本帖最后由 七七八八 于 2018-12-17 16:32 编辑
1.面板建议默认开启SSL,因为面板端口入口文件等都做了设置,而传输数据却在面板设置SSL界面却提示用户谨慎开启,个人以为应该引导用户配置SSL。
2.phpMyAdmin端口修改,也应该支持SSL
3.宝塔服务器,包提供的服务器应该全部采用SSL,如果这些包服务器感染了,哭都哭不出来。。
附 phpMyAdmin 开启SSL以及修改端口方法:
修改 nginx的配置文件,找到PHPMYADMIN的配置段 添加,如下代码(端口、和证书地址请根据情况修改)
- listen 888 ssl http2;
-
- #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
- #error_page 404/404.html;
- #HTTP_TO_HTTPS_START
- if ($server_port !~ 888){
- rewrite ^(/.*)$ https://$host:888$1 permanent;
- }
- #HTTP_TO_HTTPS_END
- ssl_certificate /etc/letsencrypt/live/xxxx/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/xxxxx/privkey.pem;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers Exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- error_page 497 https://$host$request_uri;
- #SSL-END
这样修改了后可以通过https 访问phpmyadmin ,但是面板后台 数据库管理的 phpmyadmin链接地址错误了。
修改 /www/server/panel/BTPanel/__init__.py
约203行左右
- session['phpmyadminDir'] = 'https://' + public.GetHost() + ':'+ pmd[1] + '/' + pmd[0]; // 修改HTTPS
- def get_phpmyadmin_dir():
- path = public.GetConfigValue('setup_path') + '/phpmyadmin'
- if not os.path.exists(path): return None
-
- phpport = '888';
- try:
- import re;
- if session['webserver'] == 'nginx':
- filename =public.GetConfigValue('setup_path') + '/nginx/conf/nginx.conf';
- conf = public.readFile(filename);
- rep = "listen\s+([0-9]+)\s*";
- rtmp = re.search(rep,conf);
- if rtmp:
- phpport = rtmp.groups()[0];
- else:
- filename = public.GetConfigValue('setup_path') + '/apache/conf/extra/httpd-vhosts.conf';
- conf = public.readFile(filename);
- rep = "Listen\s+([0-9]+)\s*\n";
- rtmp = re.search(rep,conf);
- if rtmp:
- phpport = rtmp.groups()[0];
- except:
- pass
-
- for filename in os.listdir(path):
- filepath = path + '/' + filename
- if os.path.isdir(filepath):
- if filename[0:10] == 'phpmyadmin':
- return str(filename),phpport
- return None
|
|
运维要高效,装宝塔
