BLOG POSTS
How to Install and Secure phpMyAdmin on Ubuntu 24

How to Install and Secure phpMyAdmin on Ubuntu 24

phpMyAdmin is a web-based administration tool for MySQL databases that’s practically essential for anyone working with database-driven applications. Installing it on Ubuntu 24 is straightforward, but securing it properly requires some extra steps that many developers skip. This guide walks you through the complete installation process, covers essential security configurations to prevent unauthorized access, and includes troubleshooting tips for common issues you’ll likely encounter along the way.

How phpMyAdmin Works

phpMyAdmin operates as a PHP application that sits between your web browser and MySQL server, translating user-friendly web interface actions into SQL commands. When you click “Create Database” or run a query through its interface, phpMyAdmin generates the corresponding SQL statements and executes them against your MySQL instance.

The tool consists of several core components:

  • PHP scripts that handle database operations and generate the web interface
  • Configuration files that define database connections and security settings
  • A web server (Apache or Nginx) that serves the PHP application
  • Authentication mechanisms that can integrate with MySQL users or use custom login systems

Since phpMyAdmin provides direct access to your database structure and data, it’s a prime target for attackers. Default installations often expose the application at predictable URLs like /phpmyadmin, making them easy to discover and exploit.

Prerequisites and System Requirements

Before installing phpMyAdmin, ensure your Ubuntu 24 system meets these requirements:

Component Minimum Version Recommended Notes
PHP 7.2 8.1 or later Requires mbstring, curl, and gd extensions
MySQL/MariaDB 5.5 8.0 / 10.5 Older versions lack some features
Web Server Apache 2.2 / Nginx 1.10 Apache 2.4 / Nginx 1.18 Nginx requires PHP-FPM configuration
RAM 512MB 2GB+ More RAM improves large dataset handling

Verify your current setup with these commands:

php --version
mysql --version
apache2 -v
# or for nginx
nginx -v

Step-by-Step Installation Guide

Start by updating your package list and installing the required components:

sudo apt update
sudo apt upgrade -y
sudo apt install apache2 mysql-server php php-mysql php-mbstring php-zip php-gd php-json php-curl -y

Install phpMyAdmin using the package manager:

sudo apt install phpmyadmin -y

During installation, you’ll encounter several configuration prompts:

  • Select apache2 when asked which web server to configure
  • Choose Yes when prompted to configure the database with dbconfig-common
  • Enter a strong password for the phpMyAdmin MySQL user

Enable the required PHP extensions and restart Apache:

sudo phpenmod mbstring
sudo systemctl restart apache2

Create a symbolic link to make phpMyAdmin accessible via the web server:

sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

Test the installation by visiting http://your-server-ip/phpmyadmin in your browser. You should see the phpMyAdmin login page.

Essential Security Configuration

The default phpMyAdmin installation is functional but insecure. Implement these security measures immediately:

Change the Default Access URL

Remove the predictable /phpmyadmin path and create a custom alias:

sudo rm /var/www/html/phpmyadmin
sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Add this configuration with your custom path:

Alias /secure-db-admin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php
    Require all granted
</Directory>

Enable the configuration and restart Apache:

sudo a2enconf phpmyadmin
sudo systemctl restart apache2

Configure IP-Based Access Control

Restrict access to specific IP addresses by modifying the directory configuration:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Replace Require all granted with:

Require ip 192.168.1.100
Require ip 203.0.113.0/24

Enable Additional Authentication Layer

Add Apache basic authentication as an extra security layer:

sudo htpasswd -c /etc/phpmyadmin/.htpasswd admin

Update the Apache configuration:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Add authentication directives inside the Directory block:

<Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php
    AuthType Basic
    AuthName "phpMyAdmin Access"
    AuthUserFile /etc/phpmyadmin/.htpasswd
    Require valid-user
    Require ip 192.168.1.100
</Directory>

Configure phpMyAdmin Security Settings

Edit the main phpMyAdmin configuration file:

sudo nano /etc/phpmyadmin/config.inc.php

Add these security configurations after the existing settings:

// Hide server information
$cfg['ShowServerInfo'] = false;
$cfg['ShowPhpInfo'] = false;
$cfg['ShowChgPassword'] = false;

// Disable potentially dangerous features
$cfg['ShowSQL'] = false;
$cfg['Servers'][$i]['DisableIS'] = true;

// Force SSL (if SSL is configured)
$cfg['ForceSSL'] = true;

// Set session timeout (in seconds)
$cfg['LoginCookieValidity'] = 3600;

// Limit maximum rows displayed
$cfg['MaxRows'] = 100;

SSL Configuration

Enable SSL to encrypt data transmission between browsers and phpMyAdmin. Install Let’s Encrypt certificates:

sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d your-domain.com

For self-signed certificates (development only):

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /etc/ssl/private/apache-selfsigned.key \
    -out /etc/ssl/certs/apache-selfsigned.crt

Create an SSL virtual host configuration:

sudo nano /etc/apache2/sites-available/phpmyadmin-ssl.conf
<VirtualHost *:443>
    ServerName your-domain.com
    DocumentRoot /var/www/html
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
    
    # Include phpMyAdmin configuration
    Include /etc/apache2/conf-available/phpmyadmin.conf
</VirtualHost>

Enable SSL module and the new site:

sudo a2enmod ssl
sudo a2ensite phpmyadmin-ssl
sudo systemctl restart apache2

Performance Optimization

Optimize phpMyAdmin for better performance with large databases:

sudo nano /etc/phpmyadmin/config.inc.php

Add performance-related configurations:

// Increase memory limit for large imports
$cfg['MemoryLimit'] = '512M';

// Enable query caching
$cfg['CacheSize'] = 100000;

// Optimize for large tables
$cfg['MaxTableList'] = 250;
$cfg['LimitChars'] = 100;

// Enable compression
$cfg['CompressOnFly'] = true;

Adjust PHP settings for better performance:

sudo nano /etc/php/8.1/apache2/php.ini

Modify these values:

memory_limit = 512M
upload_max_filesize = 100M
post_max_size = 100M
max_execution_time = 300
max_input_time = 300

Common Issues and Troubleshooting

Here are solutions for frequently encountered problems:

403 Forbidden Error

This typically occurs due to incorrect Apache configuration or file permissions:

# Check Apache error logs
sudo tail -f /var/log/apache2/error.log

# Fix permissions
sudo chown -R www-data:www-data /usr/share/phpmyadmin
sudo chmod -R 755 /usr/share/phpmyadmin

Blank Page or PHP Errors

Enable PHP error reporting to diagnose issues:

sudo nano /etc/php/8.1/apache2/php.ini

Temporarily enable error display:

display_errors = On
error_reporting = E_ALL

Restart Apache and check for error messages:

sudo systemctl restart apache2

Database Connection Issues

Verify MySQL service status and user permissions:

sudo systemctl status mysql
mysql -u root -p

Check if the phpMyAdmin database user exists:

SELECT User, Host FROM mysql.user WHERE User = 'phpmyadmin';

Import/Export Timeouts

For large database operations, increase timeout values:

sudo nano /etc/phpmyadmin/config.inc.php
$cfg['ExecTimeLimit'] = 0;
$cfg['MemoryLimit'] = '1024M';

Alternative Database Management Tools

Consider these alternatives based on your specific needs:

Tool Type Best For Key Features
Adminer Web-based Lightweight setups Single PHP file, multiple DB support
MySQL Workbench Desktop Development Visual design, advanced modeling
HeidiSQL Desktop Windows users Lightweight, session management
DBeaver Desktop Multi-database environments Universal database tool

Best Practices and Security Checklist

Follow this checklist to maintain a secure phpMyAdmin installation:

  • Use non-standard URLs for phpMyAdmin access
  • Implement IP whitelisting for administrative access
  • Enable SSL/TLS encryption for all connections
  • Add Apache basic authentication as a second layer
  • Regularly update phpMyAdmin and all system packages
  • Monitor access logs for suspicious activity
  • Use strong passwords for all database accounts
  • Disable root login via phpMyAdmin
  • Set appropriate session timeouts
  • Regularly backup your databases and configurations

Monitor your phpMyAdmin installation using log analysis:

# Monitor access attempts
sudo tail -f /var/log/apache2/access.log | grep phpmyadmin

# Check for failed authentication attempts
sudo grep "authentication failure" /var/log/apache2/error.log

Integration with Development Workflows

phpMyAdmin integrates well with various development setups. For containerized environments, consider using Docker Compose:

version: '3.8'
services:
  mysql:
    image: mysql:8.0
    environment:
      MYSQL_ROOT_PASSWORD: rootpassword
      MYSQL_DATABASE: myapp
    ports:
      - "3306:3306"
    
  phpmyadmin:
    image: phpmyadmin/phpmyadmin:latest
    environment:
      PMA_HOST: mysql
      PMA_PORT: 3306
      PMA_USER: root
      PMA_PASSWORD: rootpassword
    ports:
      - "8080:80"
    depends_on:
      - mysql

For production deployments on robust infrastructure, VPS hosting provides the flexibility to implement custom security configurations, while dedicated servers offer the performance needed for high-traffic database applications.

Regular maintenance includes updating packages, monitoring resource usage, and reviewing access logs. Set up automated backups and test your disaster recovery procedures to ensure business continuity.

For comprehensive documentation and advanced configuration options, refer to the official phpMyAdmin documentation and the MySQL reference manual for database-specific configurations.



This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

Leave a reply

Your email address will not be published. Required fields are marked