not have any info on it by default, ie the user must input the host etc
It connects to my remote (managed) database fine.
The issue is inside the UI it says that it is not SSL. (the address bar is SSL, but the connection to the remove database is not)
I have a certificate for this remote database on my server where the phpmyadmin instance is running. I have tested using this certificate by connecting with a local software called dbeaver and it works with the cert file.
How can I edit my docker compose file so that it can use this file?
The cert file is on my server at: ~/apps/phpmyadmin/ca.certificate.crt
I am using portainer to deploy the docker compose file.
I think that I must somehow edit the config.user.inc.php file within the docker container to set these values:
// Use SSL for connection
$cfg['Servers'][$i]['ssl'] = true;
// Enable SSL verification
$cfg['Servers'][$i]['ssl_verify'] = true;
$cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ca.certificate.crt ';
Do I need to add the following to my docker compose file? Can the config.user.inc.php just contain the parts needed and the rest to be overwritten?
volumes:
- ~/apps/phpmyadmin/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php
- ~/apps/phpmyadmin/ca.certificate.crt :/etc/phpmyadmin/ca.certificate.crt
here is my current docker compose file:
version: '3.3'
services:
phpmyadmin:
container_name: phpmyadmin
environment:
- PMA_ARBITRARY=1
image: phpmyadmin
restart: unless-stopped
networks:
- traefik
- default
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.phpmyadmin-secure.entrypoints=websecure"
- "traefik.http.routers.phpmyadmin-secure.rule=Host(`phpmyadmin.example.com`)"
networks:
traefik:
external: true
Thank you
I'm not sure that it's possible to define server-specific parameters such as SSL certificates if you use the Arbitrary server directive and don't specify a server in config.inc.php; this is probably outside the design goals and such behavior would be unreliable. It's much better to explicitly define the server, including SSL information.
Depending on specifics of your server instance, you may also need $cfg['Servers'][$i]['ssl_key'], $cfg['Servers'][$i]['ssl_cert'], $cfg['Servers'][$i]['ssl_ca_path'], and $cfg['Servers'][$i]['ssl_ciphers']; see https://docs.phpmyadmin.net/en/latest/config.html#cfg_Servers_ssl for details of each of those directives.
The config.user.inc.php file is meant to only have parts where you wish to override the default settings; you can have a file that only includes a few lines if that's all it takes.