To install PhpMyAdmin, you will need to have Nginx, PHP, MariaDB and Let’s Encrypt installed.


$ sudo apt install phpmyadmin

The installer will ask you several questions. Here are the answers:

Web server to reconfigure automatically?
Choose none. Nginx will be configured later.
Configure database for phpmyadmin with dbconfig-common?
Password of the database's administrative user?
Enter your MariaDB root user password.
MySQL application password for phpmyadmin?
Keep it empty to get a random one. You will never need to enter this password



Edit file /etc/php/7.0/mods-available/local-common.ini and add /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ to the open_basedir setting.

Reload PHP:

$ sudo systemctl reload php7.0-fpm.service


  1. Create the config file /etc/nginx/sites-available/
    server {
        include snippets/listen-http.conf;
        access_log /var/log/nginx/;
        error_log /var/log/nginx/ info;
        include snippets/acme-challenge.conf;
        include snippets/https-permanent-redirect.conf;
    server {
        include snippets/listen-https.conf;
        access_log /var/log/nginx/;
        error_log /var/log/nginx/ info;
        include snippets/acme-challenge.conf;
        #include snippets/ssl.conf;
        #ssl_certificate      /etc/letsencrypt/live/;
        #ssl_certificate_key  /etc/letsencrypt/live/;
        #include snippets/hsts.conf;
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        #auth_basic            "Restricted";
        #auth_basic_user_file  .htpasswd;
        root /usr/share/phpmyadmin/;
        index index.php;
        location ~ \.php$ {
            try_files $uri =404;
            include fastcgi.conf;
            fastcgi_pass php;
  2. Activate the configuration with
    $ sudo nginx_modsite -e
    Would you like to reload the Nginx configuration now? (Y/n) Y
  3. Edit file /usr/local/etc/certmanage/main.json and add the following to the list
        "domains": [""],
        "reload": [["/bin/systemctl", "reload", "nginx.service"]]
  4. Get your certificate
    $ sudo /usr/local/sbin/certmanage
    Renewing certificate for that will expire on 0001-01-01
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1):
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for
    Using the webroot path /var/www/acme-challenge for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/ Your cert
       will expire on 2019-03-11. To obtain a new or tweaked version of
       this certificate in the future, simply run certbot again. To
       non-interactively renew *all* of your certificates, run "certbot
     - If you like Certbot, please consider supporting our work by:
       Donating to ISRG / Let's Encrypt:
       Donating to EFF:          
    Restarting services:
    systemctl reload nginx.service
  5. Uncomment the ssl related lines in /etc/nginx/sites-available/ and run
    $ sudo systemctl reload nginx.service

Absolute URI

When placed behind a reverse proxy, phpMyAdmin might have trouble generating correct URLs. One manifestation is that after successful login, the URL you are redirected to is broken.

Fixing that is quite easy. Just create file /etc/phpmyadmin/conf.d/ with the following content:

$cfg['PmaAbsoluteUri'] = '';