Grid Guides

Explore How System On Grid Can Work For You

How to Install and Secure phpMyAdmin on Ubuntu 18.04


Table of Contents

Introduction

phpMyAdmin was created so users can interact with MySQL from a web application. Many users need the operations of a Database management System(DBMS) like MySQL, some does not feel agreeable dealings with the system entirely from the MySQL(System Query Language) prompt.

Here we are going to discuss how to install and secure phpMyAdmin on Ubuntu 18.04 system. So, users can use it safely and manage database using phpMyAdmin.

Prerequisites

Ensure that you have completed some necessary steps. Before getting started.

Suppose, a server has a non-root user with sudo privileges. Also, the firewall configured with ufw, as explained in the initial server setup with Ubuntu 18.04.

Assume that you have completed a LAMP (Linux, Apache, MySQL, PHP) installed on your Ubuntu 18.04 server. If not completed, Follow this and install a LAMP stack on Ubuntu 18.04

There is some primary security analysis while using software like PhpMyAdmin.

Interacts straightly with your MySQL installation. Manages to verify the identity using MySQL credentials. Carry out and give back results for arbitrary SQL queries.

PhpMyAdmin should not at all run on remote systems over a visible HTTP connection. PHP application which is widely used and usually targeted for attack. If you do not have an existing domain configured with an SSL/TLS certificate, on securing Apache with Let’s encrypt on Ubuntu 18.04.This will require you to register a domain name, create DNS records for your server, and set up an Apache Virtual Host.

If you have completed with those steps, then get started with the guide.

Installation of Apache

You need to install Apache and MySQL to your server before starting.
Install phpMyAdmin from the default Ubuntu repositories. It is done by Improving your server’s package index and also using the apt packages to overcome the files and install those on the system.

$ sudo apt update
$ sudo apt install apache2

After apache installation is completed. Apache service should start automatically which will be enabled to start the system boot time, check it up by running following command.

$ sudo systemctl status apache2

Open the ports 80 and 443 to allow connection requests of the client to an Apache web server through http and https respectively, reload the firewall setting by the following command.

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw reload

Verify your Apache installation by testing default web page of the URL from the web browser. http://domain_name/ OR http://SERVER_IP/

If your installation process is working fine you will see the Apache default web page.

apache2defaultpage

Installation of MariaDB

MariaDB is an open source database management system it is a replacement for the widely used MySQL technology. It is one of the most popular database servers. It is an open source and done by the original developers of MySQL.

Install MariaDB by the following command.

$ sudo apt install mariadb-server mariadb-client

After installation, MariaDB must start automatically ensure to check its status that it is up and running by the following command.

$ sudo systemctl status mysql

By default, MariaDB is not secured. To secure execute a security script it comes with the package. Set a root password to ensure that nobody can log into MariaDB without permission.

$ sudo mysql_secure_installation

Once you execute the security script, enter the current password for root (enter for none)

Enter yes/y to the following security questions.

mysqlsecurityquestions

Installation of PHP

PHP (Hypertext Preprocessor) is defined as an HTML embedded scripting language that is used to create dynamic and interactive HTML web pages. PHP commands when a website visitor opens a page, it sends the results to the visitor browser.

Installation of PHP and other modules for web deployment by using the following command.

$ sudo apt install php php-common php-mysql php-gd php-cli 

Test your PHP setup by creating a simple info.php in web server document root, after installation of PHP by the following command.

$ echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php

Next, open a web browser and enter URL to see the PHP information page.

http://domain_name/info.php OR http://SERVER_IP/info.php

phpdefaultpage

Installation of phpMyAdmin

phpMyAdmin was created so users can interact with MySQL from a web application. PhpMyAdmin should not at all run on remote systems over a visible HTTP connection. PHP application which is widely used and usually targeted for attack.

Install phpMyAdmin by using the following command.

$ sudo apt install phpmyadmin

For the package installation process, you will be asked to choose the web server which should be automatically configured to run phpMyAdmin. Select Apache by pressing space bar and then enter.

chooseapachewebserver

Click ‘Ok’

phpmyadminpackageconfiguration

Enter the password for the MySQL administrative user so, that the installer can create a database for phpMyAdmin.

mysqlapplicationpassword

Restart, apache2 services to affect the recent changes. Once everything is installed.

$ sudo systemctl restart apache2

Warning: phpMyAdmin has not been enabled to work with Apache web server, run the following command to copy phpMyAdmin apache configuration.

 $ sudo cp  /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf 
$ sudo a2enconf phpmyadmin
$ sudo systemctl restart apache2

Open your web browser and type the following URL to access to phpMyAdmin.

http://domain_name/phpmyadmin OR http://SERVER_IP/phpmyadmin

Use the root credentials to authenticate into phpMyAdmin as shown below.

welcometophpmyadmin

Note: Using MySQL, requires sudo command for root login, if not the root will fail through phpMyAdmin. Here you need to create another user account. Access the MariaDB shell using the root from the terminal, to create a new user run it by the following command.

$ sudo mysql -u root -p


MariaDB [(none)]> CREATE USER 'admin'@'localhost' IDENTIFIED BY'[email protected]!#254tecmint';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;

Next, login to phpMyAdmin using the new admin to your databases.

installandsecurephpmyadmin

Conclusion

Now phpMyAdmin is installed and ready to use.