From c6ad245c89fe1b2d885b2bdfc9168d984c7db167 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
Date: Thu, 21 Mar 2024 16:00:52 -0700
Subject: [PATCH] force https for phpMyAdmin access

---
 etc/apache2/conf-available/phpMyAdmin.conf | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/etc/apache2/conf-available/phpMyAdmin.conf b/etc/apache2/conf-available/phpMyAdmin.conf
index 6e82830..d6dc91f 100644
--- a/etc/apache2/conf-available/phpMyAdmin.conf
+++ b/etc/apache2/conf-available/phpMyAdmin.conf
@@ -4,11 +4,19 @@ AddExternalAuth pwauth /usr/sbin/pwauth
 SetExternalAuthMethod pwauth pipe
 
 <Location /phpMyAdmin>
-  AuthType Basic
-  AuthName "phpMyAdmin"
-  AuthBasicProvider external
-  AuthExternal pwauth
-  Require valid-user
+  # force https
+  <If "%{HTTPS} != 'on'">
+    RewriteEngine On
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+  </If>
+  # require auth
+  <Else>
+    AuthType Basic
+    AuthName "phpMyAdmin"
+    AuthBasicProvider external
+    AuthExternal pwauth
+    Require valid-user
+  </Else>
 </Location>
 
 # this is to force the default fpm, so we don't end up trying to use a virtualhosts jailed fpm which won't work