How To Install and Secure phpMyAdmin With Apache On A CentOS 7 Server

2/18/2021 How To Install and Secure phpMyAdmin with Apache on a CentOS 7 Server | DigitalOcean
7 DAYS Upcoming Tech Talk: Keeping Your Sites and Users Safe Using SSL
TUTORIAL
How To Install and Secure phpMyAdmin with Apache on a

CentOS 7 Server
CentOS MySQL PHP Security
By Justin Ellingwood
Published on August 7, 2014  564.4k
Not using CentOS 7?

CentOS 7 
Choose a different version or distribution.
Introduction
Relational database management systems like MySQL and MariaDB are needed for a
S C R O L L TO TO P
significant portion of web sites and applications. However, not all users feel comfortable
https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-apache-on-a-centos-7-server 1/24
administering their data from the command line.
To solve this problem, a project called phpMyAdmin was created in order to offer an
alternative in the form of a web-based management interface. In this guide, we will
demonstrate how to install and secure a phpMyAdmin configuration on a CentOS 7 server.
We will build this setup on top of the Apache web server, the most popular web server in the
world.
Prerequisites
Before we begin, there are a few requirements that need to be settled.
To ensure that you have a solid base to build this system upon, you should run through our
initial server setup guide for CentOS 7. Among other things, this will walk you through
setting up a non-root user with sudo access for administrative commands.
The second prerequisite that must be fulfilled in order to start on this guide is to install a
LAMP Linux, Apache, MariaDB, and PHP stack on your CentOS 7 server. This is the
platform that we will use to serve our phpMyAdmin interface MariaDB is also the database
management software that we are wishing to manage). If you do not yet have a LAMP
installation on your server, follow our tutorial on installing LAMP on CentOS 7.
When your server is in a properly functioning state after following these guides, you can
continue on with the rest of this page.
Step One — Install phpMyAdmin

With our LAMP platform already in place, we can begin right away with installing the
phpMyAdmin software. Unfortunately, phpMyAdmin is not available in CentOS 7’s default
repository.
To get the packages we need, we’ll have to add an additional repo to our system. The EPEL
repo (Extra Packages for Enterprise Linux) contains many additional packages, including the
phpMyAdmin package we are looking for.
S C R O L L TO TO P
The EPEL repository can be made available to your server by installing a special package
called epel-release . This will reconfigure your repository list and give you access to the
EPEL packages.
To install, just type:
sudo yum install epel-release
Now that the EPEL repo is configured, you can install the phpMyAdmin package using the
yum packaging system by typing:
sudo yum install phpmyadmin
The installation will now complete. The installation included an Apache configuration file that
has already been put into place. We will need to modify this a bit to get it to work correctly
for our installation.
Open the file in your text editor now so that we can make a few changes:
sudo nano /etc/httpd/conf.d/phpMyAdmin.conf
Inside, we see some directory blocks with some conditional logic to explain the access
policy for our directory. There are two distinct directories that are defined, and within these,
configurations that will be valid for both Apache 2.2 and Apache 2.4 (which we are running).
Currently, this setup is configured to deny access to any connection not being made from
the server itself. Since we are working on our server remotely, we need to modify some lines
to specify the IP address of your home connection.
Change any lines that read Require ip 127.0.0.1 or Allow from 127.0.0.1 to refer to your
home connection’s IP address. If you need help finding the IP address of your home
connection, check out the next section. There should be four locations in the file that must
be changed:
S C R O L L TO TO P
. . .
Require ip your_workstation_IP_address
. . .
Allow from your_workstation_IP_address
. . .
Require ip your_workstation_IP_address
. . .
Allow from your_workstation_IP_address
. . .
When you are finished, restart the Apache web server to implement your modifications by
typing:
sudo systemctl restart httpd.service
With that, our phpMyAdmin installation is now operational. To access the interface, go to
your server’s domain name or public IP address followed by /phpMyAdmin , in your web
browser:
http:// server_domain_or_IP /phpMyAdmin
S C R O L L TO TO P
To sign in, use a username/password pair of a valid MariaDB user. The root user and the
MariaDB administrative password is a good choice to get started. You will then be able to
access the administrative interface:
S C R O L L TO TO P
Find Your IP Address

You will need to know the IP address of the computer you are using to access your
databases in order to complete the step above. This is a security precaution so that
unauthorized people cannot connect to your server.
Note: This is not the IP address of your VPS, it is the IP address of your home or work
computer.
You can find out how the greater web sees your IP address by visiting one of these sites in
your web browser:
What’s My IP Address?
What’s My IP?
My IP Address
Compare a few different sites and make sure they all give you the same value. Use this value
in the configuration file above.
Step Two — Secure your phpMyAdmin Instance

S C R O L L TO TO P
The phpMyAdmin instance installed on our server should be completely usable at this point.
However, by installing a web interface, we have exposed our MySQL system to the outside
world.
Even with the included authentication screen, this is quite a problem. Because of
phpMyAdmin’s popularity combined with the large amount of data it provides access to,
installations like these are common targets for attackers.
We will implement two simple strategies to lessen the chances of our installation being
targeted and compromised. We will change the location of the interface from /phpMyAdmin
to something else to sidestep some of the automated bot brute-force attempts. We will also
create an additional, web server-level authentication gateway that must be passed before
even getting to the phpMyAdmin login screen.
Changing the Application’s Access Location

In order for our Apache web server to work with phpMyAdmin, our phpMyAdmin Apache
configuration file uses an alias to point to the directory location of the files.
To change the URL where our phpMyAdmin interface can be accessed, we simply need to
rename the alias. Open the phpMyAdmin Apache configuration file now:
Toward the top of the file, you will see two lines that look like this:
Alias /phpMyAdmin /usr/share/phpMyAdmin

Alias /phpmyadmin /usr/share/phpMyAdmin
These two lines are our aliases, which means that if we access our site’s domain name or IP
address, followed by either /phpMyAdmin or /phpmyadmin , we will be served the content at
/usr/share/phpMyAdmin .
We want to disable these specific aliases since they are heavily targeted by bots and
malicious users. Instead, we should decide on our own alias. It should be easy to remember,
but not easy to guess. It shouldn’t indicate the purpose of the URL location. In
S Cour
ROLLcase,
TO TOwe’ll
P
go with /nothingtosee .
To apply our intended changes, we should remove or comment out the existing lines and
add our own:
# Alias /phpMyAdmin /usr/share/phpMyAdmin

# Alias /phpmyadmin /usr/share/phpMyAdmin
Alias / nothingtosee /usr/share/phpMyAdmin
When you are finished, save and close the file.
To implement the changes, restart the web service:
Now, if you go to the previous location of your phpMyAdmin installation, you will get a 404
error:
http:// server_domain_or_IP /phpMyAdmin
However, your phpMyAdmin interface will be available at the new location we selected:
http:// server_domain_or_IP /nothingtosee
S C R O L L TO TO P
Setting up a Web Server Authentication Gate

The next feature we wanted for our installation was an authentication prompt that a user
would be required to pass before ever seeing the phpMyAdmin login screen.
Fortunately, most web servers, including Apache, provide this capability natively. We will just
need to modify our Apache configuration file to use an authorization file.
Open the phpMyAdmin Apache configuration file in your text editor again:
Within the /usr/share/phpMyAdmin directory block, but outside of any of the blocks inside,
we need to add an override directive. It will look like this:
S C R O L L TO TO P
. . .
<Directory /usr/share/phpMyAdmin/>
AllowOverride All
<IfModule mod_authz_core.c>
. . .
</Directory>
. . .
This will allow us to specify additional configuration details in a file called .htaccess located
within the phpMyAdmin directory itself. We will use this file to set up our password
authentication.
Save and close the file when you are finished.
Restart the web service to implement this change:
Create an .htaccess File

Now that we have the override directive in our configuration, Apache will look for a file called
.htaccess within the /usr/share/phpMyAdmin directory. If it finds one, it will use the
directives contained within to supplement its previous configuration data.
Our next step is to create the .htaccess file within that directory. Use your text editor to do
so now:
sudo nano /usr/share/phpMyAdmin/.htaccess
Within this file, we need to enter the following information:
AuthType Basic
AuthName "Admin Login"
AuthUserFile /etc/httpd/pma_pass
Require valid-user
S C R O L L TO TO P
Let’s go over what each of these lines mean:

AuthType Basic This line specifies the authentication type that we are implementing. This
type will implement password authentication using a password file.
AuthName This sets the message for the authentication dialog box. You should keep this
generic so that unauthorized users won’t gain knowledge about what is being protected.
AuthUserFile This sets the location of the actual password file that will be used for
authentication. This should be outside of the directories that are being served. We will
create this file in a moment.
Require valid-user This specifies that only authenticated users should be given access to
this resource. This is what actually stops unauthorized users from entering.
When you are finished entering this information, save and close the file.
Create the Password File for Authentication

Now that we have specified the location for our password file through the use of the
AuthUserFile directive in our .htaccess file, we need to create and populate the password
file.
This can be accomplished through the use of an Apache utility called htpasswd . We invoke
the command by passing it the location where we would like to create the file and the
username we would like to enter authentication details for:
sudo htpasswd -c /etc/httpd/pma_pass username
The -c flag indicates that this will create an initial file. The directory location is the path and
filename that will be used for the file. The username is the first user we would like to add.
You will be prompted to enter and confirm a password for the user.
If you want to add additional users to authenticate, you can call the same command again
without the -c flag, and with a new username:
sudo htpasswd /etc/httpd/pma_pass seconduser
With our password file created, an authentication gateway has been implemented and we
should now see a password prompt the next time we visit our site: S C R O L L TO TO P
http:// server_domain_or_IP /nothingtosee
Once you enter your credentials, you will be taken to the normal phpMyAdmin login page.
This added layer of protection will help keep your MySQL logs clean of authentication
attempts in addition to the added security benefit.
Conclusion
You can now manage your MySQL databases from a reasonably secure web interface. This
UI exposes most of the functionality that is available from the MySQL command prompt. You
can view databases and schema, execute queries, and create new data sets and structures.
Was this helpful? Yes No    

50
Report an issue
About the authors

S C R O L L TO TO P
Justin Ellingwood
Senior Technical Writer
DigitalOcean
Still looking for an answer?
 Ask a question  Search for more help
REL ATED
Now Available: Managed MySQL Databases

Product
How To Reset Your MySQL or MariaDB Root Password on Ubuntu 20.04

Tutorial
What is Laravel?
Tutorial
Comments
50 Comments
S C R O L L TO TO P
Leave a comment...
Sign In to Comment
phillip766774 August 12, 2014
1 I’m getting errors, do you have any ideas what I can do?
Error: Package: php-tcpdf-6.0.089-1.el6.noarch (epel)

Requires: php-tidy
Error: Package: php-mbstring-5.4.16-23.el7_0.x86_64 (updates)
Requires: php-common(x86-64) = 5.4.16-23.el7_0
Installed: php-common-5.5.15-1.el7.remi.x86_64 (@remi-php55)
php-common(x86-64) = 5.5.15-1.el7.remi
Available: php-common-5.4.16-21.el7.x86_64 (base)
php-common(x86-64) = 5.4.16-21.el7
Available: php-common-5.4.16-23.el7_0.x86_64 (updates)
php-common(x86-64) = 5.4.16-23.el7_0
Error: Package: php-mcrypt-5.3.3-3.el6.x86_64 (epel)
Requires: php(api) = 20090626
php(api) = 20121113-64
php(api) = 20100412-64
php(api) = 20100412-64
Error: Package: php-bcmath-5.4.16-23.el7_0.x86_64 (updates)
php-common(x86-64) = 5.4.16-21.el7
php-common(x86-64) = 5.4.16-23.el7_0
S C R O L L TO TO P
Error: Package: php-pdo-5.4.16-23.el7_0.x86_64 (updates)

php-common(x86-64) = 5.4.16-21.el7
php-common(x86-64) = 5.4.16-23.el7_0
Error: Package: php-mcrypt-5.3.3-3.el6.x86_64 (epel)
Requires: php(zend-abi) = 20090626
php(zend-abi) = 20121212-64
php(zend-abi) = 20100525-64
php(zend-abi) = 20100525-64
Error: Package: php-gd-5.4.16-23.el7_0.x86_64 (updates)
php-common(x86-64) = 5.4.16-21.el7
php-common(x86-64) = 5.4.16-23.el7_0
Reply Report
genericconfig February 19, 2015
2
centos7

sudo yum clean all
Reply Report
info1010394 May 19, 2015
0
Solution from genericconfig works for me.
Thanks
Reply Report
Stefan H. August 13, 2014

S C R O L L TO TO P
0 Install all the package where you see “Requires”
Then you should not have any more errors :)

Reply Report
yershalom August 18, 2014
1 The problem is php 5.5, you should downgrade to php 5.4 and then it will work
Reply Report
jpamorgan September 10, 2014
0
Do you first need to uninstall 5.5 to get 5.4 installed correctly?
Reply Report
ralper3 August 29, 2014
0 Hi,
The Alias directive does not work for me. Mod_alias does exist in my /usr/lib/modules directory
and is called out in the Apache config file in the LoadModules directive. Any ideas ?
Ralper3
Reply Report
areav September 4, 2014
0 When I type yum install phpmyadmin its says “No package phpmyadmin available. Error:
Nothing to do” and I did install EPEL 7 1.
any ideas?
Reply Report
ADONIS October 6, 2014
0
dl.fedoraproject.org/pub/epel/7/x86_64/p/phpMyAdmin-4.2.9 1.el7.noarch.rpm
then use :
sudo rpm -ivh epel-release*
then use:
rm epel-release*
then, use:
And everything will be ok.

S C R O L L TO TO P
Reply Report
arwvisions September 6, 2014
0 do I really have to down grade my php to get PHP myAdmin to work?

Reply Report
0 I am running 5.4 and still get php-tidy required. I run yum install php-tidy and I get package not
available.
Reply Report
1 fyi - ran this
yum clean all
and was able to install php-tidy

Reply Report
NeuroNet September 13, 2014
0 Hi, thanks for the nice how-to. Only one thing:
http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
is not available any more as it looks like Error 404 . You should change it to:
wget http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-1.noarch.
Then the installation of phpMyAdmin works fine.

Reply Report
0
new link:
Reply Report
ricardobarber September 17, 2014
0 Hello I installed phpmyadmin as indicated, no problems at all. However I have tried

S C R Oinstalling
L L TO TO P
todoyu (a projectmanagement and CRM php script) and found out I could not access the
application through the browser to proceed with the install. Also found out, I can not access
myphpadmin with any computer other than with the Centos Lamp server itself. I get a page
with Forbidden (you don’t have permission to access /todoyu/ or the /“phpmyadmin” on this
server). Any help is appreciated.
Reply Report
0 Hey guys, there is a new link for PhpMyAdmin EPEL for Centos 7
http://ftp.uninett.no/linux/epel/7/x86_64/p/phpMyAdmin-4.2.9 1.el7.noarch.rpm
I tried it and it works.

Reply Report
NeuroNet October 6, 2014
0
I think from the point of security people should still use fedoraproject.org rpm sources
BEFORE others, if the package is available there.
Reply Report
0
I got the link from Fedora project’s site.
Yesterday they had it on a mirror site but today they changed it on the ftp site.
The site I posted is from Fedora’s project.
I will post the link of the Fedora’s project for confirmation:)

Reply Report
0
cancel this link, here is the new one:
Reply Report
0
Thanks ADONIS. Hope you understood my “problem” with the direct 3rd party link.
Reply Report
jellingwood  October 6, 2014
0
ADONIS, NeuroNet: S C R O L L TO TO P
Sorry about the confusion. As for the correct link, Fedora actually uses a set of rotating
mirror sites, so it will be different each time you search for the link. That’s why it kept
changing as you checked back.
The link in the guide is out of date only because the EPEL repository was promoted out of
beta status. I tried to modify all of my CentOS 7 tutorials, but I guess I missed this one.
Because the CentOS 7 EPEL repo is out of beta, you can now install the EPEL repository
without going to an external site. Just type in:
This will reconfigure your set of repositories, allowing you to use EPEL packages without
having to hunt down a link. I have modified the guide above to reflect this. Apologies for the
oversight.
Reply Report
0 The link is : dl.fedoraproject.org/pub/epel/7/x86_64/p/phpMyAdmin-4.2.9 1.el7.noarch.rpm
To find it : http://dl.fedoraproject.org/pub/epel/7/x86_64/repoview/phpMyAdmin.html
and then dl.fedoraproject.org/pub/epel/7/x86_64/p/phpMyAdmin-4.2.9 1.el7.noarch.rpm

Reply Report
0
@jellingwood
Thank you very much for the info !!!!
Those was great news !

Reply Report
0 NeuroNet
Yes, I understand your concerns but those previous links I found them on Fedora’s project’s
page few hours ago until they change them from mirrors to their servers. So now the link for
phpMyAdmin is located in Fedora’s servers.
S C R O L L TO TO P
As about the 3rd party link, as long the link is a mirror of a specific project, then that is ok. For
example many times in LinuxMint I had to add something which was “3rd party link” but not a
“3rd party program” , it was just a mirror of that particular package.
Anyway, I hope now that the link is relying on Fedora’s server, you wont have any hesitations to
use it.
I have a question to ask you. Is your personal computer with Windows Os for example Windows
7 or with Linux Os ,for example LinuxMint, Ubuntu, Fedora etc?
Anyway, have a nice day and if you will need any help please do not hesitate to ask me.
Reply Report
0
I use Windows 7 Ultimate to work with, since i have a bunch of production tools that are not
available for Nix. For webservers i definetly preffer Linux (mayb it be Ubunto or CentOS .
Reply Report
0 NeuroNet
You can start dropping Windows 7 and converting to LinuxMint. There is nothing a Linux cannot
do much better than Windows. For MS Office, there is LibreOffice, for Photoshop there is Gimp,
there are lot of programs for Linux, free and for every need. Even if you run a Windows software
under Linux using WINE or VMWare, you will notice that the programs are running smoothly
because is a Windows environment who is working under Linux. None can beat Linux. Also,
Linux doesn’t has viruses.
For web servers, you should focus on Centos
Here is what I recommend :
For Web Server CentOs

For Desktop/Laptop LinuxMint, Ubuntu, Fedora, Zorin etc etc
For SmartPhones/ Tablets Android
Linux rules :)
Anyway, we are out of the topic, so I better leave and start working with my site:) See you.
Reply Report
S C R O L L TO TO P
BenJH October 28, 2014
Great guide, but when it comes to setting up the authentication gate I’m having problems.
0
Can login to phpMyAdmin perfectly fine without the authentication gate, but when I set it up I
can pass the gate but then phpMyAdmin login fails (even though the credentials are absolutely
100% correct). If I remove the auth gate, I can login again.
Have tried a few times setting up a new gate; same result every time.
Reply Report
khalidumar03 November 17, 2014
0 thanks it really helped

Reply Report
fliplink December 1, 2014
0 Thank you, very helpful article, I’m trying to get word-press install on Cent, and this really help
with managing MySql.
Reply Report
RinkuY January 3, 2015
0 I never look like that 3 types security applied on PHPmyAmdin
 Allow from IP
 Change directory name
 Htaccess auth
Can you please tell me how to Allow all IP in /etc/httpd/conf.d/phpMyAdmin.conf file ?

Reply Report
RinkuY January 3, 2015
0 This tutuorial it related to CentOS 7 but tagged MySQL, Ubuntu, PHP, Apache. Please
write related tag and replace Ubuntu with CentOS. This will helpful to move on all CentOS tut.
Also you may use CentOS 7 tag instead CentOS.
Reply Report
jellingwood  January 5, 2015
0
That was a mistake. It’s been re-tagged with our CentOS tag. Thank you.
Reply Report
S C R O L L TO TO P
Load More Comments
This work is licensed under a Creative

Commons Attribution-NonCommercial-
ShareAlike 4.0 International License.
GET OUR BIWEEKLY NEWSLETTER
Sign up for Infrastructure as a

Newsletter.
HUB FOR GOOD
Working on improving health and

education, reducing inequality,
and spurring economic growth?
S C R O L L TO TO P
We'd like to help.
BECOME A CONTRIBUTOR
You get paid; we donate to tech

nonprofits.
Featured on Community Kubernetes Course Learn Python 3 Machine Learning in Python

Getting started with Go Intro to Kubernetes
DigitalOcean Products Virtual Machines Managed Databases Managed Kubernetes Block Storage
Object Storage Marketplace VPC Load Balancers
Welcome to the developer cloud
DigitalOcean makes it simple to launch in the

cloud and scale up as you grow – whether you’re
running one virtual machine or ten thousand.
Learn More
S C R O L L TO TO P
Company
About
© 2021 DigitalOcean, LLC. All rights reserved. Leadership

Blog
Careers
Partners
Referral Program
Press
Legal
Security & Trust Center
Products Community Contact
Pricing Tutorials Get Support
Products Overview Q&A Trouble Signing In?
Droplets Tools and Integrations Sales
Kubernetes Tags Report Abuse
Managed Databases Product Ideas System Status
Spaces Write for DigitalOcean

Marketplace Presentation Grants
Load Balancers Hatch Startup Program
Block Storage Shop Swag
API Documentation Research Program
Documentation Open Source
Release Notes Code of Conduct
S C R O L L TO TO P

How To Install and Secure phpMyAdmin With Apache On A CentOS 7 Server

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Install and Secure phpMyAdmin With Apache On A CentOS 7 Server

Uploaded by

Copyright:

Available Formats

2/18/2021 How To Install and Secure phpMyAdmin with Apache on a CentOS 7 Server | DigitalOcean

How To Install and Secure phpMyAdmin with Apache on a

Not using CentOS 7?

administering their data from the command line.

Step One — Install phpMyAdmin

To install, just type:

sudo yum install epel-release

sudo yum install phpmyadmin

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

sudo systemctl restart httpd.service

http:// server_domain_or_IP /phpMyAdmin

Find Your IP Address

Step Two — Secure your phpMyAdmin Instance

Changing the Application’s Access Location

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Alias /phpMyAdmin /usr/share/phpMyAdmin

# Alias /phpMyAdmin /usr/share/phpMyAdmin

When you are finished, save and close the file.

To implement the changes, restart the web service:

sudo systemctl restart httpd.service

http:// server_domain_or_IP /phpMyAdmin

http:// server_domain_or_IP /nothingtosee

Setting up a Web Server Authentication Gate

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Save and close the file when you are finished.

Restart the web service to implement this change:

sudo systemctl restart httpd.service

Create an .htaccess File

sudo nano /usr/share/phpMyAdmin/.htaccess

Within this file, we need to enter the following information:

Let’s go over what each of these lines mean:

Create the Password File for Authentication

sudo htpasswd -c /etc/httpd/pma_pass username

sudo htpasswd /etc/httpd/pma_pass seconduser

http:// server_domain_or_IP /nothingtosee

Was this helpful? Yes No    

About the authors

Still looking for an answer?

 Ask a question  Search for more help

Now Available: Managed MySQL Databases

How To Reset Your MySQL or MariaDB Root Password on Ubuntu 20.04

phillip766774 August 12, 2014

Error: Package: php-tcpdf-6.0.089-1.el6.noarch (epel)

Requires: php-common(x86-64) = 5.4.16-23.el7_0

genericconfig February 19, 2015

sudo yum install epel-release

info1010394 May 19, 2015

Stefan H. August 13, 2014

Then you should not have any more errors :)

yershalom August 18, 2014

jpamorgan September 10, 2014

ralper3 August 29, 2014

areav September 4, 2014

ADONIS October 6, 2014

sudo rpm -ivh epel-release*

sudo yum install phpmyadmin

And everything will be ok.

arwvisions September 6, 2014

0 do I really have to down grade my php to get PHP myAdmin to work?

arwvisions September 6, 2014

arwvisions September 6, 2014

1 fyi - ran this

yum clean all