Table of Contents

phpMyAdmin

Installation

  1. Download the latest phpMyAdmin from the Downloads page, scroll down to the table with download links for the latest stable release, and copy the download link ending in tar.gz:
    $ wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-english.tar.gz
  2. Unzip the tarball, then move the folder to a local folder outside of apache's document root (we will create a path alias in phpMyAdmin's apache.conf later) and set ownership:
    $ tar xvf phpMyAdmin-5.2.0-english.tar.gz
    sudo mv phpMyAdmin-5.2.0-english/ /home/user/html/phpMyAdmin
    $ sudo chown -R www-data:www-data /home/user/html/phpMyAdmin
  3. To upgrade to a newer version simply download the new version and extract it to the same folder. Files created by the user will remain the same, e.g. apache.conf, config.inc.php, and htpasswd.setup.

Configuration

  1. We will not use any of the standard path used in Debian versions up to 9 or in other distributions. All files related to phpMyAdmin will remain in the custom path where we moved the downloaded files which is the easiest way for maintenance and later version upgrades (/home/user/html/phpMyAdmin).
  2. Make a new directory for phpMyAdmin to store its temporary files:
    $ sudo mkdir -m770 /home/user/html/phpMyAdmin/tmp
  3. Copy config.sample.inc.php to config.inc.php and edit as follows
    1. Use the phpMyAdmin blowfish secret generator to create a new secret passphrase for cookie authentication:
      $ sudo vim /home/user/html/phpMyAdmin/config.inc.php
      $cfg['blowfish_secret'] = 'new 32 byte secret key';
    2. Add the following custom settings to config.inc.php:
      $cfg['FirstLevelNavigationItems'] = 150;		// number of databases in navigation, default: 100
      $cfg['MaxNavigationItems'] = 150;			// number of tables in db navigation, default: 50
      $cfg['NavigationWidth'] = 300;				// width of the navigation window, default: 240
      $cfg['RetainQueryBox'] = true;				// retain query box, results of query shown below box, default: false
      $cfg['ShowPhpInfo'] = true;				// show phpinfo link on home screen, default: false
      $cfg['TempDir'] = '/home/user/html/phpMyAdmin/tmp';	// you may omit this line as the default is ./tmp
    3. You may check phpMyAdmin’s documentation for other settings to add
    4. Leave the commented out settings in config.inc.php unchanged. The pma settings are better done within phpMyAdmin, where you click “Find out why” in the warning at the bottom of the screen when you first run phpMyAdmin, and then create the database phpmyadmin which will contain those settings.
  4. Create /home/user/html/phpMyAdmin/apache.conf:
    # phpMyAdmin default Apache configuration
    
    Alias /phpmyadmin /home/bco/html/phpMyAdmin
    
    <Directory /home/bco/html/phpMyAdmin>
        Options SymLinksIfOwnerMatch
        DirectoryIndex index.php
    
        <IfModule mod_php.c>
            <IfModule mod_mime.c>
                AddType application/x-httpd-php .php
            </IfModule>
            <FilesMatch ".+\.php$">
                SetHandler application/x-httpd-php
            </FilesMatch>
    
            php_value include_path .
            php_admin_value upload_tmp_dir /home/bco/html/phpMyAdmin/tmp
    	php_admin_value open_basedir /home/bco/html/phpMyAdmin/:/usr/share/
        </IfModule>
    
    </Directory>
    
    # Authorize for setup
    <Directory /home/bco/html/phpMyAdmin/setup>
        <IfModule mod_authz_core.c>
            <IfModule mod_authn_file.c>
                AuthType Basic
                AuthName "phpMyAdmin Setup"
                AuthUserFile /home/bco/html/phpMyAdmin/htpasswd.setup
            </IfModule>
            Require valid-user
        </IfModule>
    </Directory>
    
    # Disallow web access to directories that don't need it
    <Directory /home/bco/html/phpMyAdmin/templates>
        Require all denied
    </Directory>
    <Directory /home/bco/html/phpMyAdmin/libraries>
        Require all denied
    </Directory>
    <Directory /home/bco/html/phpMyAdmin/setup/lib>
        Require all denied
    </Directory>
    
    # Secure access to phpMyAdmin by restricting access to it's parent, for example by IP address or domain name, local or external
    <Directory /home/bco/html>
        <RequireAny>
            Require ip 127.0.0.1
            Require forward-dns ddns.domain.name
        </RequireAny>
    </Directory>
  5. You can replace the directives for the setup directory with Require all denied as we will not use the setup script. However, if you do want to use the setup script prior to creating config.inc.php, first create the password file to access the setup script's directory:
    $ sudo htpasswd -c /home/user/html/phpMyAdmin/htpasswd.setup user
  6. Symlink the configuration file for Apache and restart the service:
    $ sudo ln -s /home/user/html/phpMyAdmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf
    $ sudo service apache2 restart
  7. Create a regular MariaDB user for the purpose of managing databases through phpMyAdmin, if you haven't done that yet when configuring MariaDB. You could create a user that has privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command. Whatever privileges you assign to this user, be sure to give it a strong password as well:
    $ sudo mariadb
    MariaDB [(none)]> CREATE USER 'user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
    MariaDB [(none)]> FLUSH PRIVILEGES;
    MariaDB [(none)]> exit
  8. Make sure permissions are set to traverse directories, particularly /home/user/html/ and /home/user/www/

Run phpMyAdmin

  1. Access phpMyAdmin by appending /phpmyadmin to any website url hosted on the same server.