Install and protect phpMyAdmin on CentOS 8
phpMyAdmin is a free, open source tool for managing MySQL and MariaDB servers through a web-based interface. With phpMyAdmin, you can create and manage databases and users, execute SQL statements, import and export data, and perform database activities such as create, delete, tables, columns, indexes, permissions, and more. phpMyAdmin is one of the most popular and widely used management tools, especially for web hosting services.
- Provides a simple and user-friendly web interface.
- Import data from CSV and SQL.
- Supports most MySQL functions including creating, copying, deleting, renaming, deleting and changing databases, tables, fields, and indexes.
- Allows you to export data to various formats, such as PDF, CSV, SQL, XML, etc.
- Manage multiple servers.
- Create complex queries using sample queries (QBE).
In this tutorial, we will show you how to install and secure phpMyAdmin on a CentOS 8 server.
- Server 8 running CentOS.
- A root password is configured on the server.
Install LAMP server
First, you need to install Apache, MariaDB, PHP, and other PHP libraries on your server. You can install all components with:
dnf install httpd mariadb-server php php-pdo php-pecl-zip php-json php-common php-fpm php-mbstring php-cli php-mysqlnd php-json php-mbstring wget unzip
Once all packages are installed, start the Apache and MariaDB services and use the following command to start them after the system reboots:
systemctl start httpd systemctl start mariadb systemctl enable httpd systemctl enable mariadb
When you are done, you can proceed to the next step.
MariaDB is not secure by default. Therefore, you need to protect it first. You can do this by running the mysql_secure_installation script:
Answer all questions as follows:
Set root password? [Y/n] Y New password: Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
When finished, you will see the following output:
... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
At this point, your MariaDB installation is secure.
By default, phpMyAdmin is not available in the CentOS 8 default repository. Therefore, you need to download the latest version of phpMyAdmin from its official website. You can download it using:
After downloading, use the following command to unzip the downloaded file:
Next, move the extracted content to the / usr / share directory as follows:
mv phpMyAdmin-4.9.2-all-languages /usr/share/phpmyadmin
Next, change the directory to / usr / share / phpmyadmin and rename the file config.sample.inc.php:
cd /usr/share/phpmyadmin mv config.sample.inc.php config.inc.php
Next, open the file with your favorite text editor as follows:
Change the following lines:
$cfg['blowfish_secret'] = 'your-secret-password';
Save and close the file when you are finished. Then, import create_tables.sql using the following command:
mysql < /usr/share/phpmyadmin/sql/create_tables.sql -u root -p
When prompted to import the table, provide your root password.
Next, create a tmp directory for phpmyadmin and give appropriate permissions:
mkdir /usr/share/phpmyadmin/tmp chown -R apache:apache /usr/share/phpmyadmin chmod 777 /usr/share/phpmyadmin/tmp
Configure Apache for phpMyAdmin
Next, you will need to create an Apache virtual host configuration file for phpMyAdmin. You can create it using:
Add the following lines:
Alias /phpmyadmin /usr/share/phpmyadmin
AddDefaultCharset UTF-8 # Apache 2.4 Require all granted # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 # Apache 2.4 Require all granted # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1
Save and close the file when you are finished. Then, restart the Apache service using the following command:
systemctl restart httpd
You can check the status of Apache using:
systemctl status httpd
You should see the following output:
? httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d ??php-fpm.conf Active: active (running) since Wed 2019-12-18 01:07:52 EST; 6s ago Docs: man:httpd.service(8) Main PID: 5636 (httpd) Status: "Started, listening on: port 80" Tasks: 213 (limit: 25044) Memory: 28.7M CGroup: /system.slice/httpd.service ??5636 /usr/sbin/httpd -DFOREGROUND ??5639 /usr/sbin/httpd -DFOREGROUND ??5640 /usr/sbin/httpd -DFOREGROUND ??5641 /usr/sbin/httpd -DFOREGROUND ??5642 /usr/sbin/httpd -DFOREGROUND Dec 18 01:07:52 centos8 systemd: Stopped The Apache HTTP Server. Dec 18 01:07:52 centos8 systemd: Starting The Apache HTTP Server... Dec 18 01:07:52 centos8 httpd: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::200:d0> Dec 18 01:07:52 centos8 httpd: Server configured, listening on: port 80 Dec 18 01:07:52 centos8 systemd: Started The Apache HTTP Server.
Configure SELinux and firewall
SELinux is enabled by default in CentOS 8. Therefore, you need to configure SELinux for phpMyAdmin to work properly.
First, use the following command to install the policycoreutils-python-utils package to manage the SELinux environment:
dnf install policycoreutils-python-utils
Next, enable access to the / usr / share / phpmyadmin directory using the following command:
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/phpmyadmin/' semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/phpmyadmin/tmp(/.*)?"
Now, iterate through all the files in the phpmyadmin directory by running the following command:
restorecon -Rv '/usr/share/phpmyadmin/'
Next, you will need to create firewall rules to allow HTTP services from external networks. You can allow it using:
firewall-cmd --permanent --add-service=http firewall-cmd --reload
phpMyAdmin is now installed and configured. It's time to check if it works properly.
Open your web browser and enter the URL http: // your-server-ip / phpmyadmin. You will be redirected to the following page:
At this point, the phpMyAdmin instance is running normally. However, protecting the phpMyAdmin instance from the outside is an important task for you. In this section, we will show you how to secure a phpMyAdmin instance.
Allow phpMyAdmin from a specific IP
First, you need to configure phpMyAdmin to be accessible only from the IP address that your home is connected to.
You can configure it by editing the /etc/httpd/conf.d/phpmyadmin.conf file:
Find the following lines:
Require all granted
And, replace them with the following:
Require ip your-home--connection-ip-address Require ip ::1
Save and close the file when you are finished.
Configure additional authentication layers
It is a good idea to protect your phpmyadmin directory by setting a basic authentication password.
To do this, create a new authentication file using the htpasswd tool as shown below:
mkdir /etc/phpmyadmin htpasswd -c /etc/phpmyadmin/.htpasswd admin
You will be asked to provide an administrator password as follows:
New password: Re-type new password: Adding password for user admin
Next, you will need to configure Apache to use the .htpasswd file. You can do this by editing the file /etc/httpd/conf.d/phpmyadmin.conf.
Add the following line below the "AddDefaultCharset UTF-8" line:
Options +FollowSymLinks +Multiviews +Indexes AllowOverride None AuthType basic AuthName "Authentication Required" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Save the file and restart the Apache service for the changes to take effect:
systemctl restart httpd
Now your phpMyAdmin instance has additional security protection. Open your web browser and enter the URL http: // your-server-ip / phpmyadmin. You will be asked to enter the login credentials of the previously created user as follows:
Provide your administrator username and password and click the OK button. You will be redirected to the phpMyAdmin login page:
Now, provide your MySQL administrative user login credentials and click the "Go" button. You should see the following page:
Congratulations! You have successfully installed and secured phpMyAdmin on the CentOS 8 server. Now you can create databases, users, tables and manage them through a web-based interface. If you have any questions, feel free to ask me.