This guide will demonstrate how to install phpMyAdmin with Nginx on Ubuntu 24.04, 22.04, or 20.04 LTS Linux releases utilizing the command-line terminal with the APT Package Manager to install Nginx, MariaDB, and PHP, then downloading the phpMyAdmin archive to install and configure the database management software.
phpMyAdmin is a free and open-source administration tool for MySQL and MariaDB. As a portable web application written in PHP, it has become one of the most popular MySQL administration tools, particularly for web hosting services. This tool provides a user-friendly web interface to access and manage your databases.
Here are key features and highlights that make phpMyAdmin a go-to choice for database management:
- Web-based Interface: Access and manage your databases from anywhere through a web browser.
- Comprehensive Database Management: Perform a wide range of database activities, including browsing databases, tables, columns, relations, indexes, users, permissions, and executing SQL statements.
- Import and Export Data: Easily import data from CSV and SQL and export data to various formats like CSV, SQL, XML, PDF, ISO/IEC 26300 – OpenDocument Text and Spreadsheet, Word, Excel, LATEX, and others.
- MySQL Features: Full support for MySQL features, including managing databases, tables, columns, relations, indexes, users, and permissions.
- Advanced Querying: Use the Query-by-example (QBE) feature to create complex queries.
- Visualizations: Generate visual representations of your databases and their structures.
- PHP Compatibility: Fully written in PHP, ensuring compatibility with systems running PHP.
- Multi-language Support: Available in 78 languages, making it accessible for users worldwide.
These features highlight phpMyAdmin’s capability to handle a broad array of database management tasks efficiently, catering to both beginners and experienced users alike.
Next, let’s dive into the technical steps to install and configure phpMyAdmin with Nginx on Ubuntu.
Update Ubuntu Before LEMP Installation
For a smooth installation process and to prevent conflicts before starting the tutorial, update your system with the latest packages:
sudo apt update && sudo apt upgradeInstall LEMP Stack for phpMyAdmin on Ubuntu
Install the Nginx Part of LEMP
To set up a LEMP stack, start by installing Nginx with the command below:
sudo apt install nginxThe service is usually enabled by default after installation. However, always verify and ensure it’s functioning correctly:
systemctl status nginx
If the server isn’t activated, use the following command to activate it and set Nginx to start automatically upon each reboot:
sudo systemctl enable nginx --nowInstall the MariaDB Part of LEMP
The second stage of the LEMP installation involves installing the database component. MariaDB is usually the preferred choice in the LEMP stack over MySQL due to its improved performance and other advantages. If you prefer to install a different version of MariaDB from the official repositories provided by MariaDB.org, you can find our guide on installing MariaDB 11.x or 10.x on Ubuntu.
To install MariaDB, run the following command in your terminal.
sudo apt install mariadb-server mariadb-clientAfter installation, verify the MariaDB service’s status, as you did for Nginx, to ensure it’s enabled and operating correctly without errors.
systemctl status mariadb
If the server is not activated, use the following command to activate and start MariaDB on reboot:
sudo systemctl enable mariadb --nowRun MariaDB Post Installation Security Script on Ubuntu
Run the installation security script during the MariaDB installation process to secure your installation, preventing potential exploitation or intrusion by malicious actors. The industry highly recommends this script as new MariaDB versions often come with default settings considered weak and risky.
To begin, execute the following command to launch the (mysql_secure_installation):
sudo mysql_secure_installationFollowing the execution of the mysql_secure_installation script, the next step is configuring the settings. This includes setting the root password, restricting remote access from external sources, removing anonymous user accounts, and eliminating the test database. These steps help to secure your MariaDB installation and prevent potential security threats.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!Install the PHP Part of LEMP
Completing the LEMP installation process necessitates installing the PHP service, the intermediary between Nginx and MariaDB. The PHP-FPM service and additional modules required by phpMyAdmin facilitate this. If you wish to install a different PHP version, consult our guide on installing PHP 8.x on Ubuntu for information on installing a PHP version that suits your needs.
To install PHP and PHP-FPM and the necessary modules on your Ubuntu system, execute the following command in your terminal.
sudo apt install php-fpm php-mbstring php-bcmath php-xml php-mysql php-common php-gd php-cli php-curl php-zip php-gdAfter installation, verify the PHP service’s status, as you did for MariaDB, to ensure it’s enabled and running correctly without errors.
Example command is specific to the version of PHP installed; in this case, it was for PHP 8.1.
systemctl status php8.1-fpm
Activate the PHP service with the following command if it isn’t active yet; this command also ensures the service starts automatically upon each reboot.
sudo systemctl enable php-fpm --nowInstall phpMyAdmin Backend on Ubuntu
This section will cover downloading the PHPMyAdmin archive and establishing the necessary directories, permissions, and database entries.
Create phpMyAdmin Username Super User
Access phpMyAdmin by default with the root user. However, for security, create a separate superuser instead of using the root user, aligning with using a sudo user in Linux rather than logging in as root. Begin by logging into the terminal interface:
sudo mariadb -u rootAfter logging in to the terminal interface, the next step is to create a database in the MariaDB terminal.
CREATE USER PMAUSER IDENTIFIED BY 'password here change';The next step is to create a user and grant appropriate permissions, as outlined below:
GRANT ALL PRIVILEGES ON *.* TO 'PMAUSER'@'localhost' IDENTIFIED BY 'password here change' WITH GRANT OPTION;You must change the example password “password here change” before executing the commands. Update the password instead of simply copying and pasting it.
Set the user and permissions, and then flush the privileges immediately to activate the changes.
FLUSH PRIVILEGES;To exit the MariaDB terminal, use the following command.
QUIT;Download phpMyAdmin Source
In this section, we will cover downloading the source archive for phpMyAdmin. If you are using the command line terminal, there is a convenient method to download the latest version of all languages.
To download the phpMyAdmin archive, run the following command in the terminal.
DATA="$(wget https://www.phpmyadmin.net/home_page/version.txt -q -O-)"
URL="$(echo $DATA | cut -d ' ' -f 3)"
VERSION="$(echo $DATA | cut -d ' ' -f 1)"
wget https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-all-languages.tar.gzIf you prefer to download the English version only of phpMyAdmin, replace the end line of the previous command with the following:
wget https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-english.tar.gzAfter downloading the phpMyAdmin archive, the next step is to extract it by executing the following command:
tar xvf phpMyAdmin-${VERSION}-all-languages.tar.gzConfigure phpMyAdmin
The subsequent step involves moving all extracted files to their final destination in the standard /var/www/ directory using the mv command.
sudo mv phpMyAdmin-*/ /var/www/phpmyadminInstalling phpMyAdmin from the source does not require a TMP directory by default. As a result, you need to create this directory manually.
sudo mkdir /var/www/phpmyadmin/tmpThe phpMyAdmin directory contains a default configuration-example file. Rename this file for phpMyAdmin to recognize it. Use the CP command to back up the default file, creating a copy in the /var/www/phpmyadmin/ directory.
To copy the config.sample.inc.php to config.inc.php, execute the following command:
sudo cp /var/www/phpmyadmin/config.sample.inc.php /var/www/phpmyadmin/config.inc.phpAfter copying the file, open it with your preferred text editor, using the nano text editor as an example.
sudo nano /var/www/phpmyadmin/config.inc.phpphpMyAdmin utilizes a Blowfish cipher. To access this setting, scroll down to the line that starts with $cfg[‘blowfish_secret’].
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */You must assign 32 random characters within the single quote marks. The simplest way to generate this string is by using the pwgen program. To install pwgen, run the following terminal command:
sudo apt install pwgen After installation, execute the following command:
pwgen -s 32 1This will provide you with a string of 32 random characters to use as the blowfish secret, for example:
Example of adding the cipher to the configuration file (Do not copy):
$cfg['blowfish_secret'] = 'GO4GpscnhJbzB3HN7dgqvRzdIvIxXaaq'
For most users, the default settings suffice. However, if your server resides on another server within your network, locate and modify the line $cfg[‘Servers’][$i][‘host’] to reflect the private IP address. See the example below:
$cfg['Servers'][$i]['host'] = '192.168.55.101';Configure phpMyAdmin File Permissions
Setting the directory owner permissions to www-user is essential to ensure compatibility and security.
To set the chown permission:
sudo chown -R www-data:www-data /var/www/phpmyadmin/To set the chmod permission:
sudo find /var/www/phpmyadmin/ -type d -exec chmod 755 {} \;
sudo find /var/www/phpmyadmin/ -type f -exec chmod 644 {} \;Create Nginx Server Block for phpMyAdmin on Ubuntu
Create an Nginx server block to access the phpMyAdmin web interface. For security and to prevent brute-force attacks, we recommend establishing a separate sub-domain, which you can name at your discretion.
To begin, create and open your server block using the nano text editor, as shown below:
sudo nano /etc/nginx/sites-available/phpmyadmin.confAfter opening the server block file, you can paste the following text into the file. Please make sure to replace the domain URL with your own:
server {
listen 80;
listen [::]:80;
server_name pma.example.com;
root /var/www/phpmyadmin/;
index index.php index.html index.htm index.nginx-debian.html;
access_log /var/log/nginx/phpmyadmin_access.log;
error_log /var/log/nginx/phpmyadmin_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(doc|sql|setup)/ {
deny all;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
}The above example includes some important notes:
- /run/php/php8.1-fpm.sock; – This must be changed to reflect your PHP-FPM version, such as 8.0, 7.4, etc.
- root /var/www/phpmyadmin/; – This is the path set in the tutorial. This line must be updated if you place phpMyAdmin in a different location.
If you are the only person accessing the server from a static IP address, you can add the following code above the first location entry. An example of this is provided below:
allow <your ip address>;
deny all;
location / {
try_files $uri $uri/ /index.php;
}
...........................................This will block any unauthorized visitors to the page with a 403 error, only allowing access from your IP address. This can effectively stop brute force attacks but may not be suitable for all setups. To save the changes, use (CTRL+O) and exit the editor with (CTRL+X).
Create a symlink from the sites-available directory to the sites-enabled directory to store the configuration file.
sudo ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/Before restarting the Nginx service, performing a dry run test, especially in live environments, is essential to ensure that the server block or any other changes to your configuration files do not result in Nginx errors.
sudo nginx -tIf your configuration is error-free, you should receive the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulTo implement the changes, restart your Nginx service:
sudo systemctl restart nginxAccess the phpMyAdmin Web UI via Ubuntu
To access the web interface, open your preferred internet browser and type in pma.example.com, replacing “example” with your domain. You should arrive at the login screen of phpMyAdmin, as shown below:
Enter your login credentials and proceed to the phpMyAdmin dashboard, which you can see an example of below.
It’s worth noting for new phpMyAdmin users that the stats page is also available.
Another helpful page to be aware of is the advisor system.
The advisor recommends waiting 24 hours but consider a minimum of 72 hours. Do not rely exclusively on the advisor page; make changes after thorough consideration and testing. Optimizing MySQL or MariaDB configuration files demands time, and you might need to edit and test multiple times to achieve the desired results.
Secure phpMyAdmin LEMP Installation on Ubuntu via SSL
Running Nginx on HTTPS with an SSL certificate is ideal for the best security. The easiest way to accomplish this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).
To start, install the certbot package with the following command:
sudo apt install python3-certbot-nginx -yAfter installing the certbot package, execute the following command to initiate certificate creation:
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d pma.example.comDuring the certificate installation, the system will prompt you to receive emails from EFF (Electronic Frontier Foundation). Choose Y or N. This choice will trigger the automatic installation and configuration of your TLS certificate with optimal settings. These settings include HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling, all tailored to your email and domain name. Once installed, your URL will transition from HTTP://pma.example.com to the secure HTTPS://pma.example.com, automatically redirecting the old HTTP URL to the secure version.
For added convenience, you can set up a cron job to renew your certificates automatically, and Certbot provides a script to handle this automatically. Before setting this up, you can perform a dry run test to ensure everything works correctly.
sudo certbot renew --dry-runTo open the crontab window, execute the following terminal command:
sudo crontab -eEnsure you check for renewal daily to maintain an up-to-date certificate. If renewal is necessary, the script will update the certificate automatically.
00 00 */1 * * /usr/sbin/certbot-auto renewConclusion
Throughout this guide, we walked you through installing phpMyAdmin with Nginx on Ubuntu 24.04, 22.04, or 20.04 LTS, making the journey from command-line basics to getting your database management system up and running as smooth as possible. Remember, keeping your software up to date and securing your phpMyAdmin installation are crucial steps not to be overlooked. A well-configured setup not only enhances your workflow but also fortifies your data against potential threats. So, take a moment to pat yourself on the back for adding another tool to your web development arsenal and feel free to dive deeper into the features and functionalities phpMyAdmin has to offer. Happy managing!