Installing and Securing phpMyAdmin on Ubuntu 14.04
Since a lot of users require the functionality of a database management system such as MySQL, they might not feel comfortable when interacting with the system solely from the MySQL prompt.
phpMyAdmin was made for users to interact with MySQL using a web interface. In this tutorial we will teach you how to install and secure phpMyAdmin so that you may safely use it to manage your databases on Ubuntu 14.04
Before this tutorial there are a couple of things you will need to have:
- A non-root user with sudo privileges.
- A LAMP stack (Linux, Apache, MySQL, and PHP) installation on your Ubuntu 14.04 server.
After you have acquired these things, you should be ready to get started with this tutorial.
To begin, you could just install phpMyAdmin using the default repositories.
You can do this by updating your local package index afterwards, you will use the apt packaging system to pull down the files and install them on your system:
sudo apt-get update
sudo apt-get install phpmyadmin
This should prompt you with a couple of questions so that you configure your installation correctly.
- When at the server selection, select ‘apache2’.
- Choose ‘yes’ after you are prompted whether to use ‘dbconfig-common’ to set up the database.
- You are going to be asked for your database administrator’s password.
- Afterwards you will be asked to select and confirm a password for the ‘phpMyAdmin’ application itself.
During the installation procedure, you will get the phpMyAdmin Apache configuration file into the ‘/etc/apache2/conf-enabled/’ directory since it is automatically read.
One thing you will have to do is explicitly enable the ‘php5-mcrypt’ extension, we may do this by entering the following below.
sudo php5enmod mcrypt
Then, you must restart Apache for your changes to take effect.
sudo service apache2 restart
You may now access the web interface by going to your server’s domain name or public IP address followed by ‘/phpmyadmin:’.
You should now be able to log into the interface with your root username and administrative password which you have set up while installing MySQL.
After you have logged in, you should see the user interface which should look like the below.
Secure your phpMyAdmin Instance
Now you have got your phpMyAdmin interface up and running, we are ready to proceed and secure it, which is an important part because it is a popular target for attackers.
The best way to do this is placing a gateway in front of the whole application. You can do this with Apache’s built-in ‘.htaccess’ authentication and authorization functionalities.
Configure Apache to Allow .htaccess Overrides
You will have to enable the use of ‘.htaccess’ file overrides by modifying your Apache’s configuration file.
You have to modify the linked file that was placed in your Apache configuration directory.
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
You have to add an ‘AllowOverride All’ directive inside of the ‘<Directory /usr/share/phpmyadmin>’ section of the configuration file, as such.
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All . . .
After you have added this line, you can save and exit the file.
To cause the changes to take effect, restart Apache.
sudo service apache2 restart
Create an .htaccess File
Since you have ‘.htaccess’ enabled, we can use it for your application, you have to create one to really insert some security.
For this to be successful, the file has to be created inside the application directory. You could create the needed file and open it in your text editor with root privileges by entering the below.
sudo nano /usr/share/phpmyadmin/.htaccess
Inside this file, you have to enter this information.
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
In case you are wondering what each of these lines mean, we will go over it quickly.
AuthType Basic: What this line does is specify the authentication type that you are implementing. This type is going to implement password authentication with a password file.
AuthName: This puts the message for the authentication dialog box. You need to keep this generic so that unauthorized users are not going to be able to gain any information about what is being protected.
AuthUserFile: This puts the location of the password file which is used for authentication. This has to be outside of the directories that are being served. We will make this file soon.
Require valid-user: This makes sure that only authenticated users are granted access to this resource and is what stops unauthorized users from entering.
After you are finished, save and exit the file.
Create the .htpasswd file for Authentication
Since you have specified a location for your password file with the use of the AuthUserFile directive inside of your ‘.htacesss’ file, you have to create this file.
You now require an extra package to finish this procedure which you can install using your default repositories.
sudo apt-get install apache2-utils
Then, you are going to have the ‘htpasswd’ utility ready for use.
The location you have chosen for the password file was ‘/etc/phpmyadmin/.htpasswd’. Let’s make this file and pass it an initial user by entering the below.
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
You will be asked to choose and confirm a password for the user you are making. Then, the file is made with the hashed password you have entered.
If you would like to enter an additional user, you have to do so without the ‘–c’ flag, as shown here below.
sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser
You will now have access to your phpMyAdmin subdirectory, you will be asked for the additional account name and password that you have just configured:
Once you have entered the Apache authentication, you should be taken to the usual phpMyAdmin authentication page to type your other credentials. Then it will add an extra layer of security because phpMyAdmin has suffered from vulnerabilities before.
You will now have phpMyAdmin installed, configured, and completely ready for use on your Ubuntu 14.04 server. With this interface, you may create databases, users, tables, and other things as well as performing the usual operations such as deleting and editing structures and data.