Control Web Panel
WebPanel => MySQL => Topic started by: jamesfu on September 13, 2021, 07:43:27 AM
-
On a new installation, PMA loads ok (requiring login) from https://server-name:2031/pma/, but when accessed from user panel (https://server-name:2083/cwp_f0a1a52d57318066/mncm/?module=pma), the connection times out. Only CWP ports open are 2031 and 2083, if that matters.
Here are the relevant lines from /usr/local/cwpsrv/logs/error_log, client IP address and server name masked for privacy:
2021/09/13 15:25:56 [notice] 1265#0: *3469 "^/v1/([^/]+)/?$" matches "/v1/user_panel_dashboard/", client: 127.0.0.1, server: localhost, request: "POST /v1/user_panel_dashboard/ HTTP/1.1", host: "127.0.0.1:2302"
2021/09/13 15:25:56 [notice] 1265#0: *3469 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/user_panel_dashboard/ HTTP/1.1", host: "127.0.0.1:2302"
2021/09/13 15:25:56 [info] 1265#0: *3469 client 127.0.0.1 closed keepalive connection
2021/09/13 15:25:56 [notice] 1264#0: *3471 "^/v1/([^/]+)/?$" matches "/v1/generaluser/", client: 127.0.0.1, server: localhost, request: "POST /v1/generaluser/ HTTP/1.1", host: "127.0.0.1:2302"
2021/09/13 15:25:56 [notice] 1264#0: *3471 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/generaluser/ HTTP/1.1", host: "127.0.0.1:2302"
2021/09/13 15:25:56 [info] 1264#0: *3471 client 127.0.0.1 closed keepalive connection
2021/09/13 15:25:56 [error] 1265#0: *3427 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: pma in /usr/local/cwpsrv/var/services/user_files/modules/cwp_framework/traits/DashboardExtraVarsTrait.php on line 0
PHP message: PHP Warning: A non-numeric value encountered in /usr/local/cwpsrv/var/services/twig/lib/Twig/Environment.php(373) : eval()'d code on line 702" while reading response header from upstream, client: 11.22.33.44, server: localhost, request: "GET /cwp_f0a1a52d57318066/mncm/?module=pma HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/mncm.sock:", host: "server-name:2083", referrer: "https://server-name:2083/cwp_f0a1a52d57318066/mncm/?module=mysql_manager"
-
Issue resolved when port 2087 was opened.
The "phpMyAdmin" button in user panel loads a form in a new tab, pre-filled with username and password (unfortunately, in plain text), and auto-submits said form via javascript to "https://server-name:2087/pma/". One potential solution is to overwrite "/usr/local/cwpsrv/var/services/user_files/modules/pma.php" with a simple HTML redirect such as:
<head>
<meta http-equiv="Refresh" content="0; URL=https://server-name:2031/pma/">
</head>
However, this simply redirects the user to the PMA login page, but does not authenticate them. I personally prefer this, as the server no longer serves users' passwords to the browser, although one might argue this is a somewhat limited vector for attack.
Another solution would be to figure out how pma.php is populating the pma_user and pma_password fields and reconstructing an auto-submitting form to the correct URL at port 2031 instead of 2087, although line 2 of the file is pretty emphatic about CWP's views on decoding, and I quote: "// Copyright CentOS WebPanel, Decoding is FORBIDDEN". Good luck!
-
Not sure if this really is a solution. This means you need to open the Admin Panel Port public.
It can't be this module can't work on the normal user panel port.
I don't wanna open up the Admin Panel port to the public, this lowers the server security immensive in my opinion.
This needs to be changed to the user panel port on a future update.
-
Not sure if this really is a solution. This means you need to open the Admin Panel Port public.
It can't be this module can't work on the normal user panel port.
I don't wanna open up the Admin Panel port to the public, this lowers the server security immensive in my opinion.
This needs to be changed to the user panel port on a future update.
I'm 100% with you on this. Ideally, user port should be 0.0.0.0/0 accessible and admin port should be restricted. While I'm new to CWP and this forum, it appears that CWP developers/PMs are not actively monitoring this forum unfortunately.
The DIY approach would be to patch the CWP web server configuration in "/usr/local/cwpsrv/conf.d/users.conf" to make PMA available at https://server-name:2083/pma/. Updating the PMA link can be done in the previously mentioned "/usr/local/cwpsrv/var/services/user_files/modules/pma.php" file. Will need to check/re-patch after every update.
One could check for references to 'pma' in the admin panel configuration for an example on how to configure the user panel:
# grep -rni 'pma' /usr/local/cwpsrv/conf
/usr/local/cwpsrv/conf/cwp_rewrite.conf:3: rewrite (.*) /pma permanent;
/usr/local/cwpsrv/conf/cwp_services.conf:1:location /pma {
/usr/local/cwpsrv/conf/cwp_services.conf:13: fastcgi_param PHP_ADMIN_VALUE "open_basedir = /usr/local/cwpsrv/var/services/pma/:/tmp/";
/usr/local/cwpsrv/conf/security/conf/pma_rules.conf:16:Include /usr/local/cwpsrv/conf/security/conf/pma_whitelist.conf