Installing phpMyAdmin on Rocky Linux 9 and Securing it with Let’s Encrypt SSL

phpMyAdmin is a popular free tool written in PHP intended to administer MySQL and MariaDB over the web. This guide will walk you through the installation of phpMyAdmin on Rocky Linux 9 and show you how to secure your installation with a free SSL certificate from Let’s Encrypt.

Prerequisites

Before you begin, ensure that you have the following:

1. A server running Rocky Linux 9 with root or a sudo-enabled user.
2. LAMP stack installed (Linux, Apache, MariaDB/MySQL, PHP).
3. Internet access to download necessary packages and certificates.
4. A registered domain name pointing to your server’s public IP address.
5. Port 80 and 443 allowed through the firewall for HTTP and HTTPS traffic, respectively.

Update System Packages

Start by updating the package repository and upgrading all installed packages:

sudo dnf update -y

Install EPEL Repository

phpMyAdmin is included in the EPEL repository, which is not enabled by default. You need to enable it:

sudo dnf install epel-release -y

Install phpMyAdmin

With the EPEL repository enabled, you can now install phpMyAdmin:

sudo dnf install phpMyAdmin -y

Configure Apache to Serve phpMyAdmin

The next step is to configure Apache to serve phpMyAdmin by editing the configuration file:

Open the configuration file in a text editor of your choice:

 sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Adjust the permissions to allow connections only from specific IPs or networks. By default, phpMyAdmin is configured to deny access from any IP address that is not the local host (127.0.0.1).

To allow access from a specific IP (e.g., 123.123.123.123), find:

 Require ip 127.0.0.1
 Require ip ::1

Add the following line:

 Require ip 123.123.123.123

Hint: For testing in a secure environment, you might temporarily allow access to all (Require all granted), but ensure this is closed in production.

Save and close the file.

Restart Apache

Apply the changes by restarting the Apache service:

sudo systemctl restart httpd



Now you can log into phpMyAdmin:

Secure phpMyAdmin with Let’s Encrypt SSL

Install Certbot

Certbot is a client that fetches and deploys SSL certificates from the Let’s Encrypt CA.

sudo dnf install certbot python3-certbot-apache -y

Obtain an SSL Certificate

Run Certbot to obtain a certificate for your domain:

sudo certbot --apache

• You will be prompted to enter your email address and agree to the terms of service.
• Certbot will automatically obtain and install a new SSL certificate and configure Apache to use it.

Verify SSL Installation

To verify if SSL is successfully installed, try accessing your domain using https://yourdomain.com/phpmyadmin. Ensure that your browser shows a lock icon indicating a secure connection.

Automate Certificate Renewal

Let’s Encrypt certificates are valid for 90 days. It’s crucial to automate the renewal process:

Certbot includes a systemd timer to handle automatic renewals. Ensure it is enabled:

 sudo systemctl enable --now certbot-renew.timer

Check the timer’s status to ensure it is set:

 sudo systemctl status certbot-renew.timer

Conclusion

You’ve successfully installed and secured phpMyAdmin on Rocky Linux 9 using Let’s Encrypt SSL. This setup enables you to manage your databases securely via a web interface and ensures encrypted communication over the network. Routine checks and updates on both your server and phpMyAdmin installations are recommended as part of standard maintenance and security practices.