Easy phpMyAdmin Installation On Linux

Howdy Post4VPS!

Welcome to another Post4VPS user request based tutorial for the command-line installation of software and applications on Linux servers. In this guide I will teach you how to easily install the phpMyAdmin web application on your Linux based server with a web server, PHP and a MySQL based database server. If you want to know how to install a web server with PHP and MariaDB you can take a look at the following instructions: Host Your Own WP Blog Using Debian 10, Nginx, PHP 8 & MariaDB. A small additional information: phpMyAdmin is a web application that is meant to be downloaded, unzipped and used after a bit of configuration. Therefore I highly recommend to install it from the official source and always use the latest available version. Don't rely on the phpMyAdmin software packages that you can install via package managers in Linux distributions! This way wou will have the latest phpMyAdmin and thus will lower the risk of opening security holes in your web hosting stack. Also keep in mind to always update to the latest phpMyAdmin version afterwards!

This tutorial will NOT cover the following points: a) how to install and configure a web server like Apache or Nginx, b) how to install and configure PHP (e.g. PHP 8) and c) how to install and configure a MySQL database server like MariaDB. You can use the previously linked guide to learn how to do that based on Nginx, PHP 8 and MariaDB. Other kind of setups using different web servers and / or database servers can be found in this forum or all around the web. Additionally this tutorial will not include steps that may help you to secure your phpMyAdmin installation. This is due to different web servers offering different ways to secure it. This subject alone would be worth a dedicated standalone tutorial (in my opinion at least).

Below is the setup I'm going to use during this tutorial:

• Intel Pentium N4200 4x 2.4 GHz
  
• 4 GB DDR4 2400 MHz RAM
  
• 64 GB eMMC Flash Storage
  
• Debian "Buster" 10 64 Bit
  
• Nginx Stable 1.20
  
• PHP 8.0
  
• MariaDB 10.5
  

This is the very same server that I used when I created the previous guide that I linked above. It serves well as an example system to perform a phpMyAdmin installation to make the management of databases easier. Although you may know that I'm not a big of of any kind of control panels, I admin that I'm happily using phpMyAdmin when necessary to quickly create users, databases or perform other operations like database optimization or backups. However, I strongly recommend to secure any phpMyAdmin installation by mainly limiting access to it to a certain set of IP addresses (and as mentioned before: always keep it up-to-date!).

---

Before we start with the main parts of the guide I have some additional information for you.


Easy is not very easy
- In the past the installation of phpMyAdmin basically used to be very easy. It was mainly: a) download the latest version, unzip the latest version and c) adjust a little part of the configuration file. After this three main steps it was basically ready to go. New security measures introduced by MySQL and thus MySQL based database servers require some more work now. The main necessity is the creation of a dedicated database user with full administration rights that can be used in phpMyAdmin for any administrative operations. Earlier it was possible to simply use the root user but this has been disabled to increase security.

Different web hosting stacks require different phpMyAdmin versions
- Certain parts of web hosting stacks such as the PHP version and MySQL server version dictate which phpMyAdmin version you can use or rather said need to use to have a working instance of phpMyAdmin running. So be careful here and watch out what kind of software versions you are using and which phpMyAdmin version you need. I will only mention it this time and no other time during the whole tutorial. Example if you have PHP 8.0 and MySQL 5.5 or MariaDB you need to get the latest stable version 5.1.0 of phpMyAdmin. The older but still supported version (security fixes only) 4.9.7 will not work with PHP 8.0.
- PHP 7.1 and newer and MySQL/MariaDB 5.5 and newer -> phpMyAdmin 5.1.0.
- PHP 5.5 to 7.4 and MySQL/MariaDB 5.5 and newer -> phpMyAdmin 4.9.7.

No phpMyAdmin software packages from Linux distribution package managers
- As mentioned before we will not be using phpMyAdmin software packages that can be installed by package managers coming with Linux distributions like apt, yum or similar. Most are out of date and are only tailored to web hosting stack software version that are also available by default through the package managers on the Linux distributions. As easy as that would make it to install phpMyAdmin it's simply not the right way where you will learn how to install it yourself and it most likely will not compatible with different web hosting stacks (e.g. might only work with Apache installed by the package manager but will not work with Nginx).

---

Prerequisites

First we will install a few necessary tools via apt. To do that first connect to your server and login (best would be to login as root or a user with sudo access as you will need administrative permissions to run some of the commands).

Run the following command in your terminal as root or a user with sudo access (remember to add sudo before the command) to install the necessary tools:

The command will install the CLI downloader "wget", the CLI text editor "nano", the TLS CA certificate base (to download from HTTPS links without certificate errors) and the archive management tool tar + gzip for tar and gunzip archives.

---

phpMyAdmin MySQL Administration User

Next step before the phpMyAdmin installation is the creation of the necessary MySQL administration user that you can use in phpMyAdmin instead of the MySQL root user.

Start the MySQL CLI management console as the MySQL root user:
(Enter your MySQL root password when prompted.)

Create a new user that will become the administrator:
(I'll use pmaadmin as the username. Remember to adjust it to your liking and also set your own password instead of mypassword123.)

Grant all permissions to all databases and also special permission to the new user:

Reload all user privileges:

Exit the MySQL CLI tool:
(Remember to adjust the username to yours!)

You now have a MySQL user that basically has a lot of power over the database server. It is like the MySQL root user. You will use this use to login in phpMyAdmin when you need to create a new user/database or do other administrative tasks.

---

phpMyAdmin Installation

Now we can finally perform the phpMyAdmin installation.

Change your directory to the folder containing your website (where you want to install phpMyAdmin):
(Adjust the path to your own website on your own web hosting stack.)

Download the latest version that is compatible with your web hosting stack. You can get the download links on this page. Take the download link for the archive file ending with tar.gz.
(Here you would use the link for the correct and latest version.)

Extract the downloaded phpMyAdmin archive:
(Here you should use the file name of the version you downloaded.)

You will now have a folder called like the archive name (without .tar.gz). Rename this folder to a easier to remember name:
(Here you should use the folder name of your version and your new wish name for the folder. Make it something not so obvious to prevent bots trying to look for phpMyAdmin - so AVOID calling the folder pma or phpmyadmin/phpMyAdmin!)

You can now remove the downloaded tar.gz archive:
(Here you should use the file name of the version you downloaded.)

Set correct ownership/permissions for the phpMyAdmin folder:
(Here you should adjust the user and group to the one you use for the web server and PHP processes. Additionally remember to adjust the path to your phpMyAdmin folder.)

To verify that you can access phpMyAdmin and it works (not displaying any kind of errors or something) should open the phpMyAdmin instance on your website in a web browser.

You should see this page:

---

phpMyAdmin Configuration

After the phpMyAdmin installation it is necessary to configure a few things or else you will not be able to use phpMyAdmin properly.

Change directory in to your phpMyAdmin folder:
(Adjust the path to your phpMyAdmin installation.)

Rename the sample configuration file to the main configuration file name:

Open the configuration file with nano:
(Adjust the path to your phpMyAdmin installation.)

Go to this page and generate yourself a new blowfish secret.

Inside your configuration file replace

Quote:$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

With the new configuration line with your blowfish secret from the page, e.g.:

Quote:$cfg['blowfish_secret'] = 'MN66UsUnxf,uVql{Dt1uzCE[cnE5M6Rb';

(Don't use the blowfish secret from the example above! Get your own from the page that I linked to above.)

Save the file with CTRL + O and ENTER. Exit the nano text editor with CTRL + X.

This is about it in terms of the configuration of phpMyAdmin.

---

Getting started with phpMyAdmin

Now navigate to your phpMyAdmin installation on your website via web browser and try to login with the user that you created during the phpMyAdmin MySQL Administration User setup step.



If everything went well you should be in and it should look like this:


Do you see the warning message at the bottom of the screenshot? You need to do a little something to fix this issue.

Go to http://hiddenrefuge.eu.org/sqlmgmt/index...-relations in your web browser. Remember to adjust the part before "index.php?route=/check-relations" to the web address of your phpMyAdmin installation.

You will see the error below:


To fix this click on the blue "Create" link. This will generate a databse called phpmyadmin where phpMyAdmin will store its own configuration changes and settings.

After that you can go back to the main page of phpMyAdmin and the warning message should be gone.


That's all folks! You now have installed phpMyAdmin. To update it you would simply download the latest version and overwrite all files. The configuration files config.inc.php will remain unchanged. After overwritting the files you also have to set the ownership/permission again. You would basically simply repeat the phpMyAdmin Installation part with a newer version.

Host Your Own WordPress Blog
Using Debian 10, Nginx, PHP 8 & MariaDB

Hello Post4VPS Community & Staff

Welcome to my tutorial to teach you how to set up your own WordPress blog on a Debian 10 based server using only the command-line and its toolset. You will not need or use a hosting or VPS control panel. The command-line is your friend and key to your own success with Linux. So it is very important to collect command-line experience by doing projects such as those introduced to you in this tutorial. Another personal goal is to get you a bit away from using control panels to manage your server to reduce overhead and remove a big layer of possible security risks and other kinds of issues.

We will cover all necessary steps of the setup, starting with the installation of the Nginx web server, setting up the firewall rules, necessary directory permissions, everything in between, and finally performing the WordPress installation. What we will not cover are the following subjects: DNS and mail server setups. I recommend using a 3rd party DNS infrastructure provider such as Cloudflare or similar providers. For mail servicing, I would also recommend using a free 3rd party service with SMTP options to send emails from within your WordPress blog (e.g. Sendinblue or similar services). Additionally this guide will not contain the setup process of a HTTPS vHost with TLS certificates. Later on a tutorial may follow as an addon for this guide that will cover this topic in combination with Let's Encrypt TLS certificates.

For this tutorial, I'm using a small server with the following specifications:

• Intel Pentium N4200 4x 2.4 GHz
  
• 4 GB DDR4 2400 MHz RAM
  
• 64 GB eMMC Flash Storage
  
• Debian "Buster" 10 64 Bit
  

In short: I will be using a home server that is actually an old repurposed Acer Swift One Ultrabook. I will be hosting the setup locally however with a proper domain name. Regardless of this fact, everything shown in this guide will still work on dedicated servers and VPSs with public IP addresses. You can look at my setup for this guide as a computer & server testing laboratory. Made to produce educational content such as this tutorial.

Let's get started!

---

Before we really begin I'd like to mention some prerequisites and provide some information about upcoming procedures.

Clean OS
- It is highly recommended to use a clean OS installation for this project. A already in use OS installation where you might have certain software installed that might be similar to what we want to set up or something else is running on can produce conflicts and thus cause negative side effects. So it's best to reinstall your OS to a fresh installation of Debian 10 before starting with this tutorial.

Up to date OS
- Please make sure your OS installation is not only fresh but also up to date. This is also a highly recommended step that needs to be performed before going forward with the installation steps in this guide. Out-of-date software combined with what we want to do can cause unwanted and unnecessary issues.

Root access
- It is highly recommended to be logged in as root on your server to perform all upcoming installation setups and commands. You will save yourself a lot of time this way. Alternatively, you can use a user with sudo access but remember to apply the sudo keyword before all commands.

3rd party repos
- For the best experience we want to use the latest available version of the software that we need to achieve our goal. Sadly, the default software repositories of Linux distributions like CentOS, Debian, or Ubuntu don't provide the latest version of the software we need in their default repositories. To get past this problem we will be adding 3rd party software repositories that will allow us to get the latest version of the software we need.

Going a nit off road
- We're not going to stick with all software defaults of software packages. We will change configurations of the software we install and we will write our own configurations from scratch where and when necessary.

Make sure you have all of that ready and are properly prepared.

---

First, we will be adding 3rd party repositories for the latest Nginx Stable, PHP 8, and MariaDB versions.

Run the commands below to create new source lists for the three application sets.

Nginx Stable (directly from nginx.org)

PHP 8 (from deb.sury.org)

MariaDB 10.5 (directly from MariaDB Foundation)
(In my case I'm using a German mirror. You can generate a source list for MariaDB 10.5 with a different mirror here.)

Finally, there are a few packages that can be updated and others that can be deleted (as they're no longer required). Run the command below to make sure everything is up to date:

After adding these 3rd party repositories we can continue with the installation of all software packages that we need.

---

Nginx Stable

Let's start by installing, enabling, and starting the Nginx web server. Run the commands below:


PHP 8.0 + Extensions

Now it's time to install PHP 8.0 and the necessary extensions. One important being the PHP FPM extension. Which we will enable as a service and start after the installation. Execute the commands below on your server:


MariaDB 10.5

After PHP 8.0 has been installed we can install the MariaDB 10.5 MySQL database server. After that, we will enable and start it. Run the commands below in your terminal:

Now we have everything necessary installed and can continue with the configuration of the applications, set up things like firewall rules and directory permissions.

---

Firewall rules for the web server

By default Debian 10 comes neither with firewalld nor with any other easier-to-use firewall or iptables frontend. Only the raw iptables firewall is available. However, to makes things much easier for the future we will install the iptables frontend ufw (uncomplicated firewall).

To install ufw run the commands below:

If you have IPv6 addresses available you may want to enable IPv6 support.

Make sure you have the entry "IPV6=yes" inside the file and it is not commented.

Now we have to configure the default policies. The best security practice is to block everything that we didn't explicitly allow. So our default policy for incoming connections will be set to "deny". However, we will allow all outgoing connections as it can be very hard and painful to filter outgoing connections properly. Outgoing connections can happen basically any port to any port (1 to 65535). It depends a lot on what kind of server or service the outgoing connection is connecting to. So for the outgoing connections, we will set the default policy to "allow".

Run the commands below to set default policies:

Don't worry. You will not be disconnected! After running the commands above ufw is actually still inactive.

Next, it is time to open the incoming ports that we need. We'll be simply starting with the SSH port (I use port 22 still as SSH is only accessible over LAN - remember to adjust your SSH port in the command below), port 80 for HTTP, and port 443 for HTTPS. Run the commands below:

Now we will enable ufw and from here on the rules will be active. If you set up the wrong port for SSH you will be locked out after running the command below! For this kind of case make sure you have some kind of emergency access. I highly recommend being careful when configuring the allowed incoming connections to avoid locking yourself out.

Enable ufw:

If asked whether you wish to continue press the Y button and the ENTER button. Ufw is now enabled.

Please read https://www.digitalocean.com/community/t...d-commands for more information about ufw and the most necessary basics and commands.


What you can do now to confirm that the firewall is working properly is to access the IP or domain of your server. You should see an Nginx page showing up like in the screenshot below. And obviously, if your SSH connection is still working the firewall rules for it are correct .



By the way: during the whole tutorial I will be using hiddenrefuge.eu.org as my domain in all configurations, etc. Keep in mind to replace this domain with your own domain where you see it. This means especially the part where we will configure our Nginx vHost, the WordPress blog, etc.

---

Nginx default vHost configuration

We will not touch the default nginx.conf file in /etc/nginx/ as it is fine as it is by default. The way the file is configured by default in the Nginx.org packages is enough to run pretty much any website for the beginning.

What we will modify is the default vHost "default.conf" to disconnect all connections that attempt to connect to the IP address or domain name that has no vHost on the server.

Rename the original default.conf file to a backup:

Open a new and empty default.conf:

Paste the following into the file:

Use the CTRL + O button to save the changes and after that use CTRL + X to exit nano.

Restart Nginx to apply the changes:

If you now access the IP address or domain of your server you will see a browser error message like this one:

(In the case of Firefox, as it is the web browser I currently use.)

If you see such a page or a similar in another browser you now know that the default.conf vHost is working as intended. All connections to the IP address directly or a domain that has no vHost on the webserver are canceled by the webserver to prevent host spoofing.

---

Nginx vHost configuration for your own domain

Now that we have configured the default vHost we can continue with setting up the real vHost for our own domain of the WordPress blog we want to host.

Create an empty vHost file for your site:
(Remember to adjust the domain in the vHost file name.)

Paste the following code into the file:
(Again remember to adjust the domain name to the one you use where needed.)

Use the CTRL + O button to save the changes and after that use CTRL + X to exit nano.

In this guide, I will use /var/www/hiddenrefuge.eu.org as the directory for my WordPress blog. So now it is necessary to create that folder and give it the correct permissions.

Create the folder tree:
(Adjust your domain!)

Set the correct ownership of the folder:
(The Nginx web server is running as the user and group "nginx".)

Restart Nginx to apply the new vHost configuration:

Now you have a vHost for your domain that is pointed to the IP address of your server. If you now open the domain you pointed to your server you should see a 403 Forbidden error. Why 403? Because we don't have an index file, yet. By default, Nginx disables the listing directories and so it returns a 403 Forbidden error. However, this means that the vHost is working. If it wouldn't be working you still would get the error from the default vHost configuration or another error/issue.

---

Fixing PHP to prevent malicious requests to PHP via PHP-FPM

Quote:When pairing NGINX with PHP-FPM, it’s possible to return to NGINX a .php URI that does not actually exist within the site’s directory structure. The PHP processor will process the URI, and execute the .php file because its job is to process anything handed to it by NGINX. This presents a security problem.

It’s important to limit what NGINX passes to PHP-FPM so malicious scripts can’t be injected into return streams to the server. Instead, the request is stopped, possibly then resulting in a 404.

Run the following command:

Restart PHP-FPM:

That security risk should be fixed now.

---

Fix PHP-FPM pool listen user and group

The Nginx web server is running as the user Nginx and the group Nginx. Meanwhile, the default PHP-FPM pool www is using the user and group www-data. This is a conflict that will prevent from PHP 8.0 working with Nginx. This needs to be fixed.

Open the default PHP-FPM pool www config file to edit it:

Find the following lines:

Replace them with:

Use the CTRL + O button to save the changes and after that use CTRL + X to exit nano.

Restart PHP-FPM to apply the changes:

Now the PHP-FPM process will be running under the same user as Nginx and Nginx can properly access the listen socket of PHP-FPM to process PHP files from the webserver to PHP and vice-versa.

---

Verification of PHP 8.0 working with Nginx

The next step before going forward with MariaDB is to confirm that PHP 8.0 is actually working properly with Nginx.

Create an empty info.php file in the directory of your website:

Paste the following PHP code into the file:

Use the CTRL + O button to save the changes and after that use CTRL + X to exit nano.

Open the file in your browser and you should see the PHP 8.0 info page like in the screenshot below.



If you see this page and not an error page you now know that PHP 8.0 is working properly together with the Nginx webserver.

You can remove the info.php file as it is no longer needed.

---

Setting up MariaDB

How far are we? Great news! We have so far installed and configured the Nginx web server successfully. We've fixed up PHP 8.0 and made it work together with Nginx (with a small and easy verification).

Next goal: MariaDB 10.5 MySQL database server.

The first step is to perform a secure configuration of the MariaDB MySQL database server by setting a root password, etc.

Run the command below to start the secure configuration:

By default, there is no root password set. So simply press the ENTER key to continue.

Next, you will be asked if you want to switch to unix_socket authentication. Press the N key and the ENTER key. While this might be more secure not every application you might want to host will support Unix socket authentication.

Now you will be asked to change the root password. Press the Y key and the ENTER key. Type in the new password twice.

After that, press the Y key and the ENTER key when asked to disable anonymous user access.

Next, you will be asked to disable root login. Press the Y key and the ENTER key. This will allow root login only via localhost in the CLI.

After that, you will be asked if you wish to remove the test database. Press the Y key and the ENTER key.

Finally, when asked to reload the privileges tables press the Y key and the ENTER key.

The secure setup of MariaDB is finished after this set of steps.

Here is how the whole output of the configuration screen should look like:

Quote:root@hiddenrefuge:~# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

To log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorization.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

---

Creating a MySQL user and database for the WordPress blog

Time to create a new MySQL user and database for the WordPress blog that we will host. We will not use the MySQL root account and we cannot. It is bad security practice to use the MySQL root account for web applications or other database use cases. In the new MySQL / MariaDB version it is impossible to use root any other way than via the localhost CLI MySQL tool.

Start the CLI MySQL tool:

Type in the password you have set before during the MariaDB secure setup.

You will be in the MariaDB CLI interace that looks like this:


Create a new database for the Wordpress blog:
(I will be using the database name hiddenblog. Remember to adjust yours!)

Now, create a new user:
(I will be using the username hiddenuser. Remember to adjust yours! Also don't forget to set the password.)

After that, it is time to give the user full permission for the database:

Finally, reload the privileges:

Exit the MySQL CLI tool.

So now we have an empty database and a user assigned to it that we can use in the WordPress installation.

---

WordPress blog installation

Finally! We can start with the installation of the WordPress blog .

Change into the directory of your site:

Download the latest WordPress version:

Extract the downloaded archive:

Move the WordPress files into your main directory:

Remove the downloaded archive and the empty wordpress folder:

Set ownership for the files and folders correctly:

Now, open your domain in the web browser and you should see the WordPress installer.

At the first screen select the language you want to use. In my case English. After that press on the blue "Continue" button.

After that, you will see a info screen showing what is coming up next in terms of configuration. Here you will need the database name, username and password that we created before. First click on the "Let's go!" button.

On the next screen type in the database name, username and password. You can keep the database host and table prefix as is. After you have filled out the necessary fields click on the "Submit" button.

Now, you will see a screen saying that everything looks sparky (good) and you can click on the "Run the installation" button to perform the installation.

Shortly after, you will be at the first configuration screen where you can set the title of your blog, a username and password for the main account and e-mail. Fill in everything as you wish. At the end press the "Install Wordpress" button.

A few seconds later you will be the last screen of the installation. It should say Success!. From here on your blog is installed. You can log into he Admin CP and continue the configuration and add content.





FYI: WordPress permalinks are already working as the vHost that we created for our site contains the necessary pieces of code to make them work.

That's it. You now have a Nginx web server running with PHP 8.0 and the MariaDB MySQL database server. All of that is hosting your very own WordPress blog. You've not used a single control panel during the whole process.

This might seem like a lot of work? 75% of the content from this thread can be compiled into a single bash shell script that will perform a lot of the steps automatically without any user input. After that you would only have to setup your own vHost, create a database with a user and install your WordPress blog. Again using no control panel.