Introduction
Although many users require a database management system like MySQL’s functionality, they might not feel at ease interacting with the system only through the MySQL command line client.
To enable user interaction with MySQL via a web interface, PhpMyAdmin was developed. We’ll go over installing and securing PhpMyAdmin in this guide, so you can use it to manage your databases on a CentOS system without risk.
Basic requirements
- CentOS or RHEL server with a non-root administrative user with sudo privileges.
- LAMP stack installed on your server. You can follow this guide on installing a LAMP stack to set this up.
Finally, while utilizing software like PhpMyAdmin, there are essential security issues to be aware of because it:
- Communicates with your MySQL installation directly.
- Handles MySQL authentication.
- Executes and returns the results of any SQL query.
For these reasons, as well as the fact that PhpMyAdmin is a widely deployed PHP application that is routinely targeted for attack, you should never execute it on remote computers through a plain HTTP connection. If you do not already have a domain established with an SSL/TLS certificate, you may use this method to create one, securing Apache with Let’s Encrypt on Ubuntu.
Once you’ve completed these steps, you’re prepared to start this guide.
Step 1: PhpMyAdmin Installation
To begin, we will install PhpMyAdmin from the distro default repository.
$ sudo yum install epel-release
$ sudo yum install phpmyadmin
The installation procedure places the phpMyAdmin Apache configuration file in the /etc/httpd/conf.d/ directory, where it is immediately read.
Restart Apache:
$ sudo systemctl restart httpd.service
With that, our phpMyAdmin installation is complete. In your web browser, navigate to your server’s domain name or public IP address followed by /phpMyAdmin:
http://server_IP/phpMyAdmin
Log in to the interface as root or using another username and password.
Step 2: Secure your phpMyAdmin Instance
At this point, the phpMyAdmin instance installed on our server should be fully functional. We have, however, exposed our MySQL system to the outside world by adding a web interface.
Changing the Application’s Access URL
$ sudo nano /etc/httpd/conf.d/phpMyAdmin.conf
Toward the top of the file, you will see two lines that look like this:
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin
These two lines are our aliases, which means that whenever we access our site’s domain name or IP address, followed by either /phpMyAdmin or /phpmyadmin, we will be sent the content at /usr/share/phpMyAdmin.
To apply our desired modifications, we should delete or comment out the existing lines and replace them with our own:
# Alias /phpMyAdmin /usr/share/phpMyAdmin # Alias /phpmyadmin /usr/share/phpMyAdmin Alias /secretpage /usr/share/phpMyAdmin
To implement the changes, restart the web service:
$ sudo systemctl restart httpd.service
If you go back to the former location of your phpMyAdmin installation, you will get the 404 error.
Your phpMyAdmin interface, on the other hand, will be available at the new site we chose:
http://server_IP/secretpage
Setting up an Authentication to the Web Server :
The next feature we want for our installation was an authentication prompt that a user would have to pass before they could access the phpMyAdmin login screen.
Open your config file and add AllowOverride All in <Directory /usr/share/phpmyadmin>
CentOS: /etc/httpd/conf.d/phpMyAdmin.conf
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
AllowOverride All
. . .
And Restart Apache
Now that you’ve enabled the use of.htaccess files for your application, you’ll need to make one to create security rules in place.
Create the file in PhpMyAdmin folder:
$ sudo nano /usr/share/phpmyadmin/.htaccess
Add the following lines:
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Save and close the file when you’re finished.
You chose /etc/phpmyadmin/.htpasswd as the location for your password file. You can now use the htpasswd software to create this file and assign it an initial user:
$ sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
then enter and confirm a password for the user you are creating.
If you wish to add another user, use the following syntax without the -c
flag:
$ sudo htpasswd /etc/phpmyadmin/.htpasswd newuser
Then restart Apache to enable .htaccess authentication.
When you enter your phpMyAdmin subdirectory, you will be prompted for the newly established account name and password:
http://server_IP/secretpage
Conclusion
PhpMyAdmin should now be installed and ready to use on your server. You may use this interface to create databases, users, and tables, as well as execute standard operations such as deleting and altering structures and data.