How to Install and Secure phpMyAdmin with Apache on Debian 9
4 min read
phpMyAdmin is a free, open source PHP based application designed to simplify the administration of MySQL and MariaDB servers over a web-based interface.
phpMyAdmin allows you to manage MySQL databases, user accounts and privileges, execute SQL-statements, import and export data in a wide variety of data formats and much more.
This tutorial describes the steps required to install and secure phpMyAdmin on Debian 9 with Apache web server.
Ensure that you have met the following requirements before proceeding with this tutorial:
- Have LAMP (Linux, Apache, MySQL, and PHP) installed on your Debian server.
- Logged in as a user with sudo privileges.
Although optional, it is recommended to access your phpMyAdmin installation over HTTPS. If your domain is not already protected by an SSL you can follow this guide and secure your Apache with Let's Encrypt on Debian 9.
Perform the following steps to install phpMyAdmin on Debian 9:
Update the package index and upgrade the system packages to the latest versions:
sudo apt update && sudo apt upgrade
Install the phpMyAdmin package from the default Debian repositories by typing:
sudo apt install phpmyadmin
The installer will ask you choose the web server that should be automatically configured to run phpMyAdmin, choose apache by pressing
Next, you will be asked whether to use
dbconfig-commonto set up the database, select
Enter a password for phpMyAdmin to register with the database, select
Confirm the password, select
Once the installation process is finished, restart Apache for changes to take effect:
sudo systemctl restart apache2
Creating Administrative MySQL User
In Debian systems running MariaDB 10.1 (and later), the root user is set to use the
auth_socket authentication method by default.
auth_socket plugin authenticates users that connect from the localhost through the Unix socket file. This means that you can’t authenticate as a root by providing a password.
Instead of changing the authentication method for the MySQL user root, we will create a new administrative MySQL user. This user will have the same privileges as the root user and will be set to use the
mysql_native_password authentication method.
We will use this user to login to the phpMyAdmin dashboard and preform administrative tasks on our MySQL or MariaDB server.
Start by log in to the MySQL server as the root user:
From within the MySQL shell execute the following commands which will create a new administrative user and grant appropriate permissions:
CREATE USER 'padmin'@'localhost' IDENTIFIED BY 'super-strong-password'; GRANT ALL PRIVILEGES ON *.* TO 'padmin'@'localhost' WITH GRANT OPTION;
padmin. You can use any name you like, just be sure to set a strong password.
To access the phpMyAdmin interface open your favorite browser and type your server's domain name or public IP address followed by
Enter the administrative user login credentials you previously created and click
Once you log in, you'll see the phpMyAdmin dashboard, which will look something like this:
To add an extra layer of security we will password protect the phpMyAdmin directory by setting up a basic authentication.
First we will create a password file with users using the
htpasswd tool that comes with the Apache package. We will store the
.htpasswd file in
sudo htpasswd -c /etc/phpmyadmin/.htpasswd padmin
In this example we are creating a user named
padmin. You can choose any username, it doesn't have to be same as the administrative MySQL user.
The command above will prompt you to enter and confirm the user's password.
New password: Re-type new password: Adding password for user padmin
If you want to add an additional user, you can use the same command without the
sudo htpasswd /etc/phpmyadmin/.htpasswd padmin2
The next step is to configure Apache to password protect the phpMyAdmin directory and use the
To do so open the
phpmyadmin.conf file which was automatically created during the phpMyAdmin installation:
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
And edit / insert the following lines highlighted in yellow:
<Directory /usr/share/phpmyadmin> Options +FollowSymLinks +Multiviews +Indexes # edit this line DirectoryIndex index.php AllowOverride None AuthType basic AuthName "Authentication Required" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user <IfModule mod_php5.c> ...
Save and close the file and restart Apache for changes to take effect:
sudo systemctl restart apache2
Now, when accessing your phpMyAdmin, you will be prompted to enter the login credentials of the user you previously created:
After entering the basic authentication, you'll be taken to the phpMyAdmin login page where you need to enter your MySQL administrative user login credentials.
/phpmyadminalias to something more unique and secure.
Congratulations, you have successfully installed phpMyAdmin on your Debian 9 server. You can now start creating MySQL databases, users and tables and perform various MySQL queries and operations.
If you have questions feel free to leave a comment below.