Adminer login via a reverse proxy

Question

I am running Nginx which is configured to allow me to access several resources on another server which is available as a reverse proxy. For example

main server:http://example.com
slave: http://example.com/slave
adminer on slave: http://example.com/slave/admin/adminer.php

Everything is all right so far. I enter my DB user name and password in Adminer and the trouble begins. Examining the headers returned by Adminer post-login I have noticed that it sends back this header:

Location: /admin/adminer.php?username=user

This is the root of the trouble. On my browser this, naturally, gets interpreted as meaning relative to the current server rather than the reverse proxy. I tried hacking the adminer code after locating the one place where it has a Location header but that just stopped it dead in its tracks.

How can I prevent this from happening? I have considered running a Lua script on Nginx that examines the header and replaces it but it strikes me that even if I get that to work I will be getting my server to do a great deal of unnecessary work.

Edit

After exploring the issue a bit more I am starting to think that adminer may not being doing much wrong. It actually uses the $_SERVER['REQUEST_URI'] value to construct the location header and that happens to have little part from /admin/adminer.php. I have noted that the referer, $_SERVER['HTTP_REFERRER'] has the full original request path http://example.com/slave/admin/adminer.php. So the solution would be to send back the location /slave/admin/adminer.php?username=user.

Easy? Well, the issue is that in my setup /slave/ is going to be variable so I need to resolve it in code. I can probably do that reasonably easily with a spot of PHP but I wonder... surely there is an easier alternative provided by Nginx?

I should perhaps mention:

Ubuntu 14.04 on both master & slave
Nginx 1.6.2 installed vial apt-get nginx-extras (the Lua module enabled flavor)
php5-fpm 5.5.9
MariaDB 10
Adminer 4.2.1

score 16 · Answer 1 · answered Sep 25 '18 at 19:08

16

I had the same issue and this is how I resolved it:

upstream adminer {
    server adminer;
}

server {
    listen 80;

    location /adminer/ {
        proxy_set_header X-Forwarded-Prefix "/adminer";
        proxy_pass http://adminer/;
    }
}

answered Sep 25 '18 at 19:08

Max

457
1
4
11

This should be the accepted answer. Original Question asks about nginx reverse proxy. – Vojtěch Pithart Sep 11 '19 at 10:42

score 1 · Accepted Answer · edited May 23 '17 at 11:44

I hit the same problem and the most simple fix I could come up with is to patch the adminer PHP script. I simply hardcoded $_SERVER["REQUEST_URI"] at the start of adminer.php like this:

--- adminer.php 2015-10-22 12:31:18.549068888 +0300
+++ adminer.php 2015-10-22 12:31:40.097069554 +0300
@@ -1,4 +1,5 @@
 <?php
+$_SERVER["REQUEST_URI"] = "/slave/admin/adminer.php";
 /** Adminer - Compact database management
 * @link http://www.adminer.org/
 * @author Jakub Vrana, http://www.vrana.cz/

If you put the above in a file called fix you can simply run patch < /path/to/fix in the directory containing adminer.php you should get the correctly working version. Running patch -R < /path/to/fix will restore the original behavior if needed.

To understand the structure of a patch file read this SO thread.

thank you very much for this tip. It is going to be a life saver. — DroidOS, Oct 22 '15 at 12:29

Adminer login via a reverse proxy

Edit

2 Answers2