Many times, there's a need to view a MySQL or MariaDB database in a production or local environment. Installing a management tool via a package manager or deploying it manually through Nginx or Apache can be inconvenient. A more efficient solution is to deploy it using Docker Compose. While there are valid security concerns, in some cases, it’s acceptable to use this setup for a short time frame.
To improve security, it's important to avoid the default path /phpmyadmin. Instead, set a PathPrefix to a long, non-obvious string, so bots can’t easily scan and find it. While there are always security concerns, this setup can be acceptable for short-term use in controlled environments.
traefik.http.routers.phpmyadmin.rule: Host(`example.com`) && PathPrefix(`/Wwz3UdlBz4`)`
traefik.http.middlewares.phpmyadmin-stripprefix.stripprefix.prefixes: "/Wwz3UdlBz4"
And you also need to enable the prefix middleware so that the path prefix works correctly. Additionally, there's an authentication middleware available for extra security.
traefik.http.routers.phpmyadmin.middlewares: "phpmyadmin-stripprefix,auth"
The auth middleware sets up basic authentication—you’ll need to define a username and password. Note that passwords must be hashed using MD5, SHA1, or BCrypt. If your hash contains special characters like $, you must escape them by writing the symbol twice (e.g., $$).
traefik.http.middlewares.auth.basicauth.users: "admin:$$2y$$05$$RkJHVGt64gXEyL1yurYnaepMS2jxfBHUp0GVoHd1kgfnOhp727ND"
Next, you need to set the PMA_ABSOLUTE_URI correctly, including the http or https scheme. This is different from the Host directive. For PMA_HOST, specify the hostname or IP address of the MySQL container. It's important that both containers are on the same Docker network.
You can also connect to a MySQL instance running on the host (e.g., 127.0.0.1:3306). To do this, ensure that remote connections are allowed in the my.cnf (or mysql.conf) by removing or commenting out the bind-address directive. If you're using a bridge network between the container and the host, just set your host IP in PMA_HOST, and it should connect successfully.
Here is the complete configuration.
services:
phpmyadmin:
restart: always
image: phpmyadmin/phpmyadmin
networks:
- web_network
labels:
traefik.enable: "true"
traefik.http.routers.phpmyadmin.rule: Host(`example.com`) && PathPrefix(`/Wwz3UdlBz4`)
traefik.http.middlewares.auth.basicauth.users: "admin:$$2y$$05$$3zPppyLkS2h5XilKgnkvsuWaohSJccU5z0DYS16yMiUv3WTDX3Fo2"
traefik.http.routers.phpmyadmin.middlewares: "phpmyadmin-stripprefix,auth"
traefik.http.middlewares.phpmyadmin-stripprefix.stripprefix.prefixes: "/Wwz3UdlBz4"
traefik.http.routers.phpmyadmin.tls: "true"
traefik.http.routers.phpmyadmin.entrypoints: websecure
environment:
- PMA_HOST=backend_mysql
- PMA_USER=admin
- PMA_PASSWORD=password
- PMA_ABSOLUTE_URI=https://example.com/Wwz3UdlBz4/
networks:
web_network:
external: true
Top comments (0)