How to Install phpMyAdmin with Nginx on Ubuntu 22.04 LTS

One of the most popular tools for managing databases is called phpMyAdmin. It’s an easy-to-use, free web interface that allows you to manage your MySQL or MariaDB database from anywhere with just a browser! The best thing about this software? You don’t need any special knowledge on how servers work because it does all the heavy lifting behind the scenes so users can access them easily without getting lost in the command line terminal.

Most times developers prefer to use phpMyAdmin to interact with a database server because of its ease of use and advanced SQL editor, making it easy to build and test complex SQL queries on the other hand admins of webservers install phpMyAdmin besides their CMS system such as WordPress to try and fix problems or to give access to someone else (a developer of a plugin for example) access to investigate an issue.

In the following tutorial, you will learn how to install the LEMP stack quickly using Nginx, MariaDB, and PHP (PHP-FPM) using the standard Ubuntu 22.04 Jammy Jellyfish repositories then download and configure phpMyAdmin manually by creating an Nginx server block and a free Let’s Encrypt TLS certificate.

Update Ubuntu

Before proceeding with the tutorial, it is good to ensure your system is up-to-date with all existing packages to avoid any conflicts during the installation.

sudo apt update && sudo apt upgrade -y

Install Nginx – LEMP Stack

After installing either stable or mainline Nginx PPA, use the following command to install Nginx:

sudo apt install nginx-core nginx-common nginx nginx-full -y

Once installed, the service should be enabled by default; however, it is good to check this, and it is operating correctly.

systemctl status nginx

Example output:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

If the server has not been activated, use the following command to do this and have Nginx started on reboot.

sudo systemctl enable nginx --now

Install MariaDB – LEMP Stack

In the second part of the installation, you will need to install the database part. LEMP stack typically associates itself with MariaDB over MySQL for many reasons, mainly due to performance.

In your terminal, execute the following command.

sudo apt install mariadb-server mariadb-client -y

Once installed, verify the same as you did with the Nginx service that it is enabled and working without any errors.

systemctl status mariadb

Example output:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

If the server has not been activated, use the following command to do this and have MariaDB started on reboot.

sudo systemctl enable mariadb --now

Run MariaDB Security Script

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mysql_secure_installation

Next, follow below:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

Note, you use (Y) to remove everything.

Example:

[joshua@ubuntu-22-04 ~]$ sudo mariadb-secure-installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Install PHP – LEMP Stack

Lastly, install the PHP service for the LEMP stack, which will act as the middle man between Nginx and MariaDB. PHP archives this with the PHP-FPM service and some additional modules required by phpMyAdmin.

Ubuntu 22.04 LTS comes with PHP 8.1 as the default installation option, so that is what you will install using the following command.

sudo apt install php8.1-fpm php8.1-mbstring php8.1-bcmath php8.1-xml php8.1-mysql php8.1-common php8.1-gd php8.1-cli php8.1-curl php8.1-zip php8.1-gd -y

Once installed, verify the same as you did with the MariaDB service that it is enabled and working without any errors.

systemctl status php8.1-fpm

Example output:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

If the server has not been activated, use the following command to do this and have MariaDB started on reboot.

sudo systemctl enable php8.1-fpm --now

Install phpMyAdmin

By default, Ubuntu 22.04 repository comes with phpMyAdmin and the required dependencies. However, as often with Ubuntu LTS releases, the version and build are far behind what is currently available from the source, and you cannot install the upstream release candidate/beta releases.

So as you would have gathered by now, the tutorial will install the latest version as follows.

Create phpMyAdmin Username SuperUser

By default, you can log in with the root user on phpMyAdmin. However, it is always better to create a superuser; just like you would for Linux, sudo users are preferred over using root, so it’s the same sort of logic.

First, log in to the terminal interface.

sudo mysql -u root

Next, create a database in the MariaDB terminal:

CREATE USER PMAUSER IDENTIFIED BY 'password here change';

Now you need to create a user and grant permissions as follows:

GRANT ALL PRIVILEGES ON *.* TO 'PMAUSER'@'localhost' IDENTIFIED BY 'password here change' WITH GRANT OPTION;

Remember to change the ‘password here change,’ do not blindly copy, please.

To finish off, flush the privileges for changes to take effect.

FLUSH PRIVILEGES;

Now exit with the following command.

QUIT;

Download phpMyAdmin Latest Source Version

Downloading the latest version of phpMyAdmin is straightforward; visit the phpMyAdmin downloads page to find the newest version number.

Next, execute the following codes to automatically download all language’s latest versions.

At the time of the tutorial, 5.1.3 is the latest version, so this should be in the downloaded output; remember, in time, this version will change; however, the command will be the same!

DATA="$(wget https://www.phpmyadmin.net/home_page/version.txt -q -O-)"
URL="$(echo $DATA | cut -d ' ' -f 3)"
VERSION="$(echo $DATA | cut -d ' ' -f 1)"
wget https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-all-languages.tar.gz

Example output:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

If you want to download the English version, substitute the end line with the following:

wget https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-english.tar.gz

Next, extract the archive using the following command:

tar xvf phpMyAdmin-${VERSION}-all-languages.tar.gz

Configure phpMyAdmin

The next step is to move all the extracted files to their final destination, in the standard /var/www/ directory location using the mv command.

sudo mv phpMyAdmin-*/ /var/www/phpmyadmin

By default, phpMyAdmin does not come with a TMP directory when installing from source, and you need to create this manually:

sudo mkdir -p /var/www/phpmyadmin/tmp

In the phpMyAdmin directory, a default configuration-example file is included. You will need to rename this file for phpMyAdmin to recognize the configuration.

However, for backup, you will use the CP command to create a copy and keep the default as a backup if any mistakes are made in the location /var/www/phpmyadmin/ directory.

Copy config.sample.inc.php to config.inc.php with the following command:

sudo cp /var/www/phpmyadmin/config.sample.inc.php /var/www/phpmyadmin/config.inc.php

Next, open this file using your preferred text editor. For the tutorial, the nano text editor is used:

sudo nano /var/www/phpmyadmin/config.inc.php

phpMyAdmin uses a Blowfish cipher. Scroll down to the line that begins with $cfg[‘blowfish_secret’].

The lines will look like for example:

$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

You will need to assign a string of 32 random characters between the single quote marks. The easiest way to achieve this is using the program pwgen. To install pwgen, use the following terminal command:

sudo apt install pwgen -y

Once installed, run the following command:

pwgen -s 32 1

You will then get your 32 random characters for the blowfish secret, example output:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

Example of adding the cipher to the configuration file (Do not copy):

$cfg['blowfish_secret'] = 'HgLcjlF18HQ09JAsdcmbL0iz1x7YQrY5'

Example in the configuration file:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

The rest of the default settings should work for most users. If your server is located on another server located in your network, find and change the line $cfg[‘Servers’][$i][‘host’] = to that of the private IP address. Example below:

$cfg['Servers'][$i]['host'] = '192.168.55.101';

Set phpMyAdmin File Permissions

Next, you must set the directory owner permissions to www-user for compatibility and security.

Set chown permission (important):

sudo chown -R www-data:www-data /var/www/phpmyadmin/

Set chmod permission (important):

sudo find /var/www/phpmyadmin/ -type d -exec chmod 755 {} \;
sudo find /var/www/phpmyadmin/ -type f -exec chmod 644 {} \;

Create Nginx Server Block for phpMyAdmin

To access the phpMyAdmin web interface, you must create an Nginx server block. It is highly recommended to keep this separate, and on a sub-domain, you can name it anything you like to help with security and brute force attacks.

First, create and open your server block using nano text editor as follows:

sudo nano /etc/nginx/sites-available/phpmyadmin.conf

Next, you can paste the below text into the file. Note, you must replace the domain URL with your own:

server {
  listen 80;
  listen [::]:80;
  server_name pma.example.com;
  root /var/www/phpmyadmin/;
  index index.php index.html index.htm index.nginx-debian.html;

  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }

  location ~ /\.ht {
    deny all;
  }
}

Some notes down on the above example.

  • /run/php/php8.1-fpm.sock; – This must be changed to 8.0, 7.4 etc if using a different PHP-FPM version.
  • root /var/www/phpmyadmin/; – This is the path set in the tutorial, change this if you set phpMyAdmin elsewhere.

If you are the only one accessing this from a static IP address, you can add the following code above the first location entry. An example of this is below:

  allow <your ip address>;
  deny all; 

  location / {
    try_files $uri $uri/ /index.php;
  }
...........................................

This will naturally block anyone visiting the page with a 403 error unless allowed by your IP address. This, by nature, can stop all brute attacks in their tracks, but maybe not viable for some setups.

Now save using (CTRL+O) and exit with (CTRL+X).

Next, create a symlink from sites-available where the configuration file is contained to link then sites-enabled.

sudo ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/

Before you restart the Nginx service, always do a dry run test, especially in live environments, to ensure the server block or whatever changes you have made to your configuration files do not cause Nginx to error.

sudo nginx -t

If you have no errors, you should get the following output:

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

Now restart your Nginx service for changes to take effect:

sudo systemctl restart nginx

Accessing the phpMyAdmin Web UI

To access the Web Interface, open your preferred Internet Browser and type in pma.example.com with (example) your domain. You should come to the login screen of phpMyAdmin as follows:

Example (Click Image To Expand):

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

Enter your login details, then go forward into your phpMyAdmin dashboard.

Example (Click Image To Expand):

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

And that is it, and you have successfully installed the latest version of phpMyAdmin using LEMP. Alternatively, you can highly customize this installation. For instance, you can grab the latest beta or install different variations of LEMP with newer or older releases of Nginx, MariaDB, and PHP-FPM.

Some other things worth noting for users fresh to phpMyadmin is the stats page.

Example (Click Image To Expand):

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

Example of Advisor (Click Image To Expand):

How to Install phpMyAdmin with LEMP on Ubuntu 22.04 LTS

Note, the advisor recommends 24 hours, I believe this should be 72 hours at minimum and do not take the advisor page as word of it and implement changes and walk away, fine-tuning any MySQL or MariaDB configuration file takes time, and much editing/testing to get the perfect optimization.

Secure phpMyAdmin with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the certbot package as follows:

sudo apt install python3-certbot-nginx -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

During the certificate installation, you will get a notice to receive emails from EFF(Electronic Frontier Foundation). Choose either Y or N then your TLS certificate will be automatically installed and configured for you.

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS://pma.example.com instead of HTTP://pma.example.com.

If you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window using the following terminal command.

sudo crontab -e

Next, please specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help finding a good time to set, use the crontab.guru free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

That’s it, and you have installed SSL on your phpMyAdmin area. A great idea will be to test using a free SSL test such as DigiCert or SSL Labs.

Comments and Conclusion

In the tutorial, you have learned how to install the required software dependencies and download and create the correct directories for phpMyAdmin from the source on Ubuntu 22.04 LTS.

Overall, using phpMyAdmin is an excellent tool for any database management. You can easily create databases, users, tables and perform the usual operations like deleting and modifying structures and data in a clean Web UI interface instead of the default terminal.

Please be careful with using phpMyadmin; you can do some severe damage and, if not secured, can cause a significant security problem. To find more information, visit the official documentation.



Follow LinuxCapable.com!

Like to get automatic updates? Follow us on one of our social media accounts!