Advance

How to install phpMyAdmin on Debian 10

How to install phpMyAdmin on Debian 10

In this article, you are going to learn how to install phpMyAdmin on Debian 10. As a user, you need a database management system like MariaDB, but since all of them are not comfortable interacting with the system solely from the MariaDB prompt.

So we introduce the phpMyAdmin in which users are interacting with MariaDB through a web interface. Join us in this tutorial to know more and review how to install and secure phpMyAdmin from Source to use it safely and manage your databases on a Debian 10 system.

 

Prerequisites

The tutorial may be more useful if you know:

  • a non-root user with sudo privileges and a firewall configured with ufw.
  • To set up, follow our Initial Setup with Debian 10
  • A LAMP (Linux, Apache, MariaDB, and PHP) stack installed on your Debian 10 server.

 

Recommended Article: How to Revert a Windows Update

How to install phpMyAdmin on Debian 10

Although the MariaDB is a community-developed fork of MySQL, they are closely related. phpMyAdmin is designed for managing MySQL databases, so you need to ensure that your installation of MariaDB will work correctly with phpMyAdmin.

To start the installation, you are forced to consider some important security tips like:

  • Communicates directly with your MariaDB installation
  • Handles authentication using MariaDB credentials
  • Executes and returns results for arbitrary SQL queries

 

As you see, you should not run phpMyAdmin on remote systems over a plain HTTP connection, because it is a widely-deployed PHP application and you may face frequently targeted for attack.

 

To enable certain functionalities and improve performance, you need to install a few PHP extensions onto your server and then begin to install and configure.

To explain more, we suggest you review it below.

  • php-mbstring: a PHP extension used to manage non-ASCII strings and convert strings to different encodings
  • php-zip: a PHP module that supports uploading .zip files to phpMyAdmin
  • php-gd: another PHP module, this one enables support for the GD Graphics Library

 

First, you need to update your server’s package index.

sudo apt update

To pull down the files and install them on your system, use apt

sudo apt install php-mbstring php-zip php-gd

We use the all-language package in this tutorial, but you can install only the english package.

To download the tarball to your server, Replace the link in the following wget command with the download link and press ENTER.

wget https://files.phpmyadmin.net/phpMyAdmin/4.9.0.1/phpMyAdmin-4.9.0.1-all-languages.tar.gz    

Then extract the tarball:

tar xvf phpMyAdmin-4.9.0.1-all-languages.tar.gz    

By running the below command, move the the phpMyAdmin-4.9.0.1-all-languages directory and all its subdirectories to the /usr/share/ directory.

sudo mv phpMyAdmin-4.9.0.1-all-languages/ /usr/share/phpmyadmin      

Configuring phpMyAdmin manually

To make a new directory where phpMyAdmin will store its temporary files, run the following command.

sudo mkdir -p /var/lib/phpmyadmin/tmp  

To set the Linux user profile type the below command.

sudo chown -R www-data:www-data /var/lib/phpmyadmin

Then, make a copy of the file which you extracted to use it as your base configuration file. you need to keep it in the  /usr/share/phpmyadmin directory, and rename it config.inc.php:

sudo cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php

Choosing your favorite text editor, open the below file

sudo nano /usr/share/phpmyadmin/config.inc.php  

By default, phpMyAdmin uses the cookie authentication method and allows you to log in to phpMyAdmin as any valid MariaDB user.

. . .
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  . . .

The phrase is just be used internally by the AES algorithm:

. . .  $cfg['blowfish_secret'] = 'STRINGOFTHIRTYTWORANDOMCHARACTERS'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  . . .

Note: To generate a truly random string of characters, you can install and use the pwgen program

sudo apt install pwgen

Next, to point to a secure your chosen password, uncomment the controluser and controlpass directives by removing the preceding slashes. Then update the controlpass directive. It helps the default password to not remain in place and unknown users could not easily gain access to your database through the phpMyAdmin interface. So you would see:

. . .  /* User used to manipulate with storage */  // $cfg['Servers'][$i]['controlhost'] = '';  // $cfg['Servers'][$i]['controlport'] = '';  $cfg['Servers'][$i]['controluser'] = 'pma';  $cfg['Servers'][$i]['controlpass'] = 'password';  . . .

If you remove the slashes at the beginning of each line and uncomment each line in this section, you would see as below.

. . .  /* Storage database and tables */  $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';  $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';  $cfg['Servers'][$i]['relation'] = 'pma__relation';  $cfg['Servers'][$i]['table_info'] = 'pma__table_info';  $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';  $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';  $cfg['Servers'][$i]['column_info'] = 'pma__column_info';  $cfg['Servers'][$i]['history'] = 'pma__history';  $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';  $cfg['Servers'][$i]['tracking'] = 'pma__tracking';  $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';  $cfg['Servers'][$i]['recent'] = 'pma__recent';  $cfg['Servers'][$i]['favorite'] = 'pma__favorite';  $cfg['Servers'][$i]['users'] = 'pma__users';  $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';  $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';  $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';  $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';  $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';  $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';  . . .

Finally, find the bottom file and add the following line to configure phpMyAdmin to use the /var/lib/phpmyadmin/tmp directory you created earlier as its temporary directory. for a faster page loading, phpMyAdmin will use this temporary directory as a template cache.

. . .  $cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';

If you used nano, save and close the file now by pressing CTRL + X, Y, then ENTER.

It is time to create the phpMyAdmin storage database and tables. As you installed phpMyAdmin, it came with a file named create_tables.sql.

To create the configuration storage database and tables, run the following command to use the create_tables.sql file.

sudo mariadb < /usr/share/phpmyadmin/sql/create_tables.sql  

Open up the MariaDB prompt and create the administrative pma user.

sudo mariadb  

Run the following command to create the pma user and grant it the appropriate permissions

mariaDB [ (none) ] > NGRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost' IDENTIFIED BY 'password';

Create a regular MariaDB user for the purpose of managing databases through phpMyAdmin. Try to log in using another account than the pma user and create a user that has privileges to all tables within the database.

mariaDB [ (none) ] > GRANT ALL PRIVILEGES ON *.* TO 'noodi'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;  

Then, exit the MariaDB shell:

mariaDB [ (none) ] > exit

Now the phpMyAdmin is fully installed and configured on your server.

Buy Linux Virtual Private Server

 

Configuring Apache to Serve phpMyAdmin

The installation process creates an Apache configuration file automatically and places it in the /etc/apache2/conf-enabled/ directory, while the phpMyAdmin installation.

Create a file named phpmyadmin.conf in the /etc/apache2/conf-available/ directory

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Add the following content to the file

phpMyAdmin default Apache configuration    Alias /phpmyadmin /usr/share/phpmyadmin    <Directory /usr/share/phpmyadmin>      Options SymLinksIfOwnerMatch      DirectoryIndex index.php        <IfModule mod_php5.c>          <IfModule mod_mime.c>              AddType application/x-httpd-php .php          </IfModule>          <FilesMatch ".+\.php$">              SetHandler application/x-httpd-php          </FilesMatch>            php_value include_path .          php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp          php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/          php_admin_value mbstring.func_overload 0      </IfModule>      <IfModule mod_php.c>          <IfModule mod_mime.c>              AddType application/x-httpd-php .php          </IfModule>          <FilesMatch ".+\.php$">              SetHandler application/x-httpd-php          </FilesMatch>            php_value include_path .          php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp          php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/          php_admin_value mbstring.func_overload 0      </IfModule>    </Directory>    # Authorize for setup  <Directory /usr/share/phpmyadmin/setup>      <IfModule mod_authz_core.c>          <IfModule mod_authn_file.c>              AuthType Basic              AuthName "phpMyAdmin Setup"              AuthUserFile /etc/phpmyadmin/htpasswd.setup          </IfModule>          Require valid-user      </IfModule>  </Directory>    # Disallow web access to directories that don't need it  <Directory /usr/share/phpmyadmin/templates>      Require all denied  </Directory>  <Directory /usr/share/phpmyadmin/libraries>      Require all denied  </Directory>  <Directory /usr/share/phpmyadmin/setup/lib>      Require all denied  </Directory>

Save and close the file, then enable it by typing the following command.

sudo a2enconf phpmyadmin.conf  

to put the configuration changes into effect, reload the apache2 service

sudo systemctl reload apache2

Then, you will be able to access the phpMyAdmin login screen by navigating to the following URL in your web browser:

https://your_domain/phpmyadmin    phpmyadmin login page

You can Log in to the interface with the MariaDB username and password you configured, then you will see the user interface.

phpmyadmin interface view

 

 Securing your phpMyAdmin instance

As the phpMyAdmin is a popular target for attackers, you should take extra care to prevent unauthorized access. Placing a gateway in front of the entire application by using Apache’s built-in .htaccess authentication and authorization functionalities is one of the best ways of protecting.

Edit the linked file that has been placed in your Apache configuration directory:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf  

Add an AllowOverride All directive within the <Directory /usr/share/phpmyadmin> section of the configuration file.

<Directory /usr/share/phpmyadmin>      Options FollowSymLinks      DirectoryIndex index.php      AllowOverride All        <IfModule mod_php5.c>      . . .

After adding the line, save and close the file. And to implement the changes you made, restart Apache, run the following command.

sudo systemctl restart apache2    

After enabling .htaccess, use for your application, you need to create one to actually implement some security. Then create the necessary file and open it in your text editor with root privileges by typing:

sudo nano /usr/share/phpmyadmin/.htaccess  

Enter the following content

AuthType Basic  AuthName "Restricted Files"  AuthUserFile /usr/share/phpmyadmin/.htpasswd  Require valid-user

In case you need to know the meanings of the lines:

AuthType Basic: This line specifies the authentication type that you are implementing. This type will implement password authentication using a password file.

AuthName: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won’t gain any information about what is being protected.

AuthUserFile: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.

Require valid-user: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from entering

 

Save and close the file when you are finished. And create this file and pass it an initial user with the htpasswd utility:

sudo htpasswd -c /usr/share/phpmyadmin/.htpasswd username    

Then, you will sked to choose and confirm a password for the user you are creating, so the file is created with the hashed password that you entered.

Also, you need to do so without the -c flag, if you want to enter an additional user

sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser  

You will be asked to add an account name and password that you just configured, while you are accessing your phpMyAdmin subdirectory.

https://your_domain_or_IP/phpmyadmin

login page on debian 10 for phpmyadmin

Finally, To enter your MariaDB credentials, you will see the regular phpMyAdmin authentication page, after entering the Apache authentication.

Recommended Article: How to install phpMyAdmin on Debian 10

Dear user, we wish this tutorial how to install phpMyAdmin on Debian 10 would be helpful for you, to ask any question or review the conversation of our users about this article, please visit Ask page. Also to improve your knowledge, there are so many useful tutorials ready for Eldernode training.

View More Posts
Tom Veitch
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day