How to Install and Secure the latest phpMyAdmin version on Debian 12

phpMyAdmin is a free, web-based administration tool used to manage MySQL and MariaDB databases, widely utilized in Debian Linux systems. It provides a user-friendly interface for interacting with databases, allowing users to execute SQL queries, manage database tables, import and export data, and configure various database settings without needing to use the command line. On Debian Linux, phpMyAdmin is often installed alongside a LAMP (Linux, Apache, MySQL/MariaDB, PHP) stack, making it easier for administrators and developers to handle database operations in a more visual and organized way.

In this tutorial, I will show you how to install and secure phpMyAdmin database administration tool on Debian 12.

Prerequisites

• A server running Debian 12.
• A root password is configured on the server.

Getting Started

Before starting, updating your system packages to the latest version is a good idea. You can update all packages using the following command:

apt update -y

Once your system is updated, you can proceed to the next step.

Install LAMP Server

phpMyAdmin is a PHP-based application that runs on a web server. So, you will need to install the LAMP server on your server. You can install it using the following command:

apt install apache2 mariadb-server libapache2-mod-php php-cli php-mysql php-zip php-curl php-xml php-mbstring php-zip php-gd unzip -y

Once all the packages are installed, you can proceed to the next step.

Install and Configure phpMyAdmin

First, download the latest version of phpMyAdmin from their official website using the following command:

wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip

Once the download is completed, unzip the downloaded file with the following command:

unzip phpMyAdmin-5.2.1-all-languages.zip

Next, move the extracted directory to the /usr/share with the following command:

mv phpMyAdmin-5.2.1-all-languages /usr/share/phpmyadmin

Next, create the required directory with the following command:

mkdir -p /var/lib/phpmyadmin/tmp

Next, set proper ownership to the phpMyAdmin directory:

chown -R www-data:www-data /var/lib/phpmyadmin

Next, copy the phpMyAdmin sample configuration file:

cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php

Next, install the pwgen and generate a secrete key with the following command:

apt-get install pwgen -y

pwgen -s 32 1

Output:

pau9t1SG6lmaeCFxKqeeaY5N4erIa25K

Next, edit the config.inc.php file and configure it:

nano /usr/share/phpmyadmin/config.inc.php

Define your secrete key and uncomment the following lines:

$cfg['blowfish_secret'] = 'pau9t1SG6lmaeCFxKqeeaY5N4erIa25K'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'password';

$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';

$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';

Save and close the file when you are finished.

Create phpMyAdmin Admin User

Creating a separate user to manage the database through phpMyAdmin is always recommended.

First, import the phpMyAdmin tables to the MariaDB database using the following command:

mysql < /usr/share/phpmyadmin/sql/create_tables.sql

Next, connect to the MariaDB shell with the following command:

mysql

Once you are connected, grant all necessary privileges to the phpmyadmin database with the following command:

MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost' IDENTIFIED BY 'password';

Next, create an admin user with the following command:

MariaDB [(none)]> CREATE USER myadmin;

Next, grant all the privileges to the admin user with the following command:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'myadmin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

Next, flush the privileges and exit from the MariaDB shell using the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;

MariaDB [(none)]> EXIT;

Once you are finished, you can proceed to the next step.

Configure Apache for phpMyAdmin

Next, you must create an Apache virtual host configuration file for phpMyAdmin. You can create it using the following command:

nano /etc/apache2/conf-available/phpmyadmin.conf

Add the following lines:

Alias /phpmyadmin /usr/share/phpmyadmin


    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php

    
        
            AddType application/x-httpd-php .php
        
        
            SetHandler application/x-httpd-php
        

        php_value include_path .
        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/
        php_admin_value mbstring.func_overload 0
    
    
        
            AddType application/x-httpd-php .php
        
        
            SetHandler application/x-httpd-php
        

        php_value include_path .
        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/
        php_admin_value mbstring.func_overload 0
    



# Authorize for setup

    
        
            AuthType Basic
            AuthName "phpMyAdmin Setup"
            AuthUserFile /etc/phpmyadmin/htpasswd.setup
        
        Require valid-user
    


# Disallow web access to directories that don't need it

    Require all denied


    Require all denied


    Require all denied

Save and close the file when you are finished, then enable the phpMyAdmin configuration file with the following command:

a2enconf phpmyadmin.conf

Next, reload the Apache service to apply the changes:

systemctl reload apache2

You can check the status of the Apache service using the following command:

systemctl status apache2

You should see the following output:

? apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2024-08-25 11:28:21 UTC; 5s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 23021 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 23031 (apache2)
      Tasks: 6 (limit: 2341)
     Memory: 14.6M
        CPU: 89ms
     CGroup: /system.slice/apache2.service
             ??45031 /usr/sbin/apache2 -k start
             ??45032 /usr/sbin/apache2 -k start
             ??45033 /usr/sbin/apache2 -k start
             ??45034 /usr/sbin/apache2 -k start
             ??45035 /usr/sbin/apache2 -k start
             ??45036 /usr/sbin/apache2 -k start

Sun 25 11:28:21 debian systemd[1]: Starting The Apache HTTP Server...

Access phpMyAdmin

At this point, phpMyAdmin is installed and configured. Now, open your web browser and access the phpMyAdmin using the URL http://your-server-ip/phpmyadmin. You should see the phpMyAdmin login page:

Provide your admin username, password and click on the Go button. You should see the phpMyAdmin dashboard on the following page:

Secure phpMyAdmin

It is a good idea to secure the phpMyAdmin with two-factor authentication. You can do this using the .htaccess authentication and authorization functionalities.

First, edit the phpMyAdmin configuration file:

nano /etc/apache2/conf-available/phpmyadmin.conf

Add the “AllowOverride All” line in the following server block:

    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All

    

Save and close the file when you are finished then restart the Apache service:

systemctl restart apache2

Next, create an .htaccess file and define the Apache authentication type:

nano /usr/share/phpmyadmin/.htaccess

Add the following lines:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/share/phpmyadmin/.htpasswd
Require valid-user

Save and close the file then create a user with the following command:

htpasswd -c /usr/share/phpmyadmin/.htpasswd secureuser

You will be asked to set a password as shown below:

New password: 
Re-type new password: 
Adding password for user secureuser

Verify phpMyAdmin

At this point, phpMyAdmin is secured with additional authentication. To verify it, open your web browser and access the phpMyAdmin using the URL http://your-server-ip/phpmyadmin. You will be asked for the additional username and password as shown below:

After providing your username and password, you will be redirected to the regular phpMyAdmin login page.

Conclusion

Congratulations! You have successfully installed and secured phpMyAdmin on Debian 12. You can now explore phpMyAdmin and manage your database from the web browser.