This is an old revision of the document!
Table of Contents
phpMyAdmin
Debian 10/11, other than Debian 9, require manual installation of phpmyadmin, phpmyadmin has been removed from Debian's repositories.
Installation
- Download the latest phpMyAdmin from the Downloads page, scroll down to the table with download links for the latest stable release, and copy the download link ending in tar.gz:
$ wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-english.tar.gz
- Unzip the tarball, then move the folder to a local folder outside of apache's document root (we will create a path alias in phpMyAdmin's
apache.conflater) and set ownership:$ tar xvf phpMyAdmin-5.2.0-english.tar.gz sudo mv phpMyAdmin-5.2.0-english/ /home/user/html/phpMyAdmin $ sudo chown -R www-data:www-data /home/user/html/phpMyAdmin
- Up to Debian 9, and in other distributions, phpMyAdmin could be installed via the package manager. Debian 10 dropped the support through the package manager.
Configuration
- We will not use any of the standard path used in Debian versions up to 9 or in other distributions. All files related to phpMyAdmin will remain in the custom path where we moved the downloaded files which is the easiest way for maintenance and later version upgrades (
/home/user/html/phpMyAdmin). - Make a new directory for phpMyAdmin to store its temporary files:
sudo mkdir -m770 /home/user/html/phpMyAdmin/tmp
- Copy
config.sample.inc.phptoconfig.inc.phpand edit as follows- Use the phpMyAdmin blowfish secret generator to create a new secret passphrase for cookie authentication:
$ sudo vim /home/user/html/phpMyAdmin/config.inc.php $cfg['blowfish_secret'] = 'new 32 byte secret key';
- Add the following custom settings to
config.inc.php:$cfg['FirstLevelNavigationItems'] = 150; // number of databases in navigation, default: 100 $cfg['MaxNavigationItems'] = 150; // number of tables in db navigation, default: 50 $cfg['NavigationWidth'] = 300; // width of the navigation window, default: 240 $cfg['RetainQueryBox'] = true; // retain query box, results of query shown below box, default: false $cfg['ShowPhpInfo'] = true; // show phpinfo link on home screen, default: false $cfg['TempDir'] = '/home/user/html/phpMyAdmin/tmp'; // you may omit this line as the default is ./tmp
- You may check phpMyAdmin’s documentation for other settings to add
- Leave the commented out settings in
config.inc.phpunchanged. Thepmasettings are better done within phpMyAdmin, where you click “Find out why” in the warning at the bottom of the screen when you first run phpMyAdmin, and then create the databasephpmyadminwhich will contain those settings.
- Create
/home/user/html/phpMyAdmin/apache.conf:# phpMyAdmin default Apache configuration Alias /phpmyadmin /home/bco/html/phpMyAdmin <Directory /home/bco/html/phpMyAdmin> Options SymLinksIfOwnerMatch DirectoryIndex index.php <IfModule mod_php.c> <IfModule mod_mime.c> AddType application/x-httpd-php .php </IfModule> <FilesMatch ".+\.php$"> SetHandler application/x-httpd-php </FilesMatch> php_value include_path . php_admin_value upload_tmp_dir /home/bco/html/phpMyAdmin/tmp php_admin_value open_basedir /home/bco/html/phpMyAdmin/:/usr/share/ </IfModule> </Directory> # Authorize for setup <Directory /home/bco/html/phpMyAdmin/setup> <IfModule mod_authz_core.c> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /home/bco/html/phpMyAdmin/htpasswd.setup </IfModule> Require valid-user </IfModule> </Directory> # Disallow web access to directories that don't need it <Directory /home/bco/html/phpMyAdmin/templates> Require all denied </Directory> <Directory /home/bco/html/phpMyAdmin/libraries> Require all denied </Directory> <Directory /home/bco/html/phpMyAdmin/setup/lib> Require all denied </Directory> # Secure access to phpMyAdmin by restricting access to it's parent, for example by IP address or domain name, local or external <Directory /home/bco/html> <RequireAny> Require ip 127.0.0.1 Require forward-dns ddns.domain.name </RequireAny> </Directory> - You can replace the directives for the setup directory with
Require all deniedas we will not use the setup script. However, if you do want to use the setup script prior to creatingconfig.inc.php, first create the password file to access the setup script's directory:$ sudo htpasswd -c /home/user/html/phpMyAdmin/htpasswd.setup user
- Symlink the configuration file for Apache and restart the service:
$ sudo ln -s /home/user/html/phpMyAdmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf $ sudo service apache2 restart
- Create a regular MariaDB user for the purpose of managing databases through phpMyAdmin, as it’s recommended that you log in using another account than the pma user. You could create a user that has privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command. Whatever privileges you assign to this user, be sure to give it a strong password as well:
sudo mariadb GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION; exit
- Access phpMyAdmin by appending
/phpmyadminto any website url hosted on the same server.
Securing Your phpMyAdmin Instance
Edit /etc/apache2/conf-available/phpmyadmin.conf:
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
# Allow user to access without password
Include conf-available/user-access.conf
<IfModule mod_php5.c>
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
</IfModule>
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/
</IfModule>
</Directory>
conf-available/user-access.conf contains:
# Allow user to access without password Require ip www.xx.yyy.zzz