How To Install and Secure phpMyAdmin on Ubuntu 16.04

Post Reply
User avatar
Eli
Senior Expert Member
Reactions: 183
Posts: 5334
Joined: 9 years ago
Location: Tanzania
Has thanked: 75 times
Been thanked: 88 times
Contact:
Contact Eli

#1

Some people may find it inconvenient to handle the tasks of the database management system like MySQL solely from the MySQL prompt. This is because many people don't have sufficient knowledge of SQL but they are in need of using functionality of a database management system like MySQL. For this reason, PHPMyAdmin is a web application which was created to give users Graphical Interface for handling the MySQL tasks.

PHPMYAdmin is not a substitute for MYSQL but enables users to directly interact with MySQL through a web interface to easily perform MySQL operations.

Though millions use phpMyAdmin, it has some security issues. In this lesson we will discuss how to install phpMyAdmin, and point you to instructions on how to secure the phpMyAdmin so that you can safely use it to manage your databases from an Ubuntu-Linux 16.04 operating system.

We assume that you've completed a LAMP (Linux, Apache, MySQL, and PHP) installation on your Ubuntu 16.04 server. If you have not done so, go to https://www.tssfl.com/how-to-install-fu ... sktop-5559 and follow the given instructions to install a LAMP stack on Ubuntu 16.04.

Before we proceed, there are important security considerations when using software like phpMyAdmin that you need to take into account, since it:
  • Communicates directly with your MySQL installation.
  • Handles authentication using MySQL credentials.
  • Executes and returns results for arbitrary SQL queries.
The points above can make phpMyAdmin potentially vulnerable to hacker attacks, and because it is a widely used, phpMyAdmin has frequently targeted for attacks. For these reason Apache web server should be encrypted with SSL/TLS, i.e, you should not run the PHPMyAdmin with HTTP connection as it is insecure to use. You have to install the SSL certificate to secure the connection. If you do not have an existing domain configured with an SSL/TLS certificate, follow this guide on securing Apache with Let's Encrypt on Ubuntu 16.04.

Once you are finished with the above requirements, you're ready to get started with the installation process.

Install phpMyAdmin

Update the local package index:

Code: Select all

sudo apt-get update
Pull down the files from Ubuntu repository and install them on your system:

Code: Select all

sudo apt-get install phpmyadmin php-mbstring php-gettext

Attention: When the first prompt appears, apache2 is highlighted, but not selected. Hit Space, Tab, and then Enter to select Apache.
  • For the server selection, choose apache2.
  • Select yes when asked whether to use dbconfig-common to set up the database
  • You will be prompted for your database administrator's password (the same password you use for MYSQL)
  • You will then be asked to choose and confirm a password for the phpMyAdmin application itself
The installation process normally adds the phpMyAdmin Apache configuration file into the /etc/apache2/conf-enabled/ directory.

The next thing we need to do is explicitly enable the PHP mcrypt and mbstring extensions, by executing:

Code: Select all

sudo phpenmod mcrypt

sudo phpenmod mbstring
You may get an error similar to the one below after executing the commands above:

Code: Select all

Error:

WARNING: Module mcrypt ini file doesn't exist under /etc/php/7.2/mods-available

Module mbstring ini file doesn't exist under /etc/php/7.2/mods-available
Or

Code: Select all

WARNING: Module mcrypt ini file doesn't exist under /etc/php/5.6/mods-available

Module mbstring ini file doesn't exist under /etc/php/7.2/mods-available
or both depending on the PHP version(s) that run under your system.

You can respectively fix the above errors by executing these commands:

Code: Select all

sudo apt install php7.2-mcrypt && sudo apt install php7.2-mbstring

sudo apt install php5.6-mcrypt && sudo apt install php5.6-mbstring
Then enable them with:

Code: Select all

sudo a2enmod mcrypt

sudo a2enmod mbstring
The errors above may however due to a well known bug that causes php CLI having issues with mcrypt (in this case mycrypt/mbstring extension may be installed but has issues working with php cli) which has been noted in earlier versions of php, but now seems to be present in php 7.2: https://askubuntu.com/questions/866985/ ... urn-errors

Then, restart Apache for the changes to be effected:

Code: Select all

sudo systemctl restart apache2
You can now access the web interface of the MYSQL server by opening the browser and Enter domain name or public IP address followed by /phpmyadmin:

Code: Select all

https://domain_name_or_IP/phpmyadmin
Check that phpMyAdmin works by typing

Code: Select all

http://localhost/phpmyadmin
If it works, the phpMyAdmin log in interface will open and ask for a username and a root password. Enter root as the username and the corresponding database password.

Once you log in, you will be taken to the phpMyAdmin Dashboard.

You can now use phpMyAdmin for development in your local machine, but for production purposes, you need to secure the phpMyadmin from hacker attacks. To do so, follow the instructions given at https://poweruphosting.com/blog/install ... in-ubuntu/ to secure the phpMyAdmin.

Find out more about phpMyAdmin: https://help.ubuntu.com/community/phpMyAdmin
0
TSSFL -- A Creative Journey Towards Infinite Possibilities!
Top
Post Reply

Return to “LAMP (Linux, Apache, MySQL, PHP)”

  • Information

  • Who is online

    Users browsing this forum: No registered users and 4 guests