Home LEMP Stack Install phpMyAdmin With LEMP Stack On Ubuntu 20.04 LTS

Install phpMyAdmin With LEMP Stack On Ubuntu 20.04 LTS

By sk
Published: Last Updated on 3.9K views

We already know how to install phpMyAdmin with LAMP stack on Ubuntu 20.04. Today, let us see how to install phpMyAdmin with LEMP stack on Ubuntu 20.04 LTS edition. And then we will also discuss a few security practices that will help to secure phpmyadmin from common threats. First, make sure you have setup LEMP stack on Ubuntu 20.04 as described in the following link.

After installing LEMP stack, install and secure phpMyAdmin as described in the following sections.

Install phpMyAdmin With LEMP Stack On Ubuntu 20.04 LTS

Run the following command to install phpMyAdmin from the Terminal:

$ sudo apt install phpmyadmin

In the next window, you will be prompted to select the web server that should be automatically configured to run phpMyAdmin. As you can see in the below screenshot, Nginx is not available in the web server list. The Apache and lighthttpd are only listed here. So do not select any web server and just leave it blank. Choose OK and hit ENTER to continue:

select the web server that should be automatically configured to run phpMyAdmin

select the web server that should be automatically configured to run phpMyAdmin

PhpMyAdmin requires a database installed and configured before it can be used. You can do it with dbconfig-command.

Choose Yes to configure database for phpmyadmin with dbconfig-common:

Configure database for phpmyadmin with dbconfig-common

Configure database for phpmyadmin with dbconfig-common

You need to provide a password for phpmyadmin to register with the MySQL database server. If password is not given, a random password will be generated.

Enter a strong password and hit ENTER to continue:

Enter MySQL application password for phpmyadmin

Enter MySQL application password for phpmyadmin

Re-enter password:

Re-enter MySQL application password for phpmyadmin

Re-enter MySQL application password for phpmyadmin

As of writing this guide, when I tried to set the password for phpmyadmin, it throws the following error:

 An error occurred while installing the database:
mysql said: ERROR 1819 (HY000) at line 1: Your password does not satisfy
 the current policy requirements . Your options are:                                  
* abort - Causes the operation to fail; you will need to downgrade,             
reinstall, reconfigure this package, or otherwise manually intervene          
to continue using it. This will usually also impact your ability to           
install other packages until the installation failure is resolved.            
* retry - Prompts once more with all the configuration questions                
(including ones you may have missed due to the debconf priority               
setting) and makes another attempt at performing the operation.               
* retry (skip questions) - Immediately attempts the operation again,            
skipping all questions. This is normally useful only if you have 
solved the underlying problem since the time the error occurred.              
* ignore - Continues the operation ignoring dbconfig-common errors.             
This will usually leave this package without a functional database.
mysql said: ERROR 1819 (HY000) at line 1: Your password does not satisfy the current policy requirements

mysql said: ERROR 1819 (HY000) at line 1: Your password does not satisfy the current policy requirements

This error occurs because we have enabled the VALIDATE PASSWORD component as described under section titled "2.2 Change authentication method for MySQL root user" in the LEMP stack installation guide attached above.

To fix this issue, you need to temporarily disable the Validate Password component and re-enable it after setting the password for phymyadmin. Click OK to close the above error message and choose "abort" to cancel the phpmyadmin installation.

Cancel the phpmyadmin installation

Cancel the phpmyadmin installation

Now log in to the Mysql prompt by running the following command:

$ mysql -u root -p

From the mysql prompt, tun the following command to disable the Validate Password plugin:

mysql> UNINSTALL COMPONENT "file://component_validate_password";

Please note that the above command will only disable the plugin, but do not remove it. You can enable it later. Then type "exit" to exit from Mysql prompt.

mysql> exit
Disable the Validate Password plugin in MySQL

Disable the Validate Password plugin in MySQL

Now try installing phpmyadmin again using command:

$ sudo apt install phpmyadmin

Choose "Yes" and hit ENTER to configure database for phpmyadmin with dbconfig-common. This time phpmyadmin installation will work without any issues.

Once phpmyadmin is installed, re-enable Validate Password plugin. To do so, login to your Mysql prompt:

$ mysql -u root -p

From the mysql prompt, tun the following command to disable the Validate Password plugin:

mysql> INSTALL COMPONENT "file://component_validate_password";

Type exit to quit from mysql prompt.

mysql> exit
Enable the Validate Password plugin in MySQL

Enable the Validate Password plugin in MySQL

Now create a symbolic link to configure Nginx web server to run phpmyadmin using command:

$ sudo ln -s /usr/share/phpmyadmin/ /var/www/html/phpmyadmin

This command will create a symlink named "phpmyadmin" under Nginx root directory. This symlink actually points to the /usr/share/phpmyadmin directory, where the actual files are stored.

Done! We have successfully installed PhpMyAdmin with LEMP stack.

Access phpMyAdmin Dashboard

Open your web browser and navigate to "http://IP-Address/phpmyadmin" from the address bar.

You should see the phpmyadmin login page. Enter the database user and its password:

Phpmyadmin Login Page

Phpmyadmin Login Page

You will be pleased with phpMyAdmin dashboard.

phpMyAdmin dashboard

phpMyAdmin dashboard

From here, you can create, delete and manage databases.

Create dedicated user to access phpMyAdmin dashboard

Once phpMyAdmin is installed, a database user named 'phpmyadmin' will be automatically created with the administrative password you set during the installation. You can login to phpmyAdmin dashboard using 'phpmyadmin' user or mysql root user as shown above. However, it is recommended to create a dedicated user to manage databases via phpMyAdmin web interface.

To do so, login to mysql shell using command:

$ mysql -u root -p

Enter your mysql root password. You will now be in mysql shell.

Enter the following command to create a new dedicated user for phpmyadmin:

mysql> CREATE USER 'phpmyadminuser'@'localhost' IDENTIFIED BY 'Password123#@!';

Here, phpmyadmin is the new user for accessing phpmyadmin dashboard. The password for phpmyadminuser is Password123#@!. Replace these values with your own.

Next give the appropriate privileges to the 'phpmyadminuser' using command:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'phpmyadminuser'@'localhost' WITH GRANT OPTION;

Finally exit from mysql shell:

mysql> exit
Create new user for phpmyadmin

Create new user for phpmyadmin

We have now created a dedicated user for managing the databases via phpmyadmin web interface. Let us go ahead and access phpmyadmin dashboard.

Open web browser and navigate to "http://IP-Address/phpayadmin. Enter the newly created database user and its password. Congratulations! You have logged-in with a dedicated user to the phpMyAdmin web dashboard.

Dedicated user to access phpMyAdmin dashboard

Dedicated user to access phpMyAdmin dashboard

Secure phpMyAdmin

This section provides a few tips to secure PhpMyAdmin installation. Please note that the following steps alone couldn't protect phpMyAdmin 100% secure. However, they will at least slow down any attempts of a perpetrator to break into your phpmyadmin dashboard.

Disable MySQL root login to phpmyadmin dashboard

Allowing mysql root user to access phpMyAdmin dashboard is not safe, especially when managing databases over network. This is why we created a dedicated user in the previous section. Since we already have a dedicated user, we can safely disable mysql root login to access phpmyadmin dashboard to minimize the attacks.

Generally, phpmyadmin is installed under /usr/share/phpmyadmin/ directory and its configuration files are stored in /etc/phpmyadmin directory.

Edit phpmyadmin config file:

$ sudo nano /etc/phpmyadmin/config.inc.php

Add/modify the following parameters:

[...]
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowRoot'] = FALSE;
[...]
Edit phpmyadmin config file

Edit phpmyadmin config file

Save and close the file.

Restart Nginx web server using command:

$ sudo systemctl restart nginx

Now try to log in to phpmyadmin as root user. You will get the Access denied error message:

Disable MySQL root login to phpmyadmin dashboard

Disable MySQL root login to phpmyadmin dashboard

Change phpmyadmin web interface URL

This is most common tactic followed by bots to get access to phpmyadmin. You can prevent this by changing the URL to something hard to guess. Changing the phpmyadmin URL will avoid the bots or automated scripts to perform URL scanning and brute-force attacks.

Remember we created a symbolic link called "phpmyadmin" under Nginx root directory?

$ ls -l /var/www/html/
total 8
-rw-r--r-- 1 root root 612 Jun  2 07:15 index.nginx-debian.html
-rw-r--r-- 1 root root  20 Jun  2 07:35 info.php
lrwxrwxrwx 1 root root  22 Jun  2 08:14 phpmyadmin -> /usr/share/phpmyadmin/

Here, phpmyadmin is the symlink that points to /usr/share/phpmyadmin directory.

We are going to change the symlink name using command:

$ sudo mv /var/www/html/phpmyadmin /var/www/html/ostechnix

Make sure the name contains random characters and is very difficult to guess.

From now on, whenever someone try to access the phpmyadmin page by navigating to http://IP-Address/phpmyadmin URL, s/he will get the following error message:

Change phpmyadmin web interface URL

Change phpmyadmin web interface URL

Because we changed the URL. The new URL to phpmyadmin is http://IP-Address/ostechnix.

Secure phpmyadmin by chaning the default phpmyadmin web interface URL

Secure phpmyadmin by chaning the default phpmyadmin web interface URL

Password-protect phpMyAdmin Login page

We can add an extra layer of security by restricting access to the phpmyadmin login page with basic HTTP authentication method. Meaning - we enable password protection for phpmyadmin login page, so the users will have to enter an additional username/password before accessing the actual phpMyAdmin login page.

First, we need to generate a password file using htpasswd utility. The htpasswd utility is part of the apache2-utils package. So let us install it using command:

$ sudo apt install apache2-utils

Now, create an encrypted password file with command:

$ sudo htpasswd -c /etc/nginx/.htpasswd ostechnix

Replace "ostechnix" with a username of your choice. Enter a strong password twice to generate the password file.

To view the contents of the newly generated file, sue "cat" command like below:

$ cat /etc/nginx/.htpasswd

You will see an output like below:

ostechnix:$apr1$Us9YABHL$CMPDIuHaOB2lK/DVIzA2C/

Next, we need to mention the path of the above password file in our Nginx default configuration file. If you followed our LEMP installation tutorial attached above, the default Nginx configuration should be /etc/nginx/sites-available/default.

Edit the default Nginx config file:

$ sudo nano /etc/nginx/sites-available/default

Add the following lines, under the "location" block:

[...]
location /ostechnix {
                auth_basic "Restricted Zone";
                auth_basic_user_file /etc/nginx/.htpasswd;
        }
[...]
Configure Nginx for HTTP Basic Authentication

Configure Nginx for HTTP Basic Authentication

Remember we have changed phpMyAdmin URL (http://IP-Address/ostechnix) in the previous step? That's why I have mentioned the block name as "ostechnix" in the above block. Replace it with your own. Save and close the file.

Check the Nginx configuration file for any syntax errors using command:

$ sudo nginx -t

Sample output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you don’t see any errors, restart nginx service to take effect the changes.

$ sudo systemctl restart nginx

Now try to access your phpMyAdmin URL from your browser. You will be prompted to enter a username and password:

Password-protect phpMyAdmin Login page

Password-protect phpMyAdmin Login page

Enter the correct username and password which will be created earlier using "htpasword" utility. Now you will be redirected to the actual phpMyAdmin login page, where you can enter the database user and its password to login to phpMyAdmin web dashboard.

You May Also Like

3 comments

John June 2, 2020 - 8:40 pm

In every article on every linux/tech website, everyone ALWAYS uses the LAMP/LEMP stack. Why does everyone think/believe/whatever that MySQL or it’s stepchild Maria are the “go to” holier than holy DBs? How about some love for Postgres?

Reply
sk June 2, 2020 - 8:55 pm

I really don’t know. I guess LAMP and LEMP are most commonly used stacks by many VPS providers. By the way, I will make a guide for PostgreSQL, MariaDB and other popular databases in future.

Reply
gomesh March 8, 2021 - 7:44 pm

Thanks for sharing.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More