PhpMyAdmin
From wiki
Prerequisite
To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.
Install
# apt install phpmyadmin
The installer will ask you several questions. Here are the answers:
- Web server to reconfigure automatically?
- Choose none. Nginx will be configured later.
- Configure database for phpmyadmin with dbconfig-common?
- Yes
- Password of the database's administrative user?
- Enter your MariaDB root user password.
- MySQL application password for phpmyadmin?
- Keep it empty to get a random one. You will never need to enter this password
Configure
PHP
Edit file /etc/php5/mods-available/local-common.ini
and add folder /usr/share/phpmyadmin/
to the open_basedir
setting.
Nginx
Create file /etc/nginx/sites-available/phpmyadmin
server {
include snippets/listen-http.conf;
server_name phpmyadmin.example.com;
access_log /var/log/nginx/phpmyadmin.access.log;
error_log /var/log/nginx/phpmyadmin.error.log info;
include snippets/acme-challenge.conf;
include snippets/https-permanent-redirect.conf;
}
server {
include snippets/listen-https.conf;
server_name phpmyadmin.example.com;
access_log /var/log/nginx/phpmyadmin.access.log;
error_log /var/log/nginx/phpmyadmin.error.log info;
include snippets/acme-challenge.conf;
#include snippets/ssl.conf;
#ssl_certificate /etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.example.com/privkey.pem;
#include snippets/hsts.conf;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
#auth_basic "Restricted";
#auth_basic_user_file .htpasswd;
root /usr/share/phpmyadmin/;
index index.php;
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass php5;
}
}
Activate the configuration with
# ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/
# service nginx reload
TLS Certificate
Edit file /usr/local/sbin/renew_certificates
and add the following to the config list
{
'domains': ['phpmyadmin.example.com'],
'reload': [['service', 'nginx', 'reload']]
}
and get your certificate
$ sudo /usr/local/sbin/certmanage
Renewing certificate for phpmyadmin.example.com that will expire on 0001-01-01
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for phpmyadmin.example.com
Using the webroot path /var/www/acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/phpmyadmin.example.com/fullchain.pem. Your cert
will expire on 2025-03-24. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Restarting services:
service nginx restart
Now uncomment the ssl related lines in /etc/nginx/sites-available/phpmyadmin
and run
# service nginx reload