Nginx – How to get phptheadmin to work with both a reverse proxy and a plain IP:PMA_PORT connection

I have a kubernetes cluster configured as follows:
nginx+wp[:5050] <– redirect 307 /wp nginx[:80:443] /pma rev_proxy –> nginx+pma[:5000]

All services share a common external metallb IP. I have a couple of problems with this configuration:

nginx+wordpress server is listening on a nonstandard port 5050 configured to use ssl so when I try connecting directly to this server via METALLB_IP:5050 I get an error 'The plain HTTP request was sent to HTTPS port' which is expected since the browser has no way of knowing that the server is expecting an https request. I attempted to solve this problem by adding this line to my nginx+wordpress configuration:
error_page 497 301 =307 https://$host:$server_port$request_uri;
It solved the incorrect protocol problem but introduced a new one: now when trying to access my wordpress administration panel through METALLB_IP:5050/wp-admin I get 'ERR_TOO_MANY_REDIRECTS' – I assume it's because wp-admin does it's own redirection which causes an infinite loop. I tried adding define( 'REDIRECTION_DISABLE', true ); to my wp-config.php but the error persisted. Note: only one port [:5050] is allowed to be open for this service!
I've setup a reverse proxy to phpmyadmin with the following block:

location /phpmyadmin/ {
    proxy_pass https://phpmyadmin-service:5000/;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

But after I input my name and password and click 'Go' my uri is changed to https://METALLB_IP/index.php and I get a '404 Not Found' since my nginx+phpmyadmin server listens on port 5000 not 80/443! I should also mention that this error occurs only when trying to connect through a reverse proxy, if I specify METALLB_IP:5000 to connect, everything works fine.

Any advice or links to the relevant parts of the documentation would be greatly appreciated!

edit: I now have a half working solution for phpmyadmin reverse proxy: if I add $cfg['PmaAbsoluteUri'] = '/phpmyadmin'; to my config.inc.php, METALLB_IP/phpmyadmin login/logout starts working! But the downside of this solution is that now a login with direct connect through METALLB_IP:5000 gives this error: 'Failed to set session cookie. Maybe you are using HTTP instead of HTTPS to access phpMyAdmin.' This issue might be related to #16496
My current phpmyadmin 5.0.4 configuration:

$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['host'] = "mysql-service";
$cfg['Servers'][$i]['port'] = "3306";
$cfg['Servers'][$i]['user'] = "mysql";
$cfg['Servers'][$i]['password'] = "mysql";
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['PmaAbsoluteUri'] = '/phpmyadmin';

Best Answer

For WordPress, you need to add the following item in WordPress config:

define('WP_HOME', 'https://example.com`);
define('WP_SITEURL', 'https://example.com');

This will let WordPress know what is the URL you use in the browser to access the site. Replace example.com with your domain name.

For PHPMyAdmin, try removing everything else than proxy_pass in your configuration. At least I have PHPMyAdmin working this way in a reverse proxy situation.

Best Answer

Related Solutions

Nginx proxy pass works for https but not http

Nginx – How to Configure Nginx as Reverse Proxy with Upstream SSL

Related Topic