To set up phpMyAdmin on a Linux server, install a LAMP or LEMP stack, add the phpMyAdmin package via your distro’s package manager, configure the web server alias, secure access (SSL/TLS, IP allowlist, Basic Auth), set a blowfish secret, and create a least-privileged MySQL/MariaDB user. Test at https://your-domain/phpmyadmin and harden.
Setting up phpMyAdmin on a Linux server lets you manage MySQL or MariaDB databases through a browser with an intuitive GUI. In this guide, I’ll show you how to setup phpMyAdmin on Linux server environments (Ubuntu/Debian, RHEL/CentOS/AlmaLinux/Rocky) on both Apache and Nginx, and how to secure it properly for production.
What Is phpMyAdmin and Why Use It?
phpMyAdmin is an open-source PHP application for managing MySQL/MariaDB. It offers a web-based interface for creating databases, running SQL queries, importing/exporting data, and user privilege management. It’s ideal when you prefer a GUI over the command line or when granting controlled access to non-root users and developers.
Search Intent and What You’ll Learn
If you searched for “setup phpMyAdmin on Linux server,” you likely want a practical, step-by-step installation that covers Ubuntu/Debian and RHEL-based distros, works with Apache or Nginx, and includes essential security hardening. This tutorial delivers all of that, plus troubleshooting, performance tips, and real-world best practices.
Prerequisites
- A Linux server (Ubuntu 22.04/24.04, Debian 12, Rocky Linux 9, AlmaLinux 9, CentOS Stream, or RHEL 9)
- Root or sudo access
- DNS pointing to your server (optional but recommended) and a valid domain if using HTTPS
- Web server (Apache or Nginx), PHP 8.x, and MySQL or MariaDB
- Firewall access to ports 80 and 443
- Basic familiarity with SSH and server administration
Quick Architecture Overview
- LAMP: Linux + Apache + MySQL/MariaDB + PHP
- LEMP: Linux + Nginx + MySQL/MariaDB + PHP-FPM
- phpMyAdmin lives at /usr/share/phpmyadmin (typical) and is served via an alias like /phpmyadmin
- Security is essential: SSL/TLS, IP allowlist, Basic Auth, strong database credentials, and updates
Install phpMyAdmin on Ubuntu/Debian (Apache)
This is the most common stack. Ubuntu/Debian repositories include phpMyAdmin, making installation straightforward.
1) Install LAMP Packages
sudo apt update
sudo apt install -y apache2 mysql-server php libapache2-mod-php \
php-mysql php-json php-mbstring php-xml php-curl php-zip php-gd unzip
sudo phpenmod mbstring
sudo systemctl enable --now apache2 mysql
Set a strong MySQL root password and run basic hardening:
sudo mysql_secure_installation
2) Install phpMyAdmin
Ubuntu/Debian will prompt you to choose a web server. Select Apache2. If asked to configure a database for phpMyAdmin with dbconfig-common, choose Yes and set a password (or skip and configure manually later).
sudo apt install -y phpmyadmin
sudo systemctl reload apache2
The installer adds an Apache config in /etc/apache2/conf-enabled/phpmyadmin.conf and an alias /phpmyadmin.
3) Set the Blowfish Secret (Security)
phpMyAdmin uses a blowfish secret for cookie encryption. Generate a strong secret and add it to config.inc.php.
sudo openssl rand -base64 32
sudo nano /etc/phpmyadmin/config.inc.php
Add or update:
$cfg['blowfish_secret'] = 'paste_the_generated_string_here'; // 32+ random chars
Then reload Apache:
sudo systemctl reload apache2
4) Create a Least-Privileged Database User
Avoid logging in as root in phpMyAdmin. Create a dedicated user with only required privileges.
sudo mysql
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'SuperStrongPassword!';
CREATE DATABASE appdb;
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
5) Test Access
Visit http://your-domain/phpmyadmin or http://server-ip/phpmyadmin. If you’ll expose it publicly, secure it with HTTPS and access restrictions before going live.
Install phpMyAdmin on Ubuntu/Debian (Nginx + PHP-FPM)
Nginx does not auto-configure phpMyAdmin. You’ll install the package and then create a location block or a symlink to expose it under your site’s root.
1) Install LEMP Packages
sudo apt update
sudo apt install -y nginx mysql-server php-fpm \
php-mysql php-json php-mbstring php-xml php-curl php-zip php-gd unzip
sudo systemctl enable --now nginx mysql php*-fpm
sudo mysql_secure_installation
2) Install phpMyAdmin and Add a Symlink
sudo apt install -y phpmyadmin
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin
3) Configure Nginx Server Block
Update your site’s server block to pass PHP files to PHP-FPM. Replace the PHP socket path with the one installed on your system (e.g., /run/php/php8.2-fpm.sock).
sudo nano /etc/nginx/sites-available/default
server {
listen 80;
server_name example.com www.example.com;
root /var/www/html;
index index.php index.html;
location /phpmyadmin {
alias /usr/share/phpmyadmin/;
index index.php;
}
location ~ ^/phpmyadmin/(.+\.php)$ {
alias /usr/share/phpmyadmin/;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
location ~* ^/phpmyadmin/(.+\.(?:css|js|png|jpg|gif|ico|html|svg))$ {
alias /usr/share/phpmyadmin/;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
}
Test and reload Nginx:
sudo nginx -t && sudo systemctl reload nginx
Install phpMyAdmin on RHEL/CentOS/AlmaLinux/Rocky (Apache)
On RHEL-family distributions, phpMyAdmin is provided via EPEL. Install EPEL, then phpMyAdmin, and adjust Apache configuration and SELinux if necessary.
1) Enable Repositories and Install LAMP
sudo dnf install -y epel-release
sudo dnf install -y httpd mariadb-server php php-mysqlnd php-json php-mbstring php-xml php-gd php-zip
sudo systemctl enable --now httpd mariadb
sudo mysql_secure_installation
2) Install phpMyAdmin
sudo dnf install -y phpMyAdmin
This creates /etc/httpd/conf.d/phpMyAdmin.conf with a default alias, typically restricting access to localhost. Edit to allow your IPs and secure it.
sudo nano /etc/httpd/conf.d/phpMyAdmin.conf
Inside the Directory or Location block, you might see Require local. Replace with a safe allowlist, Basic Auth, or both (see security section below). Then reload Apache:
sudo systemctl reload httpd
If your MySQL/MariaDB server is remote, and SELinux is enforcing, allow Apache to connect to DB over the network:
sudo setsebool -P httpd_can_network_connect_db 1
Secure phpMyAdmin (Must-Do)
phpMyAdmin is a common attack target. Harden it before exposing to the internet. Implement multiple layers of defense.
1) Enforce HTTPS (Let’s Encrypt)
Use free SSL certificates from Let’s Encrypt. Redirect all HTTP traffic to HTTPS.
# Apache (Ubuntu/Debian)
sudo apt install -y certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com
# Nginx (Ubuntu/Debian)
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
# RHEL family (Apache)
sudo dnf install -y certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com
2) Restrict by IP (Allowlist)
Limit access to trusted IPs only. For Apache:
# /etc/apache2/conf-available/phpmyadmin.conf or /etc/httpd/conf.d/phpMyAdmin.conf
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
Require ip 203.0.113.10 198.51.100.22
Require local
</Directory>
For Nginx:
location /phpmyadmin {
allow 203.0.113.10;
allow 198.51.100.22;
deny all;
alias /usr/share/phpmyadmin/;
index index.php;
}
3) Add HTTP Basic Authentication
Prompt for a second set of credentials before reaching phpMyAdmin.
# Apache
sudo htpasswd -c /etc/phpmyadmin/.htpasswd admin
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
<Directory /usr/share/phpmyadmin>
AuthType Basic
AuthName "Restricted phpMyAdmin"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
</Directory>
# Nginx
sudo apt install -y apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd admin
location /phpmyadmin {
auth_basic "Restricted phpMyAdmin";
auth_basic_user_file /etc/nginx/.htpasswd;
alias /usr/share/phpmyadmin/;
index index.php;
}
Reload your web server after changes.
4) Change the Default URL (Security by Obscurity, Optional)
Move from /phpmyadmin to a non-guessable alias (e.g., /dbadmin-9f27). For Apache, edit the Alias in phpMyAdmin.conf. For Nginx, change the location path. This doesn’t replace real security, but reduces automated scans.
5) Disable Root Login and Use Least Privilege
Never use root in phpMyAdmin. Create project-specific DB users with only needed privileges. Rotate credentials regularly and apply strong password policy.
6) Keep Software Updated
Update the OS, PHP, web server, MySQL/MariaDB, and phpMyAdmin. Subscribe to security advisories. On Debian/Ubuntu, consider unattended-upgrades for security patches.
7) Firewall and Fail2ban
Use UFW/firewalld to allow only 80/443 and SSH. Optionally protect phpMyAdmin with Fail2ban custom jails to block brute-force attempts.
Optional: Tune PHP and Upload Limits
If imports fail due to size or timeouts, adjust PHP limits and restart services.
sudo nano /etc/php/8.2/apache2/php.ini # Apache
# or
sudo nano /etc/php/8.2/fpm/php.ini # PHP-FPM (Nginx)
upload_max_filesize = 256M
post_max_size = 256M
max_execution_time = 300
memory_limit = 512M
# Apply changes
sudo systemctl reload apache2
# or
sudo systemctl reload php8.2-fpm
sudo systemctl reload nginx
Troubleshooting Common Issues
- 404 Not Found at /phpmyadmin: On Nginx, ensure alias and PHP location blocks are correct and that the symlink exists. Reload Nginx.
- 403 Forbidden: Your IP may be blocked by access rules. Adjust Require/allow directives accordingly.
- Missing mcrypt/mbstring errors: Install and enable PHP extensions (mbstring, json, xml, curl, zip). Reload web server.
- Incorrect CSRF token: Set a proper blowfish secret and clear browser cookies. Ensure session.save_path is writable for PHP.
- MySQL/MariaDB authentication issues: Verify host matches, user has privileges, and password is correct. Check for unix_socket auth on Ubuntu which may bypass passwords; create a native password user if needed.
- SELinux denials: For RHEL-family distros, review audit logs and use setsebool/semanage to allow required contexts and DB connectivity.
Alternative: Run phpMyAdmin with Docker
Containerizing phpMyAdmin simplifies updates and isolation. Map it to your DB host and expose only via HTTPS behind a reverse proxy.
docker run -d --name myadmin \
-e PMA_HOST=127.0.0.1 \
-e PMA_ABSOLUTE_URI=https://dbadmin.example.com/ \
-p 8080:80 \
--restart unless-stopped \
phpmyadmin/phpmyadmin:latest
Place it behind Nginx/Traefik/Caddy with TLS and IP/Basic Auth restrictions.
Performance and Best Practices
- Expose phpMyAdmin only when needed; disable or unpublish it when not in use.
- Keep DB backups separate; phpMyAdmin is convenient but not a substitute for automated, offsite backups.
- Limit privileges and separate dev/stage/prod users and databases.
- Monitor access logs for suspicious patterns.
- Use strong TLS ciphers and modern protocols; redirect HTTP to HTTPS.
Soft Recommendation: Let YouStable Handle It
If you’d rather avoid the overhead, YouStable’s managed VPS and dedicated servers come with production-grade security hardening, LAMP/LEMP stacks, and optional phpMyAdmin pre-configured behind HTTPS with access control. Our team can migrate your databases, set least-privileged users, automate backups, and maintain patches—so you can focus on your application.
Step-by-Step Recap
- Install LAMP/LEMP and phpMyAdmin
- Configure Apache/Nginx alias or server block
- Set phpMyAdmin blowfish secret
- Create least-privileged DB users
- Enforce HTTPS, IP allowlist, and Basic Auth
- Adjust PHP limits if needed
- Update regularly and monitor logs
FAQs: Setup phpMyAdmin on Linux Server
How do I install phpMyAdmin on Ubuntu 22.04/24.04?
Run apt install phpmyadmin after installing Apache (or Nginx) and PHP. On Apache, the installer adds the alias automatically. On Nginx, add an alias/location block and pass PHP to PHP-FPM. Secure with HTTPS, IP allowlist, Basic Auth, and a blowfish secret.
How can I access phpMyAdmin remotely and safely?
Use HTTPS with a valid certificate, restrict by IP, and enable HTTP Basic Auth. Consider placing phpMyAdmin behind a VPN or SSH tunnel for admin-only access. Avoid exposing it to the open internet when possible.
Is phpMyAdmin secure for production?
Yes, when hardened: keep software updated, enforce TLS, use IP allowlists and Basic Auth, disable root login, use strong passwords, set a blowfish secret, and monitor logs. Security-by-default is essential because phpMyAdmin is a frequent target.
How do I change the phpMyAdmin URL from /phpmyadmin?
In Apache, edit the Alias in phpMyAdmin.conf to something like /dbadmin-unique and reload Apache. In Nginx, change the location path accordingly and reload Nginx. This adds mild obscurity; still use IP restrictions and Basic Auth.
Why do I get “Incorrect CSRF token” in phpMyAdmin?
Usually due to a missing/weak blowfish secret or session issues. Set a strong $cfg[‘blowfish_secret’] in /etc/phpmyadmin/config.inc.php, clear cookies, and ensure PHP sessions are writable (check session.save_path). Reload your web server after changes.
What port does phpMyAdmin use?
phpMyAdmin runs over your web server’s HTTP/HTTPS ports—typically 80 and 443. It does not open a separate port. Secure it with TLS and access controls if exposed publicly.
How do I uninstall phpMyAdmin?
On Ubuntu/Debian: sudo apt remove phpmyadmin (or apt purge phpmyadmin to remove configs). On RHEL family: sudo dnf remove phpMyAdmin. Remove any Nginx/Apache aliases and reload the web server.
Final Thoughts
With the steps above, you can install and harden phpMyAdmin on any popular Linux distribution. Keep it behind HTTPS, restrict access, and use minimum privileges. If you prefer a hands-off approach, YouStable can provision and maintain a secure, optimized stack with phpMyAdmin ready for production.
