Differences

This shows you the differences between two versions of the page.

--- deb11:phpmyadmin [2022/09/26 10:36] – Bernard Condrau
+++ deb11:phpmyadmin [2024/04/25 15:33] (current) – [Configuration] Bernard Condrau
@@ Line 1: / Line 1: @@
 ====== phpMyAdmin ======
-Debian 10/11, other than Debian 9, require manual installation of phpmyadmin, phpmyadmin has been removed from Debian's repositories.
 ===== Installation =====
@@ Line 7: / Line 6: @@
 sudo mv phpMyAdmin-5.2.0-english/ /home/user/html/phpMyAdmin
 $ sudo chown -R www-data:www-data /home/user/html/phpMyAdmin</code>
-  * Up to Debian 9, and in other distributions, phpMyAdmin could be installed via the package manager. Debian 10 dropped the support through the package manager.
+  - To upgrade to a newer version simply download the new version and extract it to the same folder. Files created by the user will remain the same, e.g. ''apache.conf'', ''config.inc.php'', and ''htpasswd.setup''.
+  * __Note__: up to Debian 9, and in other distributions, phpMyAdmin could be installed via the package manager. Debian 10 dropped support to install through the package manager.
 ===== Configuration =====
-  - We will not use any of the standard path used in Debian versions up to 9 or in other distributions. All files related to phpMyAdmin will remain in the custom path where we moved the downloaded files which is the easiest way to later maintain (''/home/user/html/phpMyAdmin'').
+  - We will not use any of the standard path used in Debian versions up to 9 or in other distributions. All files related to phpMyAdmin will remain in the custom path where we moved the downloaded files which is the easiest way for maintenance and later version upgrades (''/home/user/html/phpMyAdmin'').
-  - Make a new directory for phpMyAdmin to store its temporary files:<code>sudo mkdir -m770 /home/user/html/phpMyAdmin/tmp</code>
+  - Make a new directory for phpMyAdmin to store its temporary files:<code>$ sudo mkdir -m770 /home/user/html/phpMyAdmin/tmp</code>
   - Copy ''config.sample.inc.php'' to ''config.inc.php'' and edit as follows
     - Use the [[https://phpsolved.com/phpmyadmin-blowfish-secret-generator/?g=6330fef62b5a1|phpMyAdmin blowfish secret generator]] to create a new secret passphrase for cookie authentication:<code>$ sudo vim /home/user/html/phpMyAdmin/config.inc.php
@@ Line 21: / Line 21: @@
 $cfg['ShowPhpInfo'] = true;				// show phpinfo link on home screen, default: false
 $cfg['TempDir'] = '/home/user/html/phpMyAdmin/tmp';	// you may omit this line as the default is ./tmp</code>
-  - You may check [[https://docs.phpmyadmin.net/en/latest/|phpMyAdmin’s documentation]] for other settings to add
+    - You may check [[https://docs.phpmyadmin.net/en/latest/|phpMyAdmin’s documentation]] for other settings to add
-  - Leave the commented out settings in ''config.inc.php'' unchanged. The ''pma'' settings are better done within phpMyAdmin, where you click "Find out why" in the warning at the bottom of the screen when you first run phpMyAdmin, and then create the database ''phpmyadmin'' which will contain those settings.
+    - Leave the commented out settings in ''config.inc.php'' unchanged. The ''pma'' settings are better done within phpMyAdmin, where you click "Find out why" in the warning at the bottom of the screen when you first run phpMyAdmin, and then create the database ''phpmyadmin'' which will contain those settings.
   - Create ''/home/user/html/phpMyAdmin/apache.conf'':<code># phpMyAdmin default Apache configuration
@@ Line 67: / Line 67: @@
 <Directory /home/bco/html/phpMyAdmin/setup/lib>
     Require all denied
-</Directory></code>
+</Directory>
+# Secure access to phpMyAdmin by restricting access to it's parent, for example by IP address or domain name, local or external
+<Directory /home/bco/html>
+    <RequireAny>
+        Require ip 127.0.0.1
+        Require forward-dns ddns.domain.name
+    </RequireAny>
+</Directory>
+</code>
+  - You can replace the directives for the setup directory with ''Require all denied'' as we will not use the setup script. However, if you do want to use the setup script prior to creating ''config.inc.php'', first create the password file to access the setup script's directory:<code>$ sudo htpasswd -c /home/user/html/phpMyAdmin/htpasswd.setup user</code>
+  - Symlink the configuration file for Apache and restart the service:<code>$ sudo ln -s /home/user/html/phpMyAdmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf
+$ sudo service apache2 restart</code>
+  - Create a regular MariaDB user for the purpose of managing databases through phpMyAdmin, if you haven't done that yet when configuring MariaDB. You could create a user that has privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command. Whatever privileges you assign to this user, be sure to give it a strong password as well:<code>$ sudo mariadb
+MariaDB [(none)]> CREATE USER 'user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
+MariaDB [(none)]> FLUSH PRIVILEGES;
+MariaDB [(none)]> exit</code>
+  - Make sure permissions are set to traverse directories, particularly ''/home/user/html/'' and ''/home/user/www/''
+===== Run phpMyAdmin =====
+  - Access phpMyAdmin by appending ''/phpmyadmin'' to any website url hosted on the same server.
-  * Copy folder {{:deb9:phpmyadmin.zip|phpmyadmin}} from a Debian 9 installation to /etc. Check the **apache.conf** file and remove path elements in //php_admin_value open_basedir// which do not exist in your system.
-  * Symlink the configuration files for apache:<code>cd /etc/apache2/conf-available
-ln -s ../../phpmyadmin/apache.conf phpmyadmin.conf
-cd ../conf-enabled
-ln -s ../conf-available/phpmyadmin.conf phpmyadmin.conf</code>
-  * Symlink the configuration files for phpmyadmin in it's root folder:<code>cd /usr/share/phpmyadmin
-ln -s /etc/phpmyadmin/config.inc.php config.inc.php
-ln -s /etc/phpmyadmin/config.header.inc.php config.header.inc.php
-ln -s /etc/phpmyadmin/config.footer.inc.php config.footer.inc.php</code>
-  * Create a additional config file with the path to the **tmp** directory:<code>vim /etc/phpmyadmin/conf.d/tempdir.php
-<?php
-$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';</code>
-  * Make sure the //phpmyadmin// user has been created in mysql:<code>mysql -u <my-admin-user> -p
-SELECT user,host FROM mysql.user;
-CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
-GRANT USAGE ON phpmyadmin.* TO phpmyadmin</code>
-  * The password is in file /etc/phpmyadmin/config-db.php. Restrict permissions of that file as it contains a password:<code>sudo chown root:www-data /etc/phpmyadmin/config-db.php
-sudo chmod 640 /etc/phpmyadmin/config-db.php</code>
-  * Create a regular MariaDB user for the purpose of managing databases through phpMyAdmin, as it’s recommended that you log in using another account than the pma user. You could create a user that has privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command. Whatever privileges you assign to this user, be sure to give it a strong password as well:<code>sudo mariadb
-GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
-exit</code>
-  * [[https://docs.phpmyadmin.net/en/latest/config.html|phpMyAdmin Configuration]]
-==== Manual Upgrade on Debian 9 ====
-  * Check latest version of [[https://www.phpmyadmin.net/|phpMyAdmin]]
-  * Download and install<code>cd /usr/share/phpmyadmin/
-sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-english.tar.gz
-tar xzf phpMyAdmin-5.1.0-english.tar.gz
-sudo mv phpMyAdmin-5.1.0-english phpmyadmin</code>
-  * Modify the following lines in /usr/share/phpmyadmin/libraries/vendor_config.php<code>define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');
-define('CONFIG_DIR', '/etc/phpmyadmin/');</code>
-  * See [[https://kenfavors.com/code/how-to-manually-upgrade-phpmyadmin/|How To Manually Upgrade phpMyAdmin]] and [[https://phpsolved.com/phpmyadmin-blowfish-secret-generator/|phpMyAdmin blowfish secret generator]]
-===== Securing Your phpMyAdmin Instance =====
-Edit /etc/apache2/conf-available/phpmyadmin.conf:
-  Alias /phpmyadmin /usr/share/phpmyadmin
-  <Directory /usr/share/phpmyadmin>
-    Options FollowSymLinks
-    DirectoryIndex index.php
-    # Allow user to access without password
-    Include conf-available/user-access.conf
-    <IfModule mod_php5.c>
-        <IfModule mod_mime.c>
-            AddType application/x-httpd-php .php
-        </IfModule>
-        <FilesMatch ".+\.php$">
-            SetHandler application/x-httpd-php
-        </FilesMatch>
-        php_flag magic_quotes_gpc Off
-        php_flag track_vars On
-        php_flag register_globals Off
-        php_admin_flag allow_url_fopen Off
-        php_value include_path .
-        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
-        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/
-    </IfModule>
-  </Directory>
-conf-available/user-access.conf contains:
-  # Allow user to access without password
-  Require ip www.xx.yyy.zzz
 ===== Links =====
   * [[https://www.how2shout.com/linux/how-to-install-phpmyadmin-on-debian-11-bullseye-apache/|How to Install phpMyAdmin on Debian 11 Bullseye (Apache)]]
   * [[https://www.howtoforge.com/how-to-install-and-secure-phpmyadmin-on-debian-11/#install-and-configure-phpmyadmin|How to Install and Secure phpMyAdmin on Debian 11]]
+  * [[https://docs.phpmyadmin.net/en/latest/config.html|phpMyAdmin Configuration]]

Differences

Know How