My server environment is quite basic: Ubuntu 16.04, MySQL 5.7.16, PHP 7 and CSF-LFD. I also blocked port 3306 via scf.conf.
I have a script that installs PHPmyadmin (PMA) and deletes it after 2 hours.
To secure PMA even more I was advised to operate it with an SSH tunnel, so to send its browser requests encrypted in SSH, even in these 2 hours of action.
How can this be done globally for all port80 packets (or specifically for PMA, if at all) ?
Only expose phpmyadmin to localhost (if this is the only thing running on your webserver, you can bind to localhost; otherwise, do this with ip restrictions in your server of choice). Then, when you want to connect, use ssh to forward a tunnel:
ssh -L 80:localhost:80 your-server
and access it via http://localhost/phpmyadmin.
The your-server part is actually Usual_User@Server_IP. The usual user is of course the main working user which isn't root, so it would be like user1@111.111.111.111.
The your-server can come before the -L or after the last edge (last 80), it doesn't really matter.
Execute the command inside your Putty or OpenSSH session, that uses you to operate your server in an SSH tunnel through port 22.
If you use the exact same keys you use to authenticate the port 22 tunnel with Putty, you should create a version of them that suites the Linux OpenSSH. Why? Well because the formatting for OpenSSH is slightly different. This can be done from the Putty bundle itself, by Puttygen.
Read more on authentication here, if you feel the need to it: Public key and private key. What comes where.
