PhpMyAdmin

From wiki
Revision as of 23:23, 20 March 2016 by Vincent (talk | contribs) (Use Let’s Encrypt template)

Prerequisite

To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.

Install

# apt install phpmyadmin

The installer will ask you several questions. Here are the answers:

Web server to reconfigure automatically?
Choose none. Nginx will be configured later.
Configure database for phpmyadmin with dbconfig-common?
Yes
Password of the database's administrative user?
Enter your MariaDB root user password.
MySQL application password for phpmyadmin?
Keep it empty to get a random one. You will never need to enter this password

Configure

PHP

Edit file /etc/php5/mods-available/local-common.ini and add folder /usr/share/phpmyadmin/ to the open_basedir setting.

Nginx

Create file /etc/nginx/sites-available/phpmyadmin

server {
    include snippets/listen-http.conf;
    server_name phpmyadmin.example.com;

    access_log /var/log/nginx/phpmyadmin.access.log;
    error_log /var/log/nginx/phpmyadmin.error.log info;

    include snippets/acme-challenge.conf;
    include snippets/https-permanent-redirect.conf;
}

server {
    include snippets/listen-https.conf;
    server_name phpmyadmin.example.com;

    access_log /var/log/nginx/phpmyadmin.access.log;
    error_log /var/log/nginx/phpmyadmin.error.log info;

    include snippets/acme-challenge.conf;

    #include snippets/ssl.conf;
    #ssl_certificate      /etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem;
    #ssl_certificate_key  /etc/letsencrypt/live/phpmyadmin.example.com/privkey.pem;
    #include snippets/hsts.conf;

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;

    #auth_basic            "Restricted";
    #auth_basic_user_file  .htpasswd;

    root /usr/share/phpmyadmin/;

    index index.php;

    location ~ \.php$ {
        try_files      $uri =404;
        include fastcgi.conf;
        fastcgi_pass php5;
    }
}

Activate the configuration with

# ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/
# service nginx reload

TLS Certificate

Edit file /usr/local/sbin/renew_certificates and add the following to the config list

{
    'domains': ['phpmyadmin.example.com'],
    'reload': [['service', 'nginx', 'reload']]
}

and get your certificate

$ sudo /usr/local/sbin/certmanage
Renewing certificate for phpmyadmin.example.com that will expire on 0001-01-01

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for phpmyadmin.example.com
Using the webroot path /var/www/acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem. Your cert
   will expire on 2025-03-24. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Restarting services:
service nginx restart

Now uncomment the ssl related lines in /etc/nginx/sites-available/phpmyadmin and run

# service nginx reload