Install Azure phpmyadmin on Linux App service

Miha Bernik 21 Reputation points
2019-11-25T14:25:15.28+00:00

Hi

I have an Azure Database for MySQL resource. I want to use phpmyadmin while I'm using Linux App service which doesn't contain Extentions (extensions icon is greyed out)

It looks like extensions are only supported on .net WebApp and not on Linux WebApp ?
Is there any other way to install and use phpmyadmin ?

Thank you in advance
Mike

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,194 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. ajkuma 23,826 Reputation points Microsoft Employee
    2019-11-26T11:28:25.767+00:00

    You can change the Application Settings like the following and then try:
    To view the phpmyadmin go to https://yoursitename.azurewebsites.net/phpmyadmin

    You can take a look at this document for the steps:

    alt text

    Alternatively, you could use MySQL workbench or MySQL command line utilities as a secure way to access your database. Linux Web App currently does not support site extensions similar to Windows App service Web App hence enabling PHPmyadmin with single sign on is not available to Linux web app yet.

    If you still wish to use PHPmyadmin , you can do the following :

    1. Create a folder under wwwroot , called PHPmyadmin
    2. Download PHPmyadmin from https://www.phpmyadmin.net/
    3. FTP to your web app and push the PHPmyadmin changes
    4. Update config.inc.php in PHPmyadmin with your database server credentials
    5. Browse the site : http://yourwebsite.azurewebsites.net/phpmyadmin . When you see the login page enter the credentials .

    NOTE: This is NOT very secure so you need to take additional steps to make it secure For example :

    1. Add .htaccess to restrict access to only your IPs for this URL http://yourwebsite.azurewebsites.net/phpmyadmin
    2. In case you don’t want all MySQL users to be able to access phpMyAdmin, you can use $cfg['Servers'][$i]['AllowDeny']['rules'] to limit them or $cfg['Servers'][$i]['AllowRoot'] to deny root user access.

    3.Deny access to temporary files, see $cfg['TempDir']

    1. Remove the test directory from phpMyAdmin, unless you are developing and need test suite.
    2. Remove the setup directory from phpMyAdmin, you will probably not use it after the initial setup.

    6.Serve phpMyAdmin on HTTPS only. Preferably, you should use HSTS as well, so that you’re protected from protocol downgrade attacks.

    0 comments No comments

  2. Rafael Vila 1 Reputation point
    2020-10-23T17:46:22.37+00:00

    @ajkuma

    Please forgive me, but the answer is too generic. Can you expand a little more? When I go to App Settings there's nowhere in there where I can enter all those values. Please explain as someone who does not speak Microsoft at all.

    The Microsoft Documentation is so annoying, there's no one article that can explain everything in a single page, there is always a link saying "for more go to this link", then you go to that link and that link linked you to another link and so on to a never ending loop because at some point a link point back to where you start. Very annoying and time consuming. Specially when in any other host using Linux is as easy as one page, one explanation and that's it.

    The full explanation would be:

    Steps to set your App to connect to Azure Server for MySQL Instance


    THIS IS THE WRONG WAY

    The sad part that's suggested by Docker Hub documentation, I will post the correct way next. This method exposes your database user/password on the $_SERVER global on PHP and exposes all the files under /home directory.

    Step One, go to Configurations > Application Settings
    Step Two, you need to create 4 applications settings:

    1. name: WEBSITES_ENABLE_APP_SERVICE_STORAGE value: true -- see warning at the end of this section --
    2. name: DATABASE_TYPE value: local
    3. name: DATABASE_USERNAME value: <admin user name>
    4. name: DATABASE_PASSWORD value: <the password for the user>

    Step Three, make sure to save the changes
    Step Four, go to: <URL of your application>/phpmyadmin

    If everything is configured properly you should be able to access your database with PHPMyAdmin. But of course, this is based on the documentation. Can't warranty will work, unfortunately.

    IMPORTANT WARNING Step Two option 1 (one) configuration will force the Linux container files to be exposed by forcing everything inside the /home directory permission to 777 (Write/Read/Execute open to all - Groups / Owners / Guest). Which means, that no matter where you put the PHPMyAdmin files they will be exposed. PHPMyAdmin will block itself on the latest update since the configuration file has to have permission set to 644. This is directly from Microsoft Documentation.


    THE CORRECT WAY TO CONNECT MYSQL TO APP SERVICES

    Step 1 Go to your App Service dashboard a look for Properties.
    Step 2 Look for Outbound IP addresses.
    Step 3 There's a group of 5 IP addresses there, add an entry on your App Server for MySQL > Connection security section for each IP under Firewall Rules.
    Step 4 Under this section as well set Allow access to Azure services to Yes.
    Step 5 Remember to save this changes before you navigate away of this page.
    Step 6 Make sure both your App Service and App Server for MySQL are on the same Resource Group, JIC.

    NOTE Keep in mind that those Outbound IP addresses might change if computers are added or changes are made to the region where your App Service is assigned. If you have connection problems look there first.

    Then your alternative conduit...

    1. Download MySQL Workbench
    2. Go to Azure Server for MySQL service and on Connection Security authorized your local IP (not Azure), the remote IP of the location your computer is at. You probably will see a link that says something like "+ Add Current IP Client Address (###.###.###.###)", click on that to add it. Note that if you do not have a static IP address your IP could change after a router reset or computer reboot so you might have to do this again if that happens.
    3. Create new connection using the host, user password set provided by your service, give the connection a name you would understand.
    4. Test Connection
    5. If connection is successful just hit OK and your are good to go. Click on the new connection from there you can manage your database. Keep in mind that if your computer is idle for about 5 minutes, Azure will disconnect the connection, then you will need to reconnect.

    Workbench is another complicated application so I would suggest to devour their documentation which is as bad as Microsoft.

    About PHPMyAdmin

    I do not recommend to install PHPMyAdmin on /home/site/wwwroot, it is a security nightmare about to happened, be aware that by default Microsoft exposes all files with global permission level 777 if WEBSITES_ENABLE_APP_SERVICE_STORAGE is set to true in Linux, which in that case it doesn't matter anyway. To avoid security issues on Linux make sure to connect the services the correct way. But if you are using a Windows container or Linux (container properly connected) the best practice is as follow:

    1. if you are installing PHPMyAdmin yourself for more control over the installation on Windows container. It is better to save the PHPMyAdmin uncompressed files into /home/site/phpmyadmin. This is true on Linux container as well.
    2. Windows Containers: Go to your App Configurations > Path and set a Virtual Path, for example, /pma pointing to /home/site/phpmyadmin, because this way you will prevent of someone manipulating files in a publicly exposed directory. Same with your App Library. Especially when the application is used to manage your storage.
      1. On Linux Containers: For a Web App on Linux you need to set this as a virtual link from the shell, on your Web App go to SSH and click Go, when the shell loads and connects, might take a minute, just type the following code after >:

        > ln -s /home/site/phpmyadmin /home/site/wwwroot

    This command tells Linux to create a symlink (Symbolic Link) on your site root /home/site/wwwroot. And even if it is linked, you can visit PHPMyAdmin by browsing into <yoursite>/phpmyadmin, for example:

       https://example.com/phpmyadmin  
    

    NOTE FOR WINDOWS CONTAINER USERS
    If you are using Web App on Windows, on the left side panel there's a section called Extensions, select that, there you can choose the PHPMyAdmin extension, sorry, Azure developers do not know how to create a simple search engine for extensions, you have to scroll until you find the extension. Once selected, you need to agreed to the terms and conditions, and it is done. If you can't find it you can use the basic find tool from the browser by pressing Ctrl+F and type PHP, pretty sure will highlight it real quick.

    IMPORTANT NOTE for Linux container users:
    Linux container developers, if you had connected to MySQL the wrong way you need to pay attention to the warning I added to the first section of this answer. Microsoft exposes your files forcing /home directory be set to 777 permission level. Which means all your Apache (.htaccess), WordPress and PHPMyAdmin configuration files will be exposed to anyone with enough knowledge. In other words, a good hacker.

    If you connected using THE CORREECT WAY you should be able to connect PHPMyAdmin by providing just the user/password values and host provided by the App Server for MySQL without compromising your software.