Install and protect phpMyAdmin on CentOS 8

Install and protect phpMyAdmin on CentOS 8

phpMyAdmin is a free, open source tool for managing MySQL and MariaDB servers through a web-based interface. With phpMyAdmin, you can create and manage databases and users, execute SQL statements, import and export data, and perform database activities such as create, delete, tables, columns, indexes, permissions, and more. phpMyAdmin is one of the most popular and widely used management tools, especially for web hosting services.

feature

  • Provides a simple and user-friendly web interface.
  • Import data from CSV and SQL.
  • Supports most MySQL functions including creating, copying, deleting, renaming, deleting and changing databases, tables, fields, and indexes.
  • Allows you to export data to various formats, such as PDF, CSV, SQL, XML, etc.
  • Manage multiple servers.
  • Create complex queries using sample queries (QBE).

In this tutorial, we will show you how to install and secure phpMyAdmin on a CentOS 8 server.

Claim

  • Server 8 running CentOS.
  • A root password is configured on the server.

Install LAMP server

First, you need to install Apache, MariaDB, PHP, and other PHP libraries on your server. You can install all components with:

dnf install httpd mariadb-server php php-pdo php-pecl-zip php-json php-common php-fpm php-mbstring php-cli php-mysqlnd php-json php-mbstring wget unzip

Once all packages are installed, start the Apache and MariaDB services and use the following command to start them after the system reboots:

systemctl start httpd systemctl start mariadb systemctl enable httpd systemctl enable mariadb

When you are done, you can proceed to the next step.

Configure MariaDB

MariaDB is not secure by default. Therefore, you need to protect it first. You can do this by running the mysql_secure_installation script:

mysql_secure_installation

Answer all questions as follows:

Set root password? [Y/n] Y
New password: 
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

When finished, you will see the following output:

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

At this point, your MariaDB installation is secure.

Install phpMyAdmin

By default, phpMyAdmin is not available in the CentOS 8 default repository. Therefore, you need to download the latest version of phpMyAdmin from its official website. You can download it using:

wget https://files.phpmyadmin.net/phpMyAdmin/4.9.2/phpMyAdmin-4.9.2-all-languages.zip

After downloading, use the following command to unzip the downloaded file:

unzip phpMyAdmin-4.9.2-all-languages.zip

Next, move the extracted content to the / usr / share directory as follows:

mv phpMyAdmin-4.9.2-all-languages /usr/share/phpmyadmin

Next, change the directory to / usr / share / phpmyadmin and rename the file config.sample.inc.php:

cd /usr/share/phpmyadmin mv config.sample.inc.php config.inc.php

Next, open the file with your favorite text editor as follows:

nano config.inc.php

Change the following lines:

$cfg['blowfish_secret'] = 'your-secret-password';

Save and close the file when you are finished. Then, import create_tables.sql using the following command:

mysql < /usr/share/phpmyadmin/sql/create_tables.sql -u root -p

When prompted to import the table, provide your root password.

Next, create a tmp directory for phpmyadmin and give appropriate permissions:

mkdir /usr/share/phpmyadmin/tmp chown -R apache:apache /usr/share/phpmyadmin chmod 777 /usr/share/phpmyadmin/tmp

Configure Apache for phpMyAdmin

Next, you will need to create an Apache virtual host configuration file for phpMyAdmin. You can create it using:

nano /etc/httpd/conf.d/phpmyadmin.conf

Add the following lines:

Alias /phpmyadmin /usr/share/phpmyadmin


   AddDefaultCharset UTF-8

   
     # Apache 2.4
      
      Require all granted
     
   
   
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   



   
     # Apache 2.4
     
       Require all granted
     
   
   
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   

Save and close the file when you are finished. Then, restart the Apache service using the following command:

systemctl restart httpd

You can check the status of Apache using:

systemctl status httpd

You should see the following output:

? httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           ??php-fpm.conf
   Active: active (running) since Wed 2019-12-18 01:07:52 EST; 6s ago
     Docs: man:httpd.service(8)
 Main PID: 5636 (httpd)
   Status: "Started, listening on: port 80"
    Tasks: 213 (limit: 25044)
   Memory: 28.7M
   CGroup: /system.slice/httpd.service
           ??5636 /usr/sbin/httpd -DFOREGROUND
           ??5639 /usr/sbin/httpd -DFOREGROUND
           ??5640 /usr/sbin/httpd -DFOREGROUND
           ??5641 /usr/sbin/httpd -DFOREGROUND
           ??5642 /usr/sbin/httpd -DFOREGROUND

Dec 18 01:07:52 centos8 systemd[1]: Stopped The Apache HTTP Server.
Dec 18 01:07:52 centos8 systemd[1]: Starting The Apache HTTP Server...
Dec 18 01:07:52 centos8 httpd[5636]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::200:d0>
Dec 18 01:07:52 centos8 httpd[5636]: Server configured, listening on: port 80
Dec 18 01:07:52 centos8 systemd[1]: Started The Apache HTTP Server.

Configure SELinux and firewall

SELinux is enabled by default in CentOS 8. Therefore, you need to configure SELinux for phpMyAdmin to work properly.

First, use the following command to install the policycoreutils-python-utils package to manage the SELinux environment:

dnf install policycoreutils-python-utils

Next, enable access to the / usr / share / phpmyadmin directory using the following command:

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/phpmyadmin/' semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/phpmyadmin/tmp(/.*)?"

Now, iterate through all the files in the phpmyadmin directory by running the following command:

restorecon -Rv '/usr/share/phpmyadmin/'

Next, you will need to create firewall rules to allow HTTP services from external networks. You can allow it using:

firewall-cmd --permanent --add-service=http firewall-cmd --reload

phpMyAdmin is now installed and configured. It's time to check if it works properly.

Open your web browser and enter the URL http: // your-server-ip / phpmyadmin. You will be redirected to the following page:

Secure phpMyAdmin

At this point, the phpMyAdmin instance is running normally. However, protecting the phpMyAdmin instance from the outside is an important task for you. In this section, we will show you how to secure a phpMyAdmin instance.

Allow phpMyAdmin from a specific IP

First, you need to configure phpMyAdmin to be accessible only from the IP address that your home is connected to.

You can configure it by editing the /etc/httpd/conf.d/phpmyadmin.conf file:

nano /etc/httpd/conf.d/phpmyadmin.conf

Find the following lines:

     
       Require all granted
     

And, replace them with the following:


    Require ip your-home--connection-ip-address
    Require ip ::1

Save and close the file when you are finished.

Configure additional authentication layers

It is a good idea to protect your phpmyadmin directory by setting a basic authentication password.

To do this, create a new authentication file using the htpasswd tool as shown below:

mkdir /etc/phpmyadmin htpasswd -c /etc/phpmyadmin/.htpasswd admin

You will be asked to provide an administrator password as follows:

New password: 
Re-type new password: 
Adding password for user admin

Next, you will need to configure Apache to use the .htpasswd file. You can do this by editing the file /etc/httpd/conf.d/phpmyadmin.conf.

nano /etc/httpd/conf.d/phpmyadmin.conf

Add the following line below the "AddDefaultCharset UTF-8" line:

    Options  +FollowSymLinks +Multiviews +Indexes
    AllowOverride None
    AuthType basic
    AuthName "Authentication Required"
    AuthUserFile /etc/phpmyadmin/.htpasswd
    Require valid-user

Save the file and restart the Apache service for the changes to take effect:

systemctl restart httpd

Access phpMyAdmin

Now your phpMyAdmin instance has additional security protection. Open your web browser and enter the URL http: // your-server-ip / phpmyadmin. You will be asked to enter the login credentials of the previously created user as follows:

Protected phpMyAdmin

Provide your administrator username and password and click the OK button. You will be redirected to the phpMyAdmin login page:

Login to phpMyAdmin as root

Now, provide your MySQL administrative user login credentials and click the "Go" button. You should see the following page:

phpMyAdmin database dashboard

in conclusion

Congratulations! You have successfully installed and secured phpMyAdmin on the CentOS 8 server. Now you can create databases, users, tables and manage them through a web-based interface. If you have any questions, feel free to ask me.

Sidebar