@ajkuma
Please forgive me, but the answer is too generic. Can you expand a little more? When I go to App Settings there's nowhere in there where I can enter all those values. Please explain as someone who does not speak Microsoft at all.
The Microsoft Documentation is so annoying, there's no one article that can explain everything in a single page, there is always a link saying "for more go to this link", then you go to that link and that link linked you to another link and so on to a never ending loop because at some point a link point back to where you start. Very annoying and time consuming. Specially when in any other host using Linux is as easy as one page, one explanation and that's it.
The full explanation would be:
Steps to set your App to connect to Azure Server for MySQL Instance
THIS IS THE WRONG WAY
The sad part that's suggested by Docker Hub documentation, I will post the correct way next. This method exposes your database user/password on the $_SERVER
global on PHP and exposes all the files under /home
directory.
Step One, go to Configurations > Application Settings
Step Two, you need to create 4 applications settings:
- name:
WEBSITES_ENABLE_APP_SERVICE_STORAGE
value: true
-- see warning at the end of this section --
- name:
DATABASE_TYPE
value: local
- name:
DATABASE_USERNAME
value: <admin user name>
- name:
DATABASE_PASSWORD
value: <the password for the user>
Step Three, make sure to save the changes
Step Four, go to: <URL of your application>/phpmyadmin
If everything is configured properly you should be able to access your database with PHPMyAdmin. But of course, this is based on the documentation. Can't warranty will work, unfortunately.
IMPORTANT WARNING Step Two option 1 (one) configuration will force the Linux container files to be exposed by forcing everything inside the /home
directory permission to 777 (Write/Read/Execute open to all - Groups / Owners / Guest). Which means, that no matter where you put the PHPMyAdmin files they will be exposed. PHPMyAdmin will block itself on the latest update since the configuration file has to have permission set to 644. This is directly from Microsoft Documentation.
THE CORRECT WAY TO CONNECT MYSQL TO APP SERVICES
Step 1 Go to your App Service dashboard a look for Properties.
Step 2 Look for Outbound IP addresses.
Step 3 There's a group of 5 IP addresses there, add an entry on your App Server for MySQL > Connection security section for each IP under Firewall Rules.
Step 4 Under this section as well set Allow access to Azure services to Yes.
Step 5 Remember to save this changes before you navigate away of this page.
Step 6 Make sure both your App Service and App Server for MySQL are on the same Resource Group, JIC.
NOTE Keep in mind that those Outbound IP addresses might change if computers are added or changes are made to the region where your App Service is assigned. If you have connection problems look there first.
Manage MySQL with MySQL Workbench from Oracle (Recommended)
Then your alternative conduit...
- Download MySQL Workbench
- Go to Azure Server for MySQL service and on Connection Security authorized your local IP (not Azure), the remote IP of the location your computer is at. You probably will see a link that says something like "+ Add Current IP Client Address (###.###.###.###)", click on that to add it. Note that if you do not have a static IP address your IP could change after a router reset or computer reboot so you might have to do this again if that happens.
- Create new connection using the host, user password set provided by your service, give the connection a name you would understand.
- Test Connection
- If connection is successful just hit OK and your are good to go. Click on the new connection from there you can manage your database. Keep in mind that if your computer is idle for about 5 minutes, Azure will disconnect the connection, then you will need to reconnect.
Workbench is another complicated application so I would suggest to devour their documentation which is as bad as Microsoft.
About PHPMyAdmin
I do not recommend to install PHPMyAdmin on /home/site/wwwroot
, it is a security nightmare about to happened, be aware that by default Microsoft exposes all files with global permission level 777
if WEBSITES_ENABLE_APP_SERVICE_STORAGE
is set to true
in Linux, which in that case it doesn't matter anyway. To avoid security issues on Linux make sure to connect the services the correct way. But if you are using a Windows container or Linux (container properly connected) the best practice is as follow:
- if you are installing PHPMyAdmin yourself for more control over the installation on Windows container. It is better to save the PHPMyAdmin uncompressed files into
/home/site/phpmyadmin
. This is true on Linux container as well.
- Windows Containers: Go to your App Configurations > Path and set a Virtual Path, for example,
/pma
pointing to /home/site/phpmyadmin
, because this way you will prevent of someone manipulating files in a publicly exposed directory. Same with your App Library. Especially when the application is used to manage your storage.
- On Linux Containers: For a Web App on Linux you need to set this as a virtual link from the shell, on your Web App go to SSH and click
Go
, when the shell loads and connects, might take a minute, just type the following code after >
:> ln -s /home/site/phpmyadmin /home/site/wwwroot
This command tells Linux to create a symlink
(Symbolic Link) on your site root /home/site/wwwroot
. And even if it is linked, you can visit PHPMyAdmin by browsing into <yoursite>/phpmyadmin
, for example:
https://example.com/phpmyadmin
NOTE FOR WINDOWS CONTAINER USERS
If you are using Web App on Windows, on the left side panel there's a section called Extensions
, select that, there you can choose the PHPMyAdmin extension, sorry, Azure developers do not know how to create a simple search engine for extensions, you have to scroll until you find the extension. Once selected, you need to agreed to the terms and conditions, and it is done. If you can't find it you can use the basic find tool from the browser by pressing Ctrl+F and type PHP, pretty sure will highlight it real quick.
IMPORTANT NOTE for Linux container users:
Linux container developers, if you had connected to MySQL the wrong way you need to pay attention to the warning I added to the first section of this answer. Microsoft exposes your files forcing /home
directory be set to 777 permission level. Which means all your Apache (.htaccess), WordPress and PHPMyAdmin configuration files will be exposed to anyone with enough knowledge. In other words, a good hacker.
If you connected using THE CORREECT WAY you should be able to connect PHPMyAdmin by providing just the user/password values and host provided by the App Server for MySQL without compromising your software.