Once you have https configured on your server, and you have a MySQL server installed, it might be desirable to install phpmyadmin, this is a php web interface solution to help you manage your mysql databases, users, etc.
For security reasons: don’t install it. If you do wish to install it, continue reading, but take some security precautions.
Make sure your server is up to date, you can apt update, and apt upgrade first, then:
sudo apt install phpmyadmin php-mbstring php-gettext
Make sure to select Apache from the list, press ok, give it a password for phpmyadmin, and let the installation complete.
Then type:
sudo phpenmod mbstring
And now restart the web server:
sudo service apache2 restart
Next, we have to add user authentification, and work on the security a little bit.
Note: In a previous blog we’ve changed the way root can use mysql, the auth_socket got changed to mysql_native_passowrd, we assume that’s the case.
Login to your mysql server:
mysql -u root -p
Give it your mysql root password, and then add a phpmyadmin user, I will go with phpmyuser
CREATE USER 'phpmyuser'@'localhost' IDENTIFIED BY 'password';
And then grant it the correct permissions:
GRANT ALL PRIVILEGES ON *.* TO 'phpmyuser'@'localhost' WITH GRANT OPTION;
Next, update the changes and exit.
FLUSH PRIVILEGES; exit
Next, let’s work on the security, phpmyadmin is a target, so it’s smart to add an extra layer of security with .htaccess directive.
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Append allowoverride directive:
AllowOverride All
It should look like this:
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All
And restart apache again,
sudo service apache2 restart
Now we have to actually create this .htaccess file, and then generate the .htpasswd file:
sudo nano /usr/share/phpmyadmin/.htaccess
Add:
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
And then after saving that type:
sudo htpasswd -c /etc/phpmyadmin/.htpasswd phpmyadmin
Give it a password, repeat it.
This means, when you browse to the site for phpmyadmin, it will popup a login box, the user/pass combo is what we’ve just created. It’s separate from the mysql user/pass we’ve created earlier, which it will prompt right after.
And we’re done, you can now go to your domain, and type: phpmyadmin, right behind it, and it should work:
https://example.com/phpmyadmin