phpmyadmin forces download file index.php

aaP_admjuanortiz

aaPanel_Kern I have php installed

aaP_admjuanortiz

aaP_admjuanortiz do i need it to be static? I downloaded version 7.3 of php and I selected it

aaPanel_Kern

aaP_admjuanortiz
php-73
Is it possible to access the browser by clearing the cache or using the incognito mode? Is it possible to access with another browser?

aaP_admjuanortiz

aaPanel_Kern I'm doing the test and something strange happens

in chrome, i download a php file

and in firefox it shows me a directory that I configured so that they did not see the content
crhome (download file )

http://xxxx-pro.com:888/phpmyadmin_4456b91fd10e0fe5
firefox works normal but does not show the phpmyadmin

aaPanel_Kern

aaP_admjuanortiz
Hello, what changes have you made?

aaP_admjuanortiz

aaPanel_Kern I tried to protect the urls of the websites a bit so that they do not access inappropriate things. They are in the configuration file that I uploaded earlier

basically with these two files I control what enters the server

config domain file


server
{
    listen 80;
    listen 888;
   

    listen 443 ssl http2;
    server_name animalitos-pro.com;
    index  index.php index.html index.htm default.htm default.html;
    # root /www/wwwroot/animalitos-pro.com;
    

    #SSL-START SSL related configuration
    #error_page 404/404.html;
    ssl_certificate    /www/server/panel/vhost/cert/animalitos/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/animalitos/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    #SSL-END
    

    #ERROR-PAGE-START  Error page related configuration
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
    

    

    #phpmyadmin
  


	
 

    #end
    

    

    

    #REWRITE-START Pseudo-static related configuration
    include /www/server/panel/vhost/rewrite/node_animalitos.conf;
    #REWRITE-END
    

    #Files or directories forbidden to access
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env|node_modules) {
       return 404;
    }
    

    #One-click application for SSL certificate verification directory related settings
    location /.well-known/ {
        root  /www/wwwroot/animalitos-pro.com;
    }

    


    # HTTP reverse proxy related settings begin >>>
    location ~ /purge(/.*) {
        proxy_cache_purge cache_one $host$request_uri$is_args$args;
    }


    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        add_header X-Cache $upstream_cache_status;

        proxy_connect_timeout 30s;
        proxy_read_timeout 86400s;
        proxy_send_timeout 30s;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    # End of HTTP reverse proxy related settings <<<
    

    access_log  /www/wwwlogs/animalitos.log;
    error_log  /www/wwwlogs/animalitos.error.log;
}




app js 



import fs            from 'fs';
import Url           from 'url';
import Path          from 'path';
import http          from 'http';
import express       from 'express';
import bodyParser    from 'body-parser';
import fetch         from 'node-fetch';
import * as socketIO from "socket.io";

const __dirname  = Path.dirname( Url.fileURLToPath( import.meta.url ) );

// npm i -S express body-parser node-fetch
// npm i -D nodemon
// fuser -k 80/tcp

import { ticks, toDate } from "./Frame.js"

process.env.TZ = "America/Caracas";

const port   = 5000;
const app    = express();
const server = http.createServer( app );
const io     = new socketIO.Server( server, {
    cors: {
		origin: "*",
		methods: ["GET", "POST"],
		credentials: true
	}
} );



function getCurrentFile( _Date = null ){
	let date  = _Date || new Date();
	let day   = ''+( date.getDate() );
	let year  = ''+( date.getFullYear() );
	let month = ''+( date.getMonth() + 1 );
	let base  = 'resultados';
	let name  = 'index.html';
	let path  = Path.join( __dirname, base, year, month, day );
	let file  = Path.join( path, name );
	return { path, file, name };
};

function getCurrentDay(){
	let day = 0;
	let next = true;
	let date = new Date();
	let arr  = date.toLocaleString('en-US', { hour: '2-digit', minute: '2-digit' }).split(' ');
	let [ h, m ] = arr[0].split(':').map( e => parseInt( e ) );
	h = arr[1] == 'PM' ? h + 12: h;
	if( h >= 9 && h <= 19 ){
		next = false;
		if( ( h == 9 && m < 5 ) || ( h >= 19 && m > 5 ) ){
			next = true;
		}
	}
	if( next ){
		if( arr[1] == 'AM' ){
			day = 1;
		}
	}
	date.setDate( date.getDate() - day );
	return { next, day, date };
};

app.set('trust proxy', true);
app.use( bodyParser.urlencoded({ extended: false }) ).use( bodyParser.json() ).use( ( req, res, next ) => {
	res.setHeader( 'Access-Control-Allow-Origin',   req.headers.origin ?? '*' );
	res.setHeader( 'Access-Control-Allow-Methods',  'GET,PUT,POST,DELETE' );
	res.setHeader( 'Access-Control-Allow-Headers',  '*' );
	next();
});

/*
app.get('/', function( req, res ){
    //res.end('Hola');
    //res.status(200).send('Hola!');
    //var file = Path.join(__dirname, 'index.html');
	var file = Path.join(__dirname, 'public', 'index.html');
    res.sendFile( file );
});*/

function GET( url ){
    return fetch(url, {
        headers: {
            'User-Agent': '',
        },
    }).then(async function(r){
        var html = null;
        try{
            html = await r.text();
        }catch(ex){ }
        return html;
    });
};

function animalitos( req, res ){
    var status = 200;
    var list = [];
	var temp = ( req.params[0] ?? '/' ).trim();
    var url = 'https://www.tuazar.com/loteria/animalitos/resultados' + temp;

	let { date } = getCurrentDay();
	let { path, file } = getCurrentFile( date );
	
	console.log({ temp, path });

	if( fs.existsSync( file ) && temp == '/' ){
		fs.createReadStream( file ).pipe( res );
		console.log('cargado desde cache.');
		return;
	}
	console.log('descargando desde otro server.');

    GET( url ).then(function( html ){
        if( html == null ){
            status = 501;
        }
		if( html != null && temp == '/' ){
			if( !fs.existsSync( path ) ){
				fs.mkdirSync( path, { recursive: true } );
			}
			fs.writeFileSync( file, html);
		}
        res.status( status ).send( html );
    });
    

};


app.get(/animalitos(.*)/, animalitos);

app.use( express.static(__dirname + '/.well-known') );
app.use( express.static(__dirname + '/public') );
//127.0.0.1/js

app.all('*', function( req, res ){
    res.status(404).send('Que paso marico, sete perdio algo?');
});


async function wsConnection( socket ){
	console.log("User connected via socket.io");
    socket.emit('all', [1,2,3,4,5]);
};

io.on("connection", wsConnection);


server.listen(port, async function(){
    

    //startCron();

    console.log('Servidor corriendo en el puerto:', port);

    async function updateAll( ){
        console.log('fetch request to update data.');
        var url = 'https://www.tuazar.com/loteria/animalitos/resultados/';
        GET( url ).then(function( html ){
            if( html != null ){
                let { path, file } = getCurrentFile();
                if( !fs.existsSync( path ) ){
                    fs.mkdirSync( path, { recursive: true } );
                }
                fs.writeFileSync( file, html);
				try{
            		io.emit('update', html);
				}catch(ex){}
            }
            //res.status( status ).send( html );
        });
    };
    

    [].slice.call( Object.keys( ticks ) ).map( str => {
        ticks[ str ] = updateAll;
    });
    

    //console.log('ticks:', ticks);
    const sleep = ( ms = 1000 / 16 ) => new Promise( R => setTimeout( R, ms ) );
    var aux = toDate();
    function onupdate(){
        let str = toDate();
        if( str != aux ){
            aux = str;
            if( typeof ticks[ str ] === 'function' ){
                ticks[ str ]( );
            }
            //console.log('str:', str);
			try{
            	io.emit('time', str);
			}catch(ex){}
        }
    };
    while( !0 ){
        onupdate();
        await sleep( 1000 / 20 );
    }
    /*
    var frame = new AnimationFrame();
    frame.fps_limit = 4;
    frame.onupdate = onupdate;
    frame.start();
    */

});

aaPanel_Kern

aaP_admjuanortiz
Hello, phpmyadmin has a dedicated configuration, which can be viewed in the nginx management in the app store
The configuration file you pasted needs to delete listen 888; this configuration.

aaP_admjuanortiz

aaPanel_Kern

server
{
listen 80;
listen 443 ssl http2;...

done , i am restarting server

aaP_admjuanortiz

now it appears in firefox the same as in crhome, in addition to showing that it is an unsafe document...

aaP_admjuanortiz

aaP_admjuanortiz now show
405 Not Allowed

aaPanel_Kern

aaP_admjuanortiz
Check if php is normal? The php version in phpmyadmin is php?
It is not safe to use http
Is it normal to restart nginx?

aaP_admjuanortiz

aaPanel_Kern

When I use a port for ssl in the phpmyadmin configuration, it doesn't show me anything

php version installed 7.3
phpmyadmin has the version of 7.3 installed, I have already tried to install several versions of php
7.1
7.4
and phpmyadmin versions 4.9 and 5.0
Is it normal to restart nginx?
how do i check this?

aaPanel_Kern

aaP_admjuanortiz
Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
It is recommended to fill in the following
Post link:
SSH IP address, account password and port:
aapanel login link address and account password:

No post link will not be able to know which user's information is

aaP_admjuanortiz

aaPanel_Kern done.

aaPanel_Kern

aaP_admjuanortiz
Hello, it has been processed. At the same time, it is suggested that the domain bound to the panel is not the same as the website.
The panel recommends using a second-level domain like xxx.xxx.com
If there is no problem. Please change the password

aaP_admjuanortiz

aaPanel_Kern great , Thank you very much, I'll buy the other domain to do that.
after doing things right I will buy the aapanel pro plan 😃
THANKS A LOT

aaPanel_Kern

aaP_admjuanortiz
Hello, the same domain name can create multiple second-level domain names. When creating, the A record points to the server's ip. No need to buy domain .
Such as: www.aapanel.com, bb.aapanel.com, xx.aapanel.com

aaP_admjuanortiz

aaPanel_Kern
Thanks for the advice, I'll try to create it shortly .Can I send you a message again in this post for that problem if I can't or should I open another thread with the new problem if I have it?

aaPanel_Kern

direct question