Code Monkey home page Code Monkey logo

docker's Introduction

Official phpMyAdmin Docker image

Note that since phpMyAdmin has been accepted in to the official DockerHub repository, you can use either that or this older phpMyAdmin repository for your Docker installation. This is maintained as a courtesy to users who have not migrated.

Run phpMyAdmin with Alpine, Apache and PHP FPM.

GitHub CI build status badge update.sh build status badge amd64 build status badge arm32v5 build status badge arm32v6 build status badge arm32v7 build status badge arm64v8 build status badge i386 build status badge mips64le build status badge ppc64le build status badge s390x build status badge Docker Pulls Docker Stars

All of the following examples will bring you phpMyAdmin on http://localhost:8080 where you can enjoy your happy MySQL administration.

Credentials

phpMyAdmin connects using your MySQL server credentials. Please check your corresponding database server image for information on the default username and password or how to specify your own custom credentials during installation.

The official MySQL and MariaDB images use the following environment variables to define these:

  • MYSQL_ROOT_PASSWORD - This variable is mandatory and specifies the password that will be set for the root superuser account.
  • MYSQL_USER, MYSQL_PASSWORD - These variables are optional, used in conjunction to create a new user and to set that user's password.

Supported Docker Hub tags

The following tags are available:

  • latest, fpm, and fpm-alpine are always the most recent released version
  • Major versions, such as 5, 5-fpm, and 5-fpm-alpine
  • Specific minor versions, such as 5.0, 5.0-fpm, and 5-fpm-alpine
  • Specific patch versions, such as 5.0.0, 5.0.0-fpm, and 5.0.0-fpm-alpine. Note that, on rare occasion, there may be an intermediary "docker-only" release, such as 4.9.2-1

A complete list of tags is available at Docker Hub

Image variants

We provide three variations:

  • "apache" includes a full Apache webserver with PHP and includes everything needed to work out of the box. This is the default when only a version number is requested.
  • "fpm" only starts a PHP FPM container. Use this variant if you already have a separate webserver. This includes more tools and is therefore a larger image than the "fpm-alpine" variation.
  • "fpm-alpine" has a very small footprint. It is based on Alpine Linux and only starts a PHP FPM process. Use this variant if you already have a separate webserver. If you need more tools that are not available on Alpine Linux, use the fpm image instead.

Usage with linked server

First you need to run a MySQL or MariaDB server in Docker, and the phpMyAdmin image needs to be linked to the running database container:

docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 phpmyadmin:latest

Usage with external server

You can specify a MySQL host in the PMA_HOST environment variable. You can also use PMA_PORT to specify the port of the server in case it's not the default one:

docker run --name phpmyadmin -d -e PMA_HOST=dbhost -p 8080:80 phpmyadmin:latest

Usage with arbitrary server

You can use arbitrary servers by adding the environment variable PMA_ARBITRARY=1 to the startup command:

docker run --name phpmyadmin -d -e PMA_ARBITRARY=1 -p 8080:80 phpmyadmin:latest

Usage with docker compose and an arbitrary server

This will run phpMyAdmin with the arbitrary server option - allowing you to specify any MySQL/MariaDB server on the login page.

version: '3.1'

services:
  db:
    image: mariadb:10.11
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: notSecureChangeMe

  phpmyadmin:
    image: phpmyadmin
    restart: always
    ports:
      - 8080:80
    environment:
      - PMA_ARBITRARY=1

Adding Custom Configuration

You can add your own custom config.inc.php settings (such as Configuration Storage setup) by creating a file named config.user.inc.php with the various user defined settings in it, and then linking it into the container using:

-v /some/local/directory/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php

On the docker run line like this:

docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 -v /some/local/directory/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php phpmyadmin:latest

Be sure to have <?php as your first line of the configuration file or the contents will not be detected as PHP code.

Example:

<?php

$cfg['ShowPhpInfo'] = true; // Adds a link to phpinfo() on the home page

See the following links for config file information:

Adding custom configuration in /etc/phpmyadmin/conf.d

you can also consider storing your custom configuration files in the folder /etc/phpmyadmin/conf.d, which is very suitable for managing multiple phpMyAdmin configuration files for different hosts,Then you can create server-1.php, server-2.php, or any file name you want, and store them in the conf.d directory mounted on the host.

On the docker run line like this:

docker run --name phpmyadmin -d --link mysql_db_server:db -p 8080:80 -v /some/local/directory/conf.d:/etc/phpmyadmin/conf.d:ro phpmyadmin:latest

Usage behind a reverse proxy

Set the variable PMA_ABSOLUTE_URI to the fully-qualified path (https://pma.example.net/) where the reverse proxy makes phpMyAdmin available.

Sessions persistence

In order to keep your sessions active between container updates you will need to mount the /sessions folder.

-v /some/local/directory/sessions:/sessions:rw

Environment variables summary

  • PMA_ARBITRARY - when set to 1 connection to the arbitrary server will be allowed
  • PMA_HOST - define address/host name of the MySQL server
  • PMA_VERBOSE - define verbose name of the MySQL server
  • PMA_PORT - define port of the MySQL server
  • PMA_HOSTS - define comma separated list of address/host names of the MySQL servers
  • PMA_VERBOSES - define comma separated list of verbose names of the MySQL servers
  • PMA_PORTS - define comma separated list of ports of the MySQL servers
  • PMA_SOCKET - define socket file for the MySQL connection
  • PMA_SOCKETS - define comma separated list of socket files for the MySQL connections
  • PMA_USER and PMA_PASSWORD - define username and password to use only with the config authentication method
  • PMA_ABSOLUTE_URI - the full URL to phpMyAdmin. Sometimes needed when used in a reverse-proxy configuration. Don't set this unless needed. See documentation.
  • PMA_CONFIG_BASE64 - if set, this option will override the default config.inc.php with the base64 decoded contents of the variable
  • PMA_USER_CONFIG_BASE64 - if set, this option will override the default config.user.inc.php with the base64 decoded contents of the variable
  • PMA_UPLOADDIR - if defined, this option will set the path where files can be saved to be available to import ($cfg['UploadDir'])
  • PMA_SAVEDIR - if defined, this option will set the path where exported files can be saved ($cfg['SaveDir'])
  • PMA_CONTROLHOST - when set, this points to an alternate database host used for storing the phpMyAdmin Configuration Storage database database
  • PMA_CONTROLPORT - if set, will override the default port (3306) for connecting to the control host for storing the phpMyAdmin Configuration Storage database database
  • PMA_PMADB - define the name of the database to be used for the phpMyAdmin Configuration Storage database. When not set, the advanced features are not enabled by default: they can still potentially be enabled by the user when logging in with the zero conf (zero configuration) feature. Suggested values: phpmyadmin or pmadb
  • PMA_CONTROLUSER - define the username for phpMyAdmin to use for advanced features (the controluser)
  • PMA_CONTROLPASS - define the password for phpMyAdmin to use with the controluser
  • PMA_QUERYHISTORYDB - when set to true, enables storing SQL history to the phpMyAdmin Configuration Storage database. When false, history is stored in the browser and is cleared when logging out
  • PMA_QUERYHISTORYMAX - when set to an integer, controls the number of history items. See documentation. Defaults to 25.
  • MAX_EXECUTION_TIME - if set, will override the maximum execution time in seconds (default 600) for phpMyAdmin ($cfg['ExecTimeLimit']) and PHP max_execution_time (format as [0-9+])
  • MEMORY_LIMIT - if set, will override the memory limit (default 512M) for phpMyAdmin ($cfg['MemoryLimit']) and PHP memory_limit (format as [0-9+](K,M,G) where K is for Kilobytes, M for Megabytes, G for Gigabytes and 1K = 1024 bytes)
  • UPLOAD_LIMIT - if set, this option will override the default value for apache and php-fpm (format as [0-9+](K,M,G) default value is 2048K, this will change upload_max_filesize and post_max_size values)
  • TZ - if defined, this option will change the default PHP date.timezone from UTC. See documentation for supported values.
  • HIDE_PHP_VERSION - if defined, this option will hide the PHP version (expose_php = Off). Set to any value (such as HIDE_PHP_VERSION=true).
  • APACHE_PORT - if defined, this option will change the default Apache port from 80 in case you want it to run on a different port like an unprivileged port. Set to any port value (such as APACHE_PORT=8090)

For usage with Docker secrets, appending _FILE to the PMA_PASSWORD environment variable is allowed (it overrides PMA_PASSWORD if it is set):

docker run --name phpmyadmin -d -e PMA_PASSWORD_FILE=/run/secrets/db_password.txt -p 8080:80 phpmyadmin:latest

Variables that can be read from a file using _FILE

  • MYSQL_ROOT_PASSWORD
  • MYSQL_PASSWORD
  • PMA_USER
  • PMA_PASSWORD
  • PMA_HOSTS
  • PMA_HOST
  • PMA_CONTROLHOST
  • PMA_CONTROLUSER
  • PMA_CONTROLPASS

Run the E2E tests for this docker image

You can run the E2E test suite on a local test environment. The Requirements are make, docker and the docker compose plugin.

Clone this repository: https://github.com/phpmyadmin/docker.git

And then run this command to start the test suite:

make run-tests

For more detailed documentation see https://docs.phpmyadmin.net/en/latest/setup.html#installing-using-docker

Please report any issues with the Docker container to https://github.com/phpmyadmin/docker/issues

Please report any issues with phpMyAdmin to https://github.com/phpmyadmin/phpmyadmin/issues

docker's People

Contributors

ankitjain28may avatar asolopovas avatar asosso avatar baotongshi avatar bytebitten avatar chrisproud avatar cybottm avatar davidmwhynot avatar demired avatar devinmatte avatar dnnspaul avatar ederuiter avatar glensc avatar hkraal avatar ibennetch avatar j0wi avatar josuecau avatar lorenz avatar netroby avatar nijel avatar ohmymndy avatar paulolobt avatar phrozenbyte avatar pigochu avatar sammousa avatar soullivaneuh avatar spawnia avatar tdutrion avatar williamdes avatar yankeguo avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

docker's Issues

Do not hardcode MySQL host

It should be possible to set MySQL host via an environment variable.

In some container engines (for example Kubernetes), there are no concept of link aliases, so a user will have to change his service name (if it's not db) in order to make it work with this Docker image.

PMA DB/Configuration Storage Missing from Docker Container Capability

As a follow-on to:
#38

The docker configuration of PHPMYADMIN does not allow turning on of the PMADB / Configuration Storage settings for PHPMYADMIN, leaving it somewhat less functional than it's non-dockerized installation. (This is among other non-configurable options).

This is easy to turn on without breaking or corrupting the current installation:

  1. Put a user hook at the end of the current config.inc.php file:
    include('./config.userdef.inc.php');

  2. Document the override for users to write their own config options based off of the standard config.sample.inc.php file distributed with the base phpmyadmin package.
    -v /some/local/directory/config.userdef.inc.php:/www/config.userdef.inc.php

  3. Update run.sh to "touch" the config.userdef.inc.php file upon boot in the same way it creates the config.secrets.inc.php file. This will keep the warning message from "include" from firing.
    if [ ! -f /www/config.userdef.inc.php ]; then
    touch /www/config.userdef.inc.php
    fi

The benefit to this approach is it leaves the code written to handle external variables alone and allows the config.inc.php file to continue being maintained by the maintainer of the docker files while still allowing users to configure their phpmyadmin installation in the same way they're capable of maintaining the non-dockerized version. config.inc.php becomes a "hands off" file that no one needs to touch, and users still get the ability to configure the full range of phpmyadmin settings for their local installations.

If anyone wants, I can put a pull request together for this.

Docker PHPmyadmin Access?

I've got a project that sets phpmyadmin up in docker-compose using the following configuration:

phpmyadmin:
image: phpmyadmin/phpmyadmin
ports:
- "8080:80"
environment:
PMA_HOST: "mysql"
PMA_PORT: 3306

I need to import sql but I'm not sure how to access either via command line, browser, or sequel pro (where do I find the credentials to use?)
ssh host-?
ssh user-?
ssh key-?

Preferably sql pro so I can view all the data and learn the structure better :)

Multiple mysql servers

I want to link more than one mysql container into phpmyadmin and this is not working.

It only works when I link only one container and named it db

Is it necessary to run it as root?

Greetings,

I just needed phpmyadmin for one of our projects and I looked into the image and I don't understand a couple of concepts here.

1.) Why does anything in this image run as root (tried both latest and 4.6.4-1 from docker hub and although they are different both run php processes as root).
2.) Let's presume this is changed and the processes in the container are ran as UID 1000, in that case why is the /www/ directory writable by user 1000.

I think running web applications as root even in a docker container is very insecure as it highly increases the attack surface despite not being as bad as running them on the host.
Also it is I think a common best practice in web operation to make sure that an application is not able to write it's own code.

I don't think there is any need in the docker world to run things on privileged ports like 80 so I don't think that should prevent the process to be ran as a non root user that is not able to write anything except what it needs to.

Thanks a lot in advance.

chown operation after applied 027 umask

after setting umask (issues: #59 & #61) a chown call need to be made on nearly all files used by container (such as: config.inc.php, config.secret.inc.php) to set nobody as group (thus giving read access to PHP-FPM).

fix:
chown all files that need read access by nobody with nobody group.

Reported by Emanuel Bronshtein.

incorrect permissions/ownership adjustment routine

The code at:
https://github.com/phpmyadmin/docker/blob/master/Dockerfile#L26-L28
run after the tar extract at:
https://github.com/phpmyadmin/docker/blob/master/Dockerfile#L22
which will generate files with read permissions for others. (permissions will be changes after the extract & removing some directories)
it's better to avoid creating the files with bad permissions, which possible by:
1. --no-same-permissions in tar , require setting the umask before the tar command to 027, see: #59 (Insecure umask).
2. --no-same-owner in tar
The chown command is still needed, in order to set group as nobody (instead of root)
https://github.com/phpmyadmin/docker/blob/master/Dockerfile#L26
but chmod commands can be removed in line 26&27 after the above change.

Reported by Emanuel Bronshtein.

Missing white-list of allowed HTTP methods (in nginx.conf)

it's recommended to white-list the used HTTP methods (decrease attack surface) as noted by:
https://www.acunetix.com/blog/articles/nginx-server-security-hardening-configuration-1/
https://support.rackspace.com/how-to/install-nginx-and-php-fpm-running-on-unix-file-sockets/

for example:

if ($request_method !~ ^(GET|HEAD|POST)$ )
{
       return 405;
}

Note: while there no usage of HEAD method in PMA, it's suggested to enable it in order to not break monitoring tools (which use HEAD method instead of GET to check that application is responding)

Reported by Emanuel Bronshtein.

MySQL connection error in 4.6.2-3

I've found an issue in 4.6.2-3. The issue appears when I'm trying to expand a table info in the sidebar.
There is no such error in the latest version. Can you build new tagged version based on the latest one?

User configuration not taken into account

Using the latest image, I'm mounting a file under /config.user.inc.php as described in the documentation. The file is not loaded by the default config.inc.php.

After investigating, the file is mounted properly but the line if (file_exists('/config.user.inc.php')) { return false, which means that the PHP code does not have access to this file. A simple scandir('/') returns false also.

I'm running Docker 1.11.1

missing restrictions of opcache functions usage via opcache.restrict_api/disable_functions in php.ini used by docker

https://secure.php.net/manual/en/opcache.configuration.php#ini.opcache.restrict-api

the value used as "start of path", more information:
wpsharks/comet-cache#733

fix:
it will be better to disable it completely, didn't found way to do it, does it PHP bug/limitation? probably better to limit it using opcache.restrict_api (instead of using disable_functions for this)

Reported by Emanuel Bronshtein.

Environement not working with docker-compose

With the following docker-compose.yml file:

mysql:
  image: mysql
  volumes_from:
    - data
  environment:
    MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'

pma:
  image: phpmyadmin/phpmyadmin
  links:
    - mysql:db
  ports:
    - '8080:8080'
  environment:
    PMA_USER: root
    PMA_PASSWORD: ''

If I dump the $_ENV variable from config.inc.php, I get an empty array.

Did I something wrong?

Performance Improvements to Test

  1. set opcache.save_comments to false
    in:

    ;opcache.save_comments=1

    more information:
    https://secure.php.net/manual/en/opcache.configuration.php#ini.opcache.save-comments

  2. set opcache.validate_timestamps to 0
    in:

    ;opcache.validate_timestamps=1

    more information:
    https://secure.php.net/manual/en/opcache.configuration.php#ini.opcache.validate-timestamps
    will require note in documentation that changes in files content require Resetting the OpCache / Restarting PHP-FPM.

Reported by Emanuel Bronshtein.

increased attack surface by internal redirect in try_files option

the try_files at:
https://github.com/phpmyadmin/docker/blob/master/etc/nginx.conf#L63
has internal redirect to:
/index.php?$query_string
which increase attack surface by enabling various URIs, for example such as:
possible XSS via REQUEST_URI, etc..:
http://host/"><script>alert(1)</script>.txt?param1=value1
possible phishing via //phishing.com/ if used in URL context.
http://host//phishing.com/login/
possible RFD: (force using of .hta extension, which will used in forced file download)
http://host/page.hta?params_to_return_malicous_content

Reported by Emanuel Bronshtein.

not needed sections in php.ini

The php.ini file in docker contain some sections which are not needed (related modules isn't used/installed), thus make it harder to audit it:
mcrypt don't installed (don't install it, use openssl instead as already done)
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1818
COM is windows only:
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1657
Not used DBs:
MSSQL
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1583
PostgreSQL
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1266
Oracle
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1213
Interbase
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1051
Sybase
https://github.com/phpmyadmin/docker/blob/master/etc/php.ini#L1294

Reported by Emanuel Bronshtein.

problem with reverse proxy when using https://domain/phpmyadmin

Hi all,
I am trying to serve this phpmyadmin docker image via nginx upstream.
It is working with :

# docker run -d -e PMA_ABSOLUTE_URI="https://my.domain.com/" phpmyadmin/phpmyadmin
nginx: location / { proxy_pass http://phpmyadmin;  }

But not working with:

# docker run -d -e PMA_ABSOLUTE_URI="https://my.domain.com/phpmyadmin/" phpmyadmin/phpmyadmin
nginx: location /phpmyadmin { proxy_pass http://phpmyadmin;  }

php just returns it can't find the index.php (or any other files). Any ideas? :-)

Lock Table problem with phpmyadmin

I just tried to import a dump that uses lock table, and it throws

#1100 - Table 'pma_column_info' was not locked with LOCK TABLES

I found the answer here http://stackoverflow.com/questions/18215379/importing-sql-file-using-phpmyadmin-in-easyphp. Seems like you have to insert

$cfg['Servers'][$i]['controluser'] = 'root';
$cfg['Servers'][$i]['controlpass'] = '';

inside the loop for every server. I just tried it out and it works.
I'm not sure if this is really a problem, or should be included in the run.sh. But I like the idea of having a container that can start without configuration and works out of the box.

Frequently losing session

I have a fairly vanilla version of the phpMyAdmin docker container yet after I login, I keep losing the session and are taken back to the login screen. Sometimes it'll happen after a few seconds, sometimes after a minute or two.

I've tried clearing all the cookies in my browser, tried multiple computers and multiple browsers without much luck.

Below is the Docker command being used to start the container:

docker run \
        --name phpMyAdmin \
        --restart=always \
        -d \
        -p 8080:80 \
        --link mysql:db \
        phpmyadmin/phpmyadmin

Insecure default docker umask (022)

The default umask settings for docker is 022 (which is also used by many distros)
https://github.com/docker/docker/pull/13941/files#diff-f12859176a0bd7f84e8c0884b1d71908R37
it's better to use more secure umask when possible, such as:
027
(none permissions for other)

The umask need to be set before creation of files that will remain in the image, thus affecting the permissions of extracted files (see issue above) & created files, such as: config.secret.inc.php.

Reported by Emanuel Bronshtein.

link deprecated

Hi,

the --link option have been deprecated shouldn't we use the --net option?

I cannot login to PMA - Error #2002 - php_network_getaddresses: getaddrinfo failed

I do not know what might be the case, but I cannot login to PMA. I have the following docker-composer.yml file:

db:
  image: mysql:5.6
  environment:
    - MYSQL_ROOT_PASSWORD=blabla
    - MYSQL_DATABASE=wordpress
  volumes_from:
    - datamysql

datamysql:
  image: debian:jessie
  volumes:
    - /mypath:/var/lib/mysql

phpmyadmin:
  image: phpmyadmin/phpmyadmin
  links:
    - db:mysql
  ports:
    - "8080:80"

I tried to log in to PMA using root account and the given password: blabla.
I receive the following error:

#2002 - php_network_getaddresses: getaddrinfo failed: Name does not resolve โ€” The server is not responding (or the local server's socket is not correctly configured).

Something wrong with my setup?

Permit config authentication

Generally on dev env, user is root with a simple password or none.

Would be great to be able to set a USER_LOGIN and optionally USER_PASSWORD env var that will change configuration from cookie to config.

missing security headers

While PMA code does send the below headers in sendHttpHeaders function
(the correct place for such headers, are in PMA code, as it's the best/safest place to calculate CSP headers)
but it effects only .php files.
thus, it's recommended to add the below headers in nginx.conf in case the request wasn't passed to php-fpm

for every request that wasn't passed to php-fpm:

add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;

for every request that wasn't passed to php-fpm and return HTML content (.html files), which effect the files in doc directory (/doc/html/):

add_header X-Xss-Protection "1; mode=block" always;

while I will recommend the following for default CSP header:

add_header Content-Security-Policy "default-src 'self';form-action 'self';referrer no-referrer;reflected-xss block;" always;

The HTML file in doc folder require unsafe-inline in JS & CSS , Thus using:
add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';form-action 'self';referrer no-referrer;reflected-xss block;" always;

The documentation generated using old Sphinx version (1.2.3) while the last one is 1.4.6.
in case the generated documentation using latest version still require unsafe-inline in JS & CSS, I suggest to report this to Sphinx.

Reported by Emanuel Bronshtein.

Unable to nagivate

I'm operating this docker container and am running into all kinds of problems. Among many other issues, none of these filtering options actually filter the current "Browse" selection. The tab will reload and that's it.

screen shot 2016-08-14 at 8 59 19 am

Missing optional dependencies:

The detectPow function at:
https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/Util.php#L38
will use bcpow or gmp_pow or pow functions, the bcpow & gmp_pow functions require:
php5-bcmath
php5-gmp
packages

fix:
1. in docker, add php5-bcmath:
https://github.com/phpmyadmin/docker/blob/master/Dockerfile#L4
2. in debian, add under "Recommends" a PHP bcmath package:
https://sources.debian.net/src/phpmyadmin/4:4.6.4%2Bdfsg1-1/debian/control/?hl=29#L29

Reported by Emanuel Bronshtein.

show/create config.user.inc.php instead of config.inc.php if run on Docker instance

User modifications when run from docker https://github.com/phpmyadmin/docker
need to be made in config.user.inc.php file instead of config.inc.php.
Thus, show 'config.user.inc.php' instead of 'config.inc.php' if run from Docker, for example change need to be done in:
https://github.com/phpmyadmin/phpmyadmin/blob/master/prefs_manage.php#L51
https://github.com/phpmyadmin/phpmyadmin/blob/master/prefs_manage.php#L309
https://github.com/phpmyadmin/phpmyadmin/blob/master/setup/frames/config.inc.php#L30
https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/relation.lib.php#L371
also the file created under SETUP need to be 'user.config.inc.php' in the above scenario.

Incorrect PHP log/socket name

The filename contain 7.0 which is php version that's not used by the image.
php7.0-fpm.log
https://github.com/phpmyadmin/docker/blob/master/etc/php-fpm.conf#L2
https://github.com/phpmyadmin/docker/blob/master/run.sh#L17
https://github.com/phpmyadmin/docker/blob/master/run.sh#L18
php7.0-fpm.sock
https://github.com/phpmyadmin/docker/blob/master/etc/php-fpm.conf#L7

fix:
use filename without version such as (thus, the name is correct even if used with newer/older php versions):
php-fpm.log
php-fpm.sock

Reported by Emanuel Bronshtein.

Login redirects to port-qualified url

Thus breaking if running behind a reverse proxy.

When logging in, the server answers with a 302 and Location: https://<server>:8080/index.php?token=<token>, even though <server> was accessed via port 80.

Cannot change configuration options

I would like to change some other configuration values that are not settable via environment variables (FirstLevelNavigationItems in this case). However it seems there is no way to do this at the moment.

A good way to implement this would be via volume mapping. My proposal would be to:

  1. Add a include '/config.inc.php'; as a last line to config.inc.php in this repo.

  2. Make the Dockerfile create an empty PHP file to that location.

  3. Document that one can volume map a PHP file to that location. Ie:

    phpmyadmin:
     volumes:
       - ./some/local/file.inc.php:/config.inc.php

Now any configuration option can be set or overwritten.

Any thoughts on this?

Use port 80 instead of port 8080

Just a thought: wouldn't it make sense to expose port 80 instead of port 8080? A user can always map any exposed ports to whatever he likes, e.g. -p 8080:80, and as this is in fact a Docker container running a web application, doesn't it sound logical to use the http port for that? Or were there practical considerations for using port 8080 instead?

If you agree, I'm willing to open a PR, but let's discuss this first.

Missing Official Repository in DockerHub

The docker image marked as public at:
https://hub.docker.com/r/phpmyadmin/phpmyadmin/
There is a process that will mark the image as official, more information:
https://docs.docker.com/docker-hub/official_repos/
example of official repositories:
https://hub.docker.com/_/wordpress/
https://hub.docker.com/_/drupal/
it appears that official repos has some security benefits (apart from distinguish from other public repos) such as content trust (see issue: not signed docker image) enabled by docker itself.

fix:
do the needed changes (there is a guideline), and apply for official repositories at DockerHub.

Reported by Emanuel Bronshtein.

Version Tags

Any chance of taging versions on docker hub?

I was trying to use that new feature (#13, #12 PmaAbsoluteUri) and couldn't understand why it wasn't working. Turns out this feature is incredibly new and not part of my 7 day old image. Ugh!

But anyways, I'm glad its implemented. :)

Image does not shutdown gracefully

When shutting down the image, docker first sends a SIGTERM to the process used as ENTRYPOINT, then after 10 secs a SIGKILL.

The phpmyadmin image ignores the first signal.

Even though there is no probable data loss at stake, it would be nicer if the image stopped immediately, saving 10 secs of wait on every docker stop.

Two ways to do that come to my mind:
a- catch the signal in run.sh (but this means not using 'exec' as last command)
b- do not run as entrypoint for the webserver the std index.php from phpmyadmin, but have a 'startup' php script which sets up listening to signals then includes the default index.php

I can send a PR if you have any preference for either option...

allow to describe host with description

For cases where the hosts are IP addresses
how can one give description to the IP address so one can know what DB server the ip belongs to when on login page?

So instead of showing ip address of host on login page and no one knows what DB server the ip address belongs to, i can declare a some env variable to connect ip address to a description

Thanks

Install zip & bz2

Would be great if zip & bz2 were enabled by default in the image. I think it's pretty common to import zipped SQL files.

not signed docker image

docker has mechanism for image signing (called "content trust"), more information:
https://docs.docker.com/engine/security/trust/trust_sandbox/
https://docs.docker.com/engine/security/trust/content_trust/
I wasn't able to install PMA docker while using --disable-content-trust=false such as:
docker pull phpmyadmin/phpmyadmin --disable-content-trust=false
result:

Error: remote trust data does not exist for docker.io/phpmyadmin/phpmyadmin: notary.docker.io does not have trust data for docker.io/phpmyadmin/phpmyadmin

Reported by Emanuel Bronshtein.

Verify downloaded sources

Currently we download the phpMyAdmin sources and do no verification of that download.

This could be improved by checking PGP signature on download. All needed pieces are there, it just needs to be properly glued together. The most tricky part is probably to avoid increasing size of the image.

  • The PGP signature for latest release is on same URL, just append .asc, see https://www.phpmyadmin.net/about-website/
  • The PGP keyring should be included in sources, not downloaded during the build
  • Verification should be done by gpgv as it doesn't seem to do all the initialization which gpg does

Add Themes

How do you add themes to this image? Is the best possible way to create my own image from this or would it be good to have all the themes preloaded with this image? I don't know if it will take too much space though?

Add Kubernetes support

It is currently not possible to use this image with Kubernetes because of known bug in alpine image.
It would be great to have an additional tag, suffixed with -k8s, that will use janeczku/alpine-kubernetes as a base image.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.