How to Install phpMyAdmin on Linux Server: (Step-by-Step Guide 2026)

To install phpMyAdmin on a Linux server, update packages, install required PHP modules, set up Apache or Nginx, and deploy phpMyAdmin via your package manager or the official tarball. Then secure access with HTTPS, IP restrictions, or Basic Auth, set a blowfish secret, and test login using a MySQL user with minimal privileges.

phpMyAdmin is a popular, browser-based MySQL/MariaDB management tool. In this guide, I’ll show you how to install phpMyAdmin on a Linux server (Ubuntu/Debian, AlmaLinux/Rocky/CentOS) using both package managers and the official download, then harden it for production. The steps are beginner-friendly and reflect real-world server administration best practices.

What You Need Before You Start (Prerequisites)?

Before you install phpMyAdmin on a Linux server, ensure the following prerequisites are in place. These save time and help avoid common errors.

• Linux distro: Ubuntu 22.04/24.04, Debian 12, AlmaLinux/Rocky Linux 8/9, or CentOS Stream.
• Web server: Apache or Nginx installed (LAMP/LEMP).
• Database: MySQL 8.x or MariaDB 10.x running and accessible.
• PHP: Version 7.4 or higher (PHP 8.x recommended), with extensions: mysqli, mbstring, zip, ctype, json, xml, intl, gd, curl.
• Root or sudo access via SSH.
• Firewall/SELinux awareness: UFW/firewalld open for HTTP/HTTPS, and SELinux contexts adjusted on RHEL-based systems.
• Domain + valid TLS certificate (Let’s Encrypt strongly recommended).

Quick Install on Ubuntu/Debian (Apache)

This is the fastest way to install phpMyAdmin on a Linux server using apt. It configures an Apache alias and prompts for basic settings.

sudo apt update && sudo apt -y upgrade
sudo apt -y install apache2 mariadb-server
sudo apt -y install php php-mysql php-mbstring php-zip php-gd php-xml php-curl php-intl
sudo systemctl enable --now apache2 mariadb

# Install phpMyAdmin
sudo apt -y install phpmyadmin

# Enable PHP mbstring (often required)
sudo phpenmod mbstring
sudo systemctl restart apache2

Access phpMyAdmin at http://your-domain/phpmyadmin. If prompted for web server selection during installation, choose Apache. If not prompted, apt will auto-configure an alias.

Install on Ubuntu/Debian (Nginx)

Nginx needs a manual location block because apt’s phpMyAdmin package primarily targets Apache. We’ll create an alias and pass PHP requests to PHP-FPM.

sudo apt update
sudo apt -y install nginx mariadb-server
sudo apt -y install php-fpm php-mysql php-mbstring php-zip php-gd php-xml php-curl php-intl
sudo systemctl enable --now nginx mariadb

# Install phpMyAdmin (package provides the app files)
sudo apt -y install phpmyadmin

# Link phpMyAdmin to a web-accessible path
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

# Configure Nginx server block (edit your server block)
sudo nano /etc/nginx/sites-available/default

Add this inside your server block:

location /phpmyadmin {
    alias /usr/share/phpmyadmin;
    index index.php index.html;
}

location ~ ^/phpmyadmin/(.+\.php)$ {
    alias /usr/share/phpmyadmin/$1;
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php-fpm.sock; # adjust for your PHP version
}

location ~* ^/phpmyadmin/(.+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?))$ {
    alias /usr/share/phpmyadmin/$1;
    expires 7d;
    access_log off;
}

sudo nginx -t
sudo systemctl reload nginx

Browse to http://your-domain/phpmyadmin. If you use a custom PHP-FPM socket path or version (e.g., php8.2-fpm), update fastcgi_pass accordingly.

Install on AlmaLinux/Rocky/CentOS (Apache)

RHEL-based servers don’t ship phpMyAdmin in the default repos. Use EPEL for the package or install from the official tarball. Here’s the EPEL method for convenience.

sudo dnf -y install epel-release
sudo dnf -y install httpd mariadb-server
sudo dnf -y install php php-mysqlnd php-mbstring php-zip php-gd php-xml php-json php-intl php-fpm
sudo systemctl enable --now httpd mariadb

# Install phpMyAdmin from EPEL
sudo dnf -y install phpMyAdmin

# Allow access in Apache (default conf)
sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Ensure the configuration allows your IP or network. For example:

<Directory /usr/share/phpMyAdmin>
    AddDefaultCharset UTF-8
    <IfModule mod_authz_core.c>
        Require ip 127.0.0.1
        Require ip ::1
        Require ip your.public.ip.here
    </IfModule>
</Directory>

sudo systemctl restart httpd

Access at http://your-domain/phpMyAdmin or http://server-ip/phpMyAdmin. On SELinux-enabled systems, restore contexts if needed:

sudo restorecon -Rv /usr/share/phpMyAdmin

Manual (Official) Installation Method

Installing from the official tarball ensures you’re using the latest phpMyAdmin version, independent of distro package freshness.

# Variables
PMA_VERSION=5.2.1
PMA_DIR=/var/www/phpmyadmin

# Download and verify (replace URL with latest from https://www.phpmyadmin.net/)
cd /tmp
wget https://files.phpmyadmin.net/phpMyAdmin/${PMA_VERSION}/phpMyAdmin-${PMA_VERSION}-all-languages.tar.gz
tar xzf phpMyAdmin-${PMA_VERSION}-all-languages.tar.gz
sudo mv phpMyAdmin-${PMA_VERSION}-all-languages ${PMA_DIR}

# Create temp and set permissions
sudo mkdir -p ${PMA_DIR}/tmp
sudo chown -R www-data:www-data ${PMA_DIR}  # use apache:apache on RHEL-based
sudo chmod 750 ${PMA_DIR}/tmp

# Create config.inc.php
sudo cp ${PMA_DIR}/config.sample.inc.php ${PMA_DIR}/config.inc.php
sudo nano ${PMA_DIR}/config.inc.php

In config.inc.php, set the blowfish secret and allow cookie authentication:

$cfg['blowfish_secret'] = 'use-a-32-characters-random-string-here'; // required for cookie auth
$cfg['TempDir'] = '/var/www/phpmyadmin/tmp';

Expose it in Apache or Nginx:

# Apache
sudo bash -c 'cat >/etc/apache2/conf-available/phpmyadmin.conf<<EOF
Alias /db ${PMA_DIR}
<Directory ${PMA_DIR}>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php
    AllowOverride All
    Require all granted
</Directory>
EOF'
sudo a2enconf phpmyadmin
sudo systemctl reload apache2

# Nginx (inside server block)
location /db {
    alias /var/www/phpmyadmin;
    index index.php;
}
location ~ ^/db/(.+\.php)$ {
    alias /var/www/phpmyadmin/$1;
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php-fpm.sock;
}

Visit https://your-domain/db to use phpMyAdmin. Always protect this path (see security section).

Secure Your phpMyAdmin in Production

phpMyAdmin is powerful and often targeted by bots. Reduce attack surface with layered controls. These steps apply whether you install via packages or the official tarball.

1) Use HTTPS Everywhere

Install a TLS certificate and redirect HTTP to HTTPS. On Ubuntu with Apache:

sudo apt -y install certbot python3-certbot-apache
sudo certbot --apache -d your-domain -d www.your-domain
sudo systemctl reload apache2

For Nginx:

sudo apt -y install certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain -d www.your-domain
sudo systemctl reload nginx

2) Change the Default Path

Instead of /phpmyadmin, use a non-obvious alias (e.g., /db-portal). Update your Apache/Nginx alias accordingly. This thwarts basic scanners.

3) Restrict Access by IP

Allow only admin IPs. Apache example:

<Directory /usr/share/phpmyadmin>
    Require ip 192.0.2.10
    Require ip 203.0.113.0/24
</Directory>

Nginx example:

location /db-portal {
    alias /usr/share/phpmyadmin;
    allow 192.0.2.10;
    allow 203.0.113.0/24;
    deny all;
    index index.php;
}

4) Add HTTP Basic Authentication

Require an extra password gate. Apache:

sudo apt -y install apache2-utils
sudo htpasswd -c /etc/apache2/.htpasswd admin
# Edit your phpMyAdmin Directory block:
AuthType Basic
AuthName "Restricted"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
sudo systemctl reload apache2

Nginx (protect location):

sudo apt -y install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd admin
# In your location /db-portal block:
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
sudo nginx -t && sudo systemctl reload nginx

5) Harden phpMyAdmin Configuration

• Set $cfg[‘blowfish_secret’] with a strong 32+ character random string.
• Disable root remote login; use an admin user with a strong password.
• Grant least privilege: create database-specific users, not global superusers.
• Configure $cfg[‘AllowNoPasswordLogin’] = false;
• Keep PHP, phpMyAdmin, and your web server updated.

6) Optional: Access via SSH Tunnel Only

Don’t expose phpMyAdmin to the internet. Bind it to 127.0.0.1 and tunnel:

# On your local machine:
ssh -L 8080:127.0.0.1:80 user@server
# Then open http://127.0.0.1:8080/db-portal in your browser.

Common Errors and Quick Fixes

• 404 Not Found on /phpmyadmin: Check alias/symlink path, enable Apache conf, or verify Nginx location blocks.
• “The mbstring extension is missing”: Install and enable php-mbstring, then restart web server.
• Access denied for user: Verify MySQL/MariaDB user, host value (localhost vs %), and privileges.
• CSRF/Warning: Set a valid $cfg[‘blowfish_secret’] and ensure tmp directory is writable.
• File uploads/export fail: Increase PHP post_max_size, upload_max_filesize, and max_execution_time.
• SELinux blocks: Use restorecon and set proper contexts; consider setsebool -P httpd_can_network_connect 1 if needed.

Keep phpMyAdmin Updated

Security patches arrive frequently. If installed via packages, update with your package manager. If installed manually, replace the directory with the latest tarball.

# Debian/Ubuntu
sudo apt update && sudo apt -y upgrade

# RHEL-based
sudo dnf -y upgrade

# Manual install (replace version)
cd /tmp
wget https://www.phpmyadmin.net/downloads/
# Download the latest tar.gz and replace existing directory after backup

Alternative: Run phpMyAdmin with Docker

Docker isolates phpMyAdmin from the host. Map it to your database container or host database.

docker run -d --name pma --restart=unless-stopped \
  -e PMA_HOST=127.0.0.1 -e PMA_PORT=3306 \
  -p 8081:80 phpmyadmin/phpmyadmin:latest

Then visit http://server-ip:8081. Always secure the port with firewall rules, reverse proxy, and TLS.

Best Practices for Production Databases

• Use read-only or limited-privilege users for routine tasks.
• Back up before running bulk operations or imports.
• Enable binary logs and point-in-time recovery on critical databases.
• Log phpMyAdmin access separately for auditing.
• Disable directory indexing and expose only necessary scripts.

When to Choose a Managed Solution

If you’d rather not maintain LAMP/LEMP stacks, firewalls, and updates, a managed VPS from YouStable can help. Our engineers provision secure stacks, enable HTTPS, and install tools like phpMyAdmin with hardened defaults—so you can focus on development, not server babysitting.

Step-by-Step: Create a Dedicated MySQL Admin User

Use a separate admin user for phpMyAdmin instead of the root account. Example for MySQL/MariaDB:

sudo mysql -u root

-- Create admin user restricted to localhost
CREATE USER 'dbadmin'@'localhost' IDENTIFIED BY 'StrongPassword#2025!';
GRANT ALL PRIVILEGES ON *.* TO 'dbadmin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;

For application databases, create per-database users with only the privileges needed (SELECT, INSERT, UPDATE, DELETE).

Troubleshooting PHP and Web Server Config

If PHP files download instead of executing, confirm PHP-FPM/Apache PHP module is enabled and your location blocks are correct.

# Apache enable PHP module (if using prefork)
sudo a2enmod php8.2
sudo systemctl restart apache2

# Nginx + PHP-FPM status
sudo systemctl status php8.2-fpm
# Ensure fastcgi_pass socket or 127.0.0.1:9000 matches your PHP-FPM pool

FAQs: Install phpMyAdmin on Linux Server

Wrap-Up

Installing phpMyAdmin on a Linux server is straightforward with apt/dnf or the official tarball. The real value is in hardening: HTTPS, custom paths, IP restrictions, Basic Auth, and principle of least privilege. If you want a pre-hardened stack with managed updates, YouStable’s VPS hosting removes the heavy lifting.