Java 2 Ada - Tag phpMyAdmin2011-01-15T12:50:33+00:00Stephane Carrezurn:md5:d12e23c53b2436d6becce3d51ddbdf38AWAUsing phpMyAdmin with a remote mysql on the ReadyNAS Duourn:md5:642b63e91a687745caaa92175c3f11c92011-01-15T12:50:33+00:002011-01-15T12:50:33+00:00Stephane CarrezMysqlReadyNASphpMyAdminssh
<div class="post-text"><p>This article explains how to setup and use <a href="http://www.phpmyadmin.net/">phpMyAdmin</a> with a MySQL server running on the ReadyNAS duo. This configuration does not require installing phpMyAdmin on the ReadyNAS. Instead it provides a secure configuration while allowing to administer the database remotely. The idea is to use an SSH tunnel to establish a secure connection to the MySQL server. This article deals with the ReadyNAS duo but it can be applied to any MySQL server (I've used this mechanism for the administration of <a href="http://www.planzone.com">Planzone</a>).</p><h2>Creating the SSH Tunnel</h2><p>The ssh tunnel is created when we use the <b>ssh -L</b> option. The first port (<code>3307</code>) specifies the local port and <code>localhost:3306</code> specifies the MySQL port on the remote endpoint. The tunnel is active only when we are connected with ssh. This is useful to guarantee that nobody can access the MySQL server while we are not connected. The MySQL traffic will also be encrypted by SSH. On your host, type the following command (replace <code>pollux</code> by your ReadyNAS host name).</p><pre><code>$ ssh -L 3307:localhost:3306 -l root pollux
root@pollux's password:
Linux nas-D2-24-F2 2.6.17.8ReadyNAS #1 Tue Jun 9 13:59:28 PDT 2009 padre unknown
nas-D2-24-F2:~#
</code></pre><p>Keep this connection open until you don't need the tunnel any more. As soon as you exit, the tunnel will be closed.</p><h2>Setting up MySQL server</h2><p>By default the MySQL server does not listen on any TCP/IP port but instead it uses Unix sockets (Unix sockets are faster and listening on TCP/IP ports could create security leaks if not done correctly). For the <code>ssh</code> tunnel to work, the MySQL server must listen on the a TCP/IP port on the localhost address.</p><p>Look at the configuration file <code>/etc/mysql/my.cnf</code> and make sure it contains the following lines (uncomment <code>bind-address</code> and comment the <code>skip-networking</code>):</p><pre><code>socket = /var/run/mysqld/mysqld.sock
port = 3306
bind-address = 127.0.0.1
#skip-networking
</code></pre><p>You should then restart MySQL if you changed the configuration file:</p><pre><code>nas-D2-24-F2:/ # /etc/init.d/mysql stop
nas-D2-24-F2:/ # /etc/init.d/mysql start
</code></pre><h2>Setting up mysql grant</h2><p>A grant definition is necessary so that we can connect to MySQL server on the TCP/IP port. From the MySQL server point of view, the connection is from the localhost (the tunnel endpoint on the ReadyNAS). Connect to MySQL and type the following commands (you can use <code>pwgen</code> to make a password on Ubuntu):</p><pre><code>mysql> grant all privileges on *.* to 'root'@'127.0.0.1' identified by 'Lugo6cho';
Query OK, 0 rows affected (0.04 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
</code></pre><h2>Testing the connection</h2><p>On another terminal window, try to connect to the MySQL server through the tunnel.</p><pre><code>zebulon $ mysql -u root --host 127.0.0.1 --port 3307
</code></pre><p>If the client fails with <code>Can't connect to MySQL server on '127.0.0.1' (111)</code>, verify that the tunnel is up and that the port is correct. If the client fails with <code>Access denied for user 'root'@'127.0.0.1' </code>, verify the MySQL access rights and update the grant.</p><h2>Update phpMyAdmin configuration</h2><p>Now, we just need to add the tunnel local endpoint to the phpMyAdmin configuration. For this, add the following lines to the phpMyAdmin configuration file (<code>/etc/phpmyadmin/config.inc.php</code> on Ubuntu).</p><pre><code>$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '3307';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['AllowNoPassword'] = FALSE;
$i++;
</code></pre><p>Now, connect to your phpMyAddmin and login on the <code>127.0.0.1:3307</code> configuration. Once you are logged in, you'll administer the remote MySQL server.</p></div>