How To Install & Secure phpMyAdmin for Nginx on Ubuntu 20.04

How To Install & Secure phpMyAdmin for Nginx on Ubuntu 20.04

Last updated on

In this guide we will install and configure phpMyAdmin to work with Nginx on Ubuntu Server 20.04.

Prerequisites

You should be using a non-root user with sudo privileges as explained in Ubuntu 20.04 Initial Server Setup.

You should also have your LEMP stack for Ubuntu 20.04 already installed and serving web pages before continuing with this guide.

1. Install phpMyAdmin

Let’s begin by updating the package lists and installing phpMyAdmin for Nginx on Ubuntu 20.04.

sudo apt update && sudo apt install phpmyadmin

Press y and ENTER when asked to continue.

1.1. Select Nothing

If you are prompted to choose a web server like below, as there is no option for Nginx, press TAB and then ENTER to continue without selecting a web server.

Install and secure phpMyAdmin for Nginx on Ubuntu 20.04

1.2. Configure Database

Select Yes and press ENTER to install and configure the database.

1.3. Application Password

The MySQL application password is used internally by phpMyAdmin to communicate with MySQL and it is not recommended that you use it to log into phpMyAdmin. You can leave this blank and a password will be generated automatically.

Press ENTER to continue.

2. Create Symbolic Link

In order for Nginx to serve the phpMyAdmin files correctly, we must create a symbolic link from the phpMyAdmin directory /usr/share/phpmyadmin to the Nginx document root directory.

The default location of the Nginx document root in Ubuntu 20.04 should be /var/www/html/, though it could be different depending on your setup. If you followed a previous guide for setting up multiple domains for Nginx, your document root may be located in somewhere like /var/www/example.com/public_html.

Once you have confirmed your document root, let’s create a symbolic link from the phpMyAdmin directory to your document root. Here we will assume your document root is /var/www/html/ and we will simply add phpmyadmin to the end of it. This will allow us to access phpMyAdmin at example.com/phpmyadmin.

sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

3. Test phpMyAdmin

You should now be able to access the phpMyAdmin web interface by visiting your server’s domain name or public IP address followed by /phpmyadmin. e.g. http://example.com/phpmyadmin or http://192.168.1.10/phpmyadmin

If you don’t have a domain name yet or don’t know your IP, you can find out with:

ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

MySQL root Account and phpMyAdmin

In MySQL 5.7 and above, you will not be able to log into phpMyAdmin using the MySQL root account and will get an error “Access denied for user ‘root’@’localhost'”. Instead, you should create a new superuser account just for phpMyAdmin. If you want force MySQL to allow root login via phpMyAdmin, see: Can’t log into phpMyAdmin with root

4. Create MySQL Superuser

In terminal, log into MySQL using your MySQL root password.

You may have created a root password when you installed MySQL for the first time or the password could be blank. If you have forgotten your MySQL root password, see: Reset MySQL Root Password

sudo mysql -u root -p

Once logged in, add a new MySQL superuser with the username of your choice. In this example we are calling it pmauser. Click here to generate a strong password and replace password_here below with it.

CREATE USER 'pmauser'@'localhost' IDENTIFIED BY 'password_here';

Now grant superuser privileges to our new user pmauser.

GRANT ALL PRIVILEGES ON *.* TO 'pmauser'@'localhost';

Exit MySQL.

exit

You should now be able to access phpMyAdmin using this new user account.

phpMyadmin login Ubuntu 20.04

It is strongly recommended that you set up some additional security for phpMyAdmin in the steps below.

5. Obscure phpMyAdmin URL (Recommended)

Bots and attackers continuously scan web servers for the phpMyAdmin login page, so it is recommended that you change the URL to something else.

In this example we are going to change it from example.com/phpmyadmin to example.com/pma_hidden, though you can change it to whatever you want.

In step 2, we created a symbolic link in the document root /var/www/html/phpmyadmin

All we need to do is to rename this symbolic link, in this example, to: pma_hidden. Make sure you enter the correct document root here. The default is /var/www/html though it may be something like /var/www/example.com/public_html/ on your server.

sudo mv /var/www/html/phpmyadmin /var/www/html/pma_hidden

You should now be able to access phpMyAdmin at example.com/pma_hidden

6. Secure phpMyAdmin (Recommended)

To provide an additional layer of security, we can set up authentication in Nginx.

We will now install apache2-utils, which can generate the .htpasswd file that works with both Nginx and Apache.

sudo apt install apache2-utils

Once installed, we can generate the .htpasswd file. Simply change username to whatever username you want. Generate a password and keep it safe.

sudo htpasswd -c /etc/nginx/.htpasswd username

There should now be a .htpasswd file containing your username and encrypted password. You can check with:

cat /etc/nginx/.htpasswd

You should see something like username:$apr1sdfsdf4435sdtskLfWmmg1sfdsdgg4

We now need to add two directives to our Nginx configuration file. The location of the config file may vary depending on your setup, though the default is usually in /etc/nginx/sites-available/default. If you set up multiple domains in a previous guide, your config file may be located in somewhere like /etc/nginx/sites-available/example.com

This this example, we will assume the config file is in /etc/nginx/sites-available/default. Open the file to edit.

sudo nano /etc/nginx/sites-available/default

Scroll down and look for the location blocks and paste in a new block underneath them with the name of your obscured phpMyAdmin folder, in this example pma_hidden.

/etc/nginx/sites-available/default
location /pma_hidden {
        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
}

Save file and exit (press CTRL + X, press Y and then press ENTER).

Check that the Nginx config file is valid, otherwise the server could crash on restart.

sudo nginx -t

If valid, reload Nginx config.

sudo service nginx reload

Now when visiting example.com/pma_hidden, you should be presented with an authentication window.

You’re all done!

What Next?

By now you will have successfully implemented your LEMP stack for Ubuntu 20.04 and can administer MySQL through phpMyAdmin.

You may now want to configure SSL for you domain or set up an FTP server.

Manually Update phpMyAdmin (Optional)

The repositories often don’t give you the latest releases of phpMyAdmin. If you would like to manually upgrade to the the latest version, see:

1 Star2 Stars3 Stars4 Stars5 Stars 5.00 (4 votes)

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.

1 reply

avatar
  Subscribe  
newest oldest
Notify of
Kato von Katz
Guest
Kato von Katz
Kato von Katz
24 days ago

Dear Devanswers,

Thank you so much for this tutorial. However, after completing the first paragraph and entering step Access phpMyAdmin Dashboard, the link http://www.donutnetwerk.nl/phpmyadmin doesn’t work. You can check it out for yourself.

I already rebooted nginx with sudo systemctl reload nginx.

What can I do to get this working?

Kind regards,
Kato von Katz