PhpMyAdmin
From wiki
Prerequisite
To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.
Install
# apt install phpmyadmin
The installer will ask you several questions. Here are the answers:
- Web server to reconfigure automatically?
- Choose none. Nginx will be configured later.
- Configure database for phpmyadmin with dbconfig-common?
- Yes
- Password of the database's administrative user?
- Enter your MariaDB root user password.
- MySQL application password for phpmyadmin?
- Keep it empty to get a random one. You will never need to enter this password
Configure
PHP
Edit file /etc/php5/mods-available/local-common.ini
and add folder /usr/share/phpmyadmin/
to the open_basedir
setting.
Nginx
- Create the config file
/etc/nginx/sites-available/phpmyadmin.example.org
server { include snippets/listen-http.conf; server_name phpmyadmin.example.org; access_log /var/log/nginx/phpmyadmin.example.org.access.log; error_log /var/log/nginx/phpmyadmin.example.org.error.log info; include snippets/acme-challenge.conf; include snippets/https-permanent-redirect.conf; } server { include snippets/listen-https.conf; server_name phpmyadmin.example.org; access_log /var/log/nginx/phpmyadmin.example.org.access.log; error_log /var/log/nginx/phpmyadmin.example.org.error.log info; include snippets/acme-challenge.conf; #include snippets/ssl.conf; #ssl_certificate /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.example.org/privkey.pem; #include snippets/hsts.conf; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; #auth_basic "Restricted"; #auth_basic_user_file .htpasswd; root /usr/share/phpmyadmin/; index index.php; location ~ \.php$ { try_files $uri =404; include fastcgi.conf; fastcgi_pass php5; } }
- Activate the configuration with
$ sudo nginx_modsite -e phpmyadmin.example.org Would you like to reload the Nginx configuration now? (Y/n) Y
- Edit file
/usr/local/etc/certmanage/main.json
and add the following to the list{ "domains": ["phpmyadmin.example.org"], "reload": [["/bin/systemctl", "reload", "nginx.service"]] }
- Get your certificate
$ sudo /usr/local/sbin/certmanage Renewing certificate for phpmyadmin.example.org that will expire on 0001-01-01 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for phpmyadmin.example.org Using the webroot path /var/www/acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/phpmyadmin.example.org/fullchain.pem. Your cert will expire on 2025-03-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Restarting services: systemctl reload nginx.service
- Uncomment the ssl related lines in
/etc/nginx/sites-available/phpmyadmin.example.org
and run$ sudo systemctl reload nginx.service