Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possibility to deactivate SSL connection #170

Open
gervaud opened this issue Jun 8, 2018 · 5 comments

Comments

@gervaud
Copy link

commented Jun 8, 2018

Hello,
I upgraded phpmyadmin container from 4.6.6-2 to 4.8.1 and I get this error/warning message on the phpmyadmin login page:

There is mismatch between HTTPS indicated on the server and client. This can lead to non working phpMyAdmin or a security risk. Please fix your server configuration to indicate HTTPS properly.

I don't use SSL between phpmyadmin server and the db server because it is in a secured AWS environment.
Is there a way to configure the container to deactivate this SSL check ?

@J0WI

This comment has been minimized.

@ibennetch

This comment has been minimized.

Copy link
Member

commented Jun 10, 2018

This actually looks like another instance of phpmyadmin/phpmyadmin#14184 to me.

@digilist

This comment has been minimized.

Copy link

commented Nov 9, 2018

The error message indicates that the error is related to the HTTPS connection, so it doesn't have anything to do with the (un-) encrypted database connection. Actually, it is based on how you access phpMyAdmin.

In my case I was running phpMyAdmin behind a SSL termination proxy, so phpMyAdmin does not recognize that it is a secure request, even though it actually is. And because of that mismatch, phpMyAdmin is showing this warning, see here

I fixed it by setting the PMA_ABSOLUTE_URI environment variable to the actual URL, according to the README:

Set the variable PMA_ABSOLUTE_URI to the fully-qualified path (https://pma.example.net/) where the reverse proxy makes phpMyAdmin available.

@RichPC

This comment has been minimized.

Copy link

commented Feb 5, 2019

I'd been using the phpmyadmin package installed by ubuntu apt on 18.04. That version had bugs to do with a count function and parenthesis not closing properly. So I decided to remove the symlink to /var/www/pma and install phpmyadmin by wget download instead, again at /var/www/pma. The site opened but was showing:

There is mismatch between HTTPS indicated on the server and client. This can lead to non working phpMyAdmin or a security risk. Please fix your server configuration to indicate HTTPS properly.

and had no css styling applied.

Turned out the ubuntu package had changed the way config is done for phpmyadmin.

After running

sudo apt purge phpmyadmin

and refreshing my browser cache, the manual (downloaded) install worked.

@romanmm

This comment has been minimized.

Copy link

commented Feb 9, 2019

The error message indicates that the error is related to the HTTPS connection, so it doesn't have anything to do with the (un-) encrypted database connection. Actually, it is based on how you access phpMyAdmin.

In my case I was running phpMyAdmin behind a SSL termination proxy, so phpMyAdmin does not recognize that it is a secure request, even though it actually is. And because of that mismatch, phpMyAdmin is showing this warning, see here

I fixed it by setting the PMA_ABSOLUTE_URI environment variable to the actual URL, according to the README:

Set the variable PMA_ABSOLUTE_URI to the fully-qualified path (https://pma.example.net/) where the reverse proxy makes phpMyAdmin available.

You are absolutely right! The reason of the warning is reverse proxy (in my case, Nginx) that receives HTTPS request but forward the request to PhpMyAdmin as plain HTTP.
I've added this row to environments inside docker-compose.yml that defines PhpMyAdmin:
PMA_ABSOLUTE_URI: "https://pma.example.com/"
and HTTP warning has disappeared.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.