DB GUI tools

Browser-based MySQL UIs deployed alongside BOA via the _XTRAS_LIST install. Two are current (Adminer + sqlbuddy); Chive is retired but its vhost lingers. CGP (Collectd Graph Panel) is the related stats UI installed by the same xtra.sh.inc path. These are ad-hoc query / table-inspection tools — for backup, restore, and migration use the dedicated tooling (dumps, migration & cloning).

What is installed and where

Each tool is served from its own dedicated subdomain vhost; Adminer alone also has a second, path-based entry point on the Aegir hostmaster proxy vhost (below). xtra.sh.inc rewrites the placeholder server_name in the shipped nginx_sql_*.conf to a subdomain of the instance front FQDN (_THIS_FRONT):

Tool Vhost server_name xtras keyword Status
Adminer adminer.<front-fqdn> (+ the host IP) ADM (or ALL) current
sqlbuddy sqlbuddy.<front-fqdn> BDD current
CGP cgp.<front-fqdn> CGP current
Chive chive.<front-fqdn> CHV (or a leftover /var/www/chive) retired

The shipped confs in aegir/conf/nginx/ carry literal placeholders (adminer_name, buddy_name, chive_name, cgp_name) that xtra.sh.inc sed-replaces with the real subdomain when it deploys the vhost to vhost.d/<tool>.<front-fqdn>. Reach a tool at https://adminer.<front-fqdn>/, https://sqlbuddy.<front-fqdn>/, etc. No tool has a /sqlbuddy/ or /sqlchive/ path form anywhere, and site vhosts serve no /sqladmin — the one real /sqladmin path route is on the hostmaster domain:

As shipped, each nginx_sql_*.conf binds listen 127.0.0.1:80 and 127.0.0.1:443 — localhost only. The subdomain vhost becomes publicly reachable only because the xtra.sh.inc deploy step seds those 127.0.0.1 listen addresses to the _XTRAS_THISHTIP wildcard * (set by _validate_xtras_ip), so the deployed vhost listens on all interfaces. TLS on the subdomain vhost uses the wildcard cert set /etc/ssl/private/nginx-wild-ssl.{dhp,crt,key}, not a per-domain Let's Encrypt cert — distinct from the /sqladmin proxy route below, which serves the per-domain LE cert from the hostmaster proxy vhost.

Second Adminer entry point — /sqladmin on the hostmaster domain

Each instance's Aegir hostmaster HTTPS proxy vhost (/var/aegir/config/server_master/nginx/pre.d/z_<hostmaster-domain>_ssl_proxy.conf) carries location ^~ /sqladmin (with a nested location ~* ^/sqladmin), an adminer.css location, and a location = /sqladmin/index.php PHP-FPM handler, all aliasing /var/www/adminer — so Adminer is also reachable at https://<hostmaster-domain>/sqladmin, in addition to https://adminer.<front-fqdn>/. The vhost is generated by xoct ssl-gen from /var/xdrago/conf/ssl_proxy.conf (the shipped aegir/tools/system/conf/ssl_proxy.conf), and OCTOPUS enforces the location's presence: _satellite_letsencrypt_vhost_setup (satellite.sh.inc) greps the deployed vhost for sqladmin and regenerates it via xoct ssl-gen when the block is missing. Because the locations alias /var/www/adminer, they serve content only when Adminer is installed (ADM/ALL xtras), and both content-serving locations — the main /sqladmin block and the index.php handler — carry the same generated ip_access/sqladmin* allowlist as the subdomain vhost (see Access control below); the adminer.css location serves only the stylesheet. Template detail lives on the config templates page.

Changed in BOA 5.10.3: per-site LE vhosts no longer expose /sqladmin at all. hosting_le_vhost previously injected an ip_access-gated location ^~ /sqladmin/ block (crawler 403, alias /var/www/adminer) into every LE-enabled site vhost; it was removed ("SQL Adminer access moved to Aegir SSL vhosts (Octopus only)", hosting_le commit 83e5d8d, 2024-09-19). If you reached Adminer via https://<some-site>/sqladmin, use https://adminer.<front-fqdn>/ or https://<hostmaster-domain>/sqladmin instead. Site vhost files rendered before that release may still carry the old block on disk until the site's vhost is next regenerated (e.g. by a Verify task).

xtras keywords — ADM vs BDD

The gates differ, and ALL is not a superset of BDD:

  • Adminer installs when _XTRAS_LIST contains ADM or ALL (per barracuda.sh.cnf the ALL wildcard covers exactly ADM/CSF/FTP/IMG). It is also installed by default in LOCAL mode.
  • sqlbuddy installs only when _XTRAS_LIST contains BDD (_if_install_sqlbuddy gates on [[ "${_XTRAS_LIST}" =~ "BDD" ]] in xtra.sh.inc). _XTRAS_LIST="ALL" does not install sqlbuddy, because the literal string ALL does not contain BDD. (BDD is not even one of the keywords listed in the barracuda.sh.cnf xtras catalogue — it must simply be added to the list by hand.)

So to add sqlbuddy:

# /root/.barracuda.cnf — add BDD (keep any existing keywords)
_XTRAS_LIST="ALL BDD"

then re-run barracuda up-lts. The xtras catalogue is in Control files & INI.

Access control

The nginx_sql_*.conf vhosts protect the tools with two mechanisms, and no Aegir/Drupal SSO:

  • IP allowlist. Each vhost includes /var/aegir/config/includes/ip_access/sqladmin*. That fragment is generated by ip_access.sh, which reads the master control file /var/aegir/control/ip/access.txt (the "sqladmin proxy" record list) and emits a per-context <site>.conf of allow <ip>; lines plus a final deny all; — always also allowing 127.0.0.1, the server's own IP, and every currently logged-in SSH IP (anti-lockout). (sqladmin here is the include name, not a URL path.) The xtra.sh.inc deploy step itself only rewrites the vhost's listen address (_validate_xtras_ip sets the _XTRAS_THISHTIP="*" wildcard for the listen lines); the allow/deny list is the ip_access.sh fragment. Access from an IP not on the list is refused at the vhost. The same generated sqladmin* fragment gates every Adminer entry point — the adminer.<front-fqdn> subdomain vhost and both hostmaster-proxy /sqladmin locations — so the /var/aegir/control/ip/access.txt record list governs all of them.
  • Crawler block. if ($is_crawler) { return 444; } — bots get a connection drop.
  • App login. Authentication is the tool's own DB-credential login (the per-site DB user/password), not a shared web-auth layer.

There is no auth_basic, no auth_request, and no Aegir/Drupal login on these vhosts. The legacy /root/.ip.protected.vhost.whitelist.cnf file referenced in older docs has no live reader in the current tree — the IP allow is the generated ip_access/sqladmin* include, not that marker.

Adminer

The default DB UI — a single PHP file, minimal footprint.

Good at: browsing schema (databases → tables → columns); ad-hoc SELECT/UPDATE/INSERT/DELETE; small per-table exports; inspecting indexes, triggers, stored procedures.

Not good at: large-dataset operations (the UI hangs on big exports — use mydumper instead); long-running queries (PHP timeout kills them — use the mysql CLI for anything over ~2 min); restore from backup (use myloader or the Aegir Restore task).

Login: the per-site DB credentials (visible in the site's settings.php, or in the Aegir UI under the site node's Database tab).

sqlbuddy

An older lightweight UI with similar capabilities to Adminer and a different UX; kept for operators who prefer it. Served at https://sqlbuddy.<front-fqdn>/.

CGP — Collectd Graph Panel

Served at https://cgp.<front-fqdn>/. A browser stats UI over Collectd metrics (CPU, memory, network, disk, MySQL counters). Requires CGP in _XTRAS_LIST and a cgp.<front-fqdn> DNS record pointing at the host. Useful for spot-checking trends without a separate monitoring stack; for the BOA monitor self-heal stack see Monitoring.

Chive — retired

Chive was BOA's earlier DB UI, retired because upstream stopped maintenance and its Yii-1.x dependency aged out; Adminer fills the same role with less surface. The nginx_sql_chive.conf vhost still exists in aegir/conf/nginx/ but it is vestigial — the Chive PHP code is no longer installed, so https://chive.<front-fqdn>/ returns an error. Direct anyone who remembers it to Adminer. See Discontinued features.

CLI alternative

For anything beyond a quick lookup, use the mysql CLI as root — passwordless via /root/.my.cnf:

mysql            # connect as root
mysql <dbname>   # pick a specific DB

/root/.my.cnf holds the root password so operators never type it (and should not — BOA may rotate it on a schedule). Treat /root/.my.cnf and /root/.my.pass.txt as never-edit files.

Related