tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix SSL cert on phpMyadmin

main
Anthony 2025-10-21 01:59:54 +08:00
parent 36d5be15c8
commit 8b26f32418
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
scripts/pma-gateway/create_pma_gateway.sh
View File

@ -62,12 +62,23 @@ if ! [[ "$SLUG" =~ ^[a-zA-Z0-9_-]{1,64}$ ]]; then
fi fi
# Determine public hostname for gateway URL (main domain with valid SSL cert) # Determine public hostname for gateway URL (main domain with valid SSL cert)
# In Jelastic environments, JELASTIC_ENV_DOMAIN is always the canonical public domain # Try JELASTIC_ENV_DOMAIN first, then fallback to hostname detection
if [[ -z "${JELASTIC_ENV_DOMAIN:-}" ]]; then if [[ -n "${JELASTIC_ENV_DOMAIN:-}" ]]; then
echo "FATAL: JELASTIC_ENV_DOMAIN not set. Cannot determine public hostname." >&2 PUBLIC_HOST="$JELASTIC_ENV_DOMAIN"
exit 1 else
# Fallback: Extract domain from hostname (remove node prefix and subdomain)
ENV_HOST=$(hostname -f)
ENV_HOST=${ENV_HOST#node*-} # strip nodeXXXX-
# Extract the main domain (e.g., newtestenv.mightybox.cloud from node123-newtestenv.mightybox.cloud)
PUBLIC_HOST=$(echo "$ENV_HOST" | sed -E 's/^[^.]*\.([^.]+\.[^.]+)$/\1/')
# If extraction failed, use the hostname as-is
if [[ -z "$PUBLIC_HOST" ]] || [[ "$PUBLIC_HOST" == "$ENV_HOST" ]]; then
PUBLIC_HOST="$ENV_HOST"
fi
echo "WARNING: JELASTIC_ENV_DOMAIN not set. Using detected hostname: $PUBLIC_HOST" >&2
fi fi
PUBLIC_HOST="$JELASTIC_ENV_DOMAIN"
# Use standard Jelastic LLSMP main document root # Use standard Jelastic LLSMP main document root
MAIN_DOCROOT="/var/www/webroot/ROOT" MAIN_DOCROOT="/var/www/webroot/ROOT"
@ -194,10 +205,6 @@ if [[ -f "$VHOST_CONFIG" ]]; then
NEEDS_RESTART=1 NEEDS_RESTART=1
fi fi
# Secure the phpMyAdmin vhost with Rewrite Rules to block direct access
# VHOST_CONFIG="/usr/share/phpMyAdmin/vhost.conf"
# NEEDS_RESTART=0
# ============================================================================== # ==============================================================================
# Step 4: Automatically inject security rules into main vhost configuration # Step 4: Automatically inject security rules into main vhost configuration
# ============================================================================== # ==============================================================================
@ -342,4 +349,4 @@ echo " • Served through main domain (port 443) with CDN protection" >&2
echo " • Port 8443 exposure has been removed for security" >&2 echo " • Port 8443 exposure has been removed for security" >&2
echo " • phpMyAdmin symlinked to /phpmyadmin/ with full protection" >&2 echo " • phpMyAdmin symlinked to /phpmyadmin/ with full protection" >&2
echo " • Security rules automatically injected into main vhost" >&2 echo " • Security rules automatically injected into main vhost" >&2
echo "" >&2 echo "" >&2