Ubuntu 18 : How to install phpmyadmin and secure phpmyadmin

Once you have https configured on your server, and you have a MySQL server installed, it might be desirable to install phpmyadmin, this is a php web interface solution to help you manage your mysql databases, users, etc.

For security reasons: don’t install it. If you do wish to install it, continue reading, but take some security precautions.

Make sure your server is up to date, you can apt update, and apt upgrade first, then:

sudo apt install phpmyadmin php-mbstring php-gettext

Make sure to select Apache from the list, press ok, give it a password for phpmyadmin, and let the installation complete.

Then type:

sudo phpenmod mbstring

And now restart the web server:

sudo service apache2 restart

Next, we have to add user authentification, and work on the security a little bit.

Note: In a previous blog we’ve changed the way root can use mysql, the auth_socket got changed to mysql_native_passowrd, we assume that’s the case.

Login to your mysql server:

mysql -u root -p

Give it your mysql root password, and then add a phpmyadmin user, I will go with phpmyuser

CREATE USER 'phpmyuser'@'localhost' IDENTIFIED BY 'password';

And then grant it the correct permissions:

GRANT ALL PRIVILEGES ON *.* TO 'phpmyuser'@'localhost' WITH GRANT OPTION;

Next, update the changes and exit.

FLUSH PRIVILEGES;
exit

Next, let’s work on the security, phpmyadmin is a target, so it’s smart to add an extra layer of security with .htaccess directive.

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Append allowoverride directive:

AllowOverride All

It should look like this:

<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All

And restart apache again,

sudo service apache2 restart

Now we have to actually create this .htaccess file, and then generate the .htpasswd file:

sudo nano /usr/share/phpmyadmin/.htaccess

Add:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

And then after saving that type:

sudo htpasswd -c /etc/phpmyadmin/.htpasswd phpmyadmin

Give it a password, repeat it.

This means, when you browse to the site for phpmyadmin, it will popup a login box, the user/pass combo is what we’ve just created. It’s separate from the mysql user/pass we’ve created earlier, which it will prompt right after.

And we’re done, you can now go to your domain, and type: phpmyadmin, right behind it, and it should work:

https://example.com/phpmyadmin

 


Posted

in

by

Tags: