I installed yet another install of phpMyAdmin, and every time I forget how to configure it to force SSL. All phpMyAdmin installs should do this (use SSL). You never want to login without SSL unless you’re on a secured network.

2 1/2 ways to force SSL with phpMyAdmin

1) Using Apache .htaccess (this can also be put in the httpd.conf if you don’t use .htaccess files):

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/directory(.*)$ https://%{HTTP_HOST}/directory$1 [L,R]

or with nginx:

location /phpmyadmin {
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri permanent;

Note: I don’t like this way but I this is a way some people do it.

2) Using phpMyAdmin’s config.inc.php file:

// place this at the bottom somewhere
$cfg['ForceSSL'] = true;

I prefer to use #2 because I don’t have to mess with Apache at all.

If you’re wondering what 1/2 way is to use phpMyAdmin with SSL, well, I count #1 a little bit more since it’s talking about doing it with .httaccess and/or Apache/Nginx conf.

7 Responses to “Forcing SSL with phpMyAdmin”

  1. Lakisha Rudzinski Says:

    you are very talented.

  2. Curious Bloke Says:

    Step 2 does not work in Ubuntu 10.04 (FYI).

  3. Michael Barton Says:

    @Curious Bloke, Step 2 isn’t operating system specific. If it doesn’t work on your system, then you have something else going on. Contact me and I can help you through this issue. Thanks.

  4. Michael Barton Says:

    @Lakisha Rudzinski, Thanks, I try :)

  5. Bradley D. Thornton Says:

    @Curious Bloke

    Michael is absolutely correct. In fact, The same is true for both methods.

    It’s either an httpd.conf thing, an httpd-ssl.conf thing, a .htaccess thing, or a config.inc.php) thing.

    Note that you need to have PHP and SSL enabled on your server beforehand, however, and if you haven’t done so already, you have to enable them by doing the following:

    A.) In /etc/httpd/httpd.conf

    1.) uncomment the following three lines in /etc/httpd/httpd/conf:

    #LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
    #Include /etc/httpd/extra/httpd-ssl.conf
    #Include /etc/httpd/mod_php.conf

    B.) Make the following changes in /etc/httpd/extras/httpd-ssl.conf

    1.) change

    Listen 443


    Listen #(if your IP address is, for example)

    2.) edit the following lines appropriately to show:

    SSLEngine on
    SSLCertificateFile “/etc/httpd/server.crt”
    SSLCertificateKeyFile “/etc/httpd/server.key”

    C.) install your certificate and key. This is beyond the scope of a talkback on an article, so I’ll just show you what, as minimum, you can do real quick, just to fire it all up and get her off the ground:

    # cp /usr/doc/openvpn-2.1.1/sample-keys/server.crt /etc/httpd/server.crt
    # cp /usr/doc/openvpn-2.1.1/sample-keys/server.key /etc/httpd/server.key

    D.) restart your webserver with:

    # /etc/rc.d/rc.httpd graceful
    # /usr/sbin/apachectl -k graceful,

    Your webserver should be running with PHP and SSL support now, and your installation of PhpMyAdmin will force SSL logins only at, if you followed Michael’s instructions correctly, and it will still answer regular httpd requests the same as it used to.

    Hope that helps :)



  6. Aaron Holland Says:

    Your awesome! thanks :) best help ever!

  7. Michael Barton Says:

    @Aaron Holland, Thanks, I try.

Leave a Reply

You must be logged in to post a comment.