How To Install and Secure phpMyAdmin on Ubuntu 16.04

How To Install and Secure phpMyAdmin on Ubuntu 16.04

Introduction

While many users need the functionality of a database management system like MySQL, they may not feel comfortable interacting with the system solely from the MySQL prompt.

phpMyAdmin was created so that users can interact with MySQL through a web interface. In this guide, we’ll discuss how to install and secure phpMyAdmin so that you can safely use it to manage your databases from an Ubuntu 16.04 system.

Prerequisites

Before you get started with this guide, you need to have some basic steps completed.

First, we’ll assume that you are using a non-root user with sudo privileges, as described in steps 1-4 in the initial server setup of Ubuntu 16.04.

We’re also going to assume that you’ve completed a LAMP (Linux, Apache, MySQL, and PHP) installation on your Ubuntu 16.04 server. If this is not completed yet, you can follow this guide on installing a LAMP stack on Ubuntu 16.04.

Finally, there are important security considerations when using software like phpMyAdmin, since it:

  • Communicates directly with your MySQL installation
  • Handles authentication using MySQL credentials
  • Executes and returns results for arbitrary SQL queries

For these reasons, and because it is a widely-deployed PHP application which is frequently targeted for attack, you should never run phpMyAdmin on remote systems over a plain HTTP connection. If you do not have an existing domain configured with an SSL/TLS certificate, you can follow this guide on securing Apache with Let’s Encrypt on Ubuntu 16.04.

Once you are finished with these steps, you’re ready to get started with this guide.

Step One — Install phpMyAdmin

To get started, we will install phpMyAdmin from the default Ubuntu repositories.

We can do this by updating our local package index and then using the apt packaging system to pull down the files and install them on our system:

sudo apt-get update
sudo apt-get install phpmyadmin php-mbstring php-gettext

This will ask you a few questions in order to configure your installation correctly.

Warning: When the first prompt appears, apache2 is highlighted, but not selected. If you do not hit Space to select Apache, the installer will not move the necessary files during installation. Hit SpaceTab, and then Enter to select Apache.

  • For the server selection, choose apache2.
  • Select yes when asked whether to use dbconfig-common to set up the database
  • You will be prompted for your database administrator’s password
  • You will then be asked to choose and confirm a password for the phpMyAdmin application itself

The installation process actually adds the phpMyAdmin Apache configuration file into the /etc/apache2/conf-enabled/ directory, where it is automatically read.

The only thing we need to do is explicitly enable the PHP mcrypt and mbstring extensions, which we can do by typing:

sudo phpenmod mcrypt
sudo phpenmod mbstring

Afterwards, you’ll need to restart Apache for your changes to be recognized:

sudo systemctl restart apache2

You can now access the web interface by visiting your server’s domain name or public IP address followed by /phpmyadmin:

https://domain_name_or_IP/phpmyadmin
phpMyAdmin login screen

You can now log into the interface using the root username and the administrative password you set up during the MySQL installation.

When you log in, you’ll see the user interface, which will look something like this:

phpMyAdmin user interface

If phpmyadmin is not working after you installed it

Run the following commands

sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin
sudo service apache2 reload



Leave a Reply

Your email address will not be published.

*
*
*