August 21, 2012

Beginner

How To Install and Secure phpMyAdmin on Ubuntu 12.04

Tagged In: Ubuntu, My Sql, Apache, Php

About phpMyAdmin


phpMyAdmin is an free web software to work with MySQL on the web—it provides a convenient visual front end to the MySQL capabilities.

Setup


The steps in this tutorial require the user to have root privileges on your virtual private server. You can see how to set that up here in steps 3 and 4.

Before working with phpMyAdmin you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.

Once you have the user and required software, you can start installing phpMyAdmin on your VPS!

Install phpMyAdmin


The easiest way to install phpmyadmin is through apt-get:
sudo apt-get install phpmyadmin

During the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:

  • Select Apache2 for the server

  • Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common

  • Enter your MySQL password when prompted

  • Enter the password that you want to use to log into phpmyadmin

After the installation has completed, add phpmyadmin to the apache configuration.
sudo nano /etc/apache2/apache2.conf

Add the phpmyadmin config to the file.
Include /etc/phpmyadmin/apache.conf

Restart apache:
sudo service apache2 restart

You can then access phpmyadmin by going to youripaddress/phpmyadmin. The screen should look like this

Security


Unfortunately older versions of phpMyAdmin have had serious security vulnerabilities including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.

Set Up the .htaccess File


To set this up start off by allowing the .htaccess file to work within the phpmyadmin directory. You can accomplish this in the phpmyadmin configuration file:
sudo nano /etc/phpmyadmin/apache.conf 

Under the directory section, add the line “AllowOverride All” under “Directory Index”, making the section look like this:
<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All
        [...]

Configure the .htaccess file


With the .htaccess file allowed, we can proceed to set up a native user whose login would be required to even access the phpmyadmin login page.

Start by creating the .htaccess page in the phpmyadmin directory:
sudo nano /usr/share/phpmyadmin/.htaccess

Follow up by setting up the user authorization within .htaccess file. Copy and paste the following text in:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /path/to/passwords/.htpasswd
Require valid-user

Below you’ll see a quick explanation of each line
  • AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed.
  • AuthName: This is text that will be displayed at the password prompt. You can put anything here.
  • AuthUserFile: This line designates the server path to the password file (which we will create in the next step.)
  • Require valid-user: This line tells the .htaccess file that only users defined in the password file can access the phpMyAdmin login screen.


Create the htpasswd file


Now we will go ahead and create the valid user information. Start by creating a htpasswd file. Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser. Although you can name the password file whatever you prefer, the convention is to name it .htpasswd.
sudo htpasswd -c /path/to/passwords/.htpasswd username

A prompt will ask you to provide and confirm your password. Once the username and passwords pair are saved you can see that the password is encrypted in the file.

FInish up by restarting apache:
sudo service apache2 restart

Accessing phpMyAdmin


phpMyAdmin will now be much more secure since only authorized users will be able to reach the login page. Accessing youripaddress/phpmyadmin should display a screen like this.

Fill it in with the username and password that you generated. After you login you can access phpmyadmin with the MySQL username and password.

By Etel Sverdlov

Share this Tutorial

Vote on Hacker News

Try this tutorial on an SSD cloud server.

Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more

Create an account or login:

150 Comments

Write Tutorial
  • Gravatar Rob Jatho over 1 year

    Just a few comments for anyone who might be struggling: Configure the .htaccess file: AuthUserFile /path/to/passwords needs to be: AuthUserFile /path/to/passwords/.htpasswd Create the htpasswd file: sudo htpasswd -c /path/to/passwords/.htpasswd username Accessing phpMyAdmin: Before this will work, you need to restart the server again sudo service apache2 restart

  • Gravatar Etel over 1 year

    Thank you for the comment and clarification. I have changed a few of the commands to make it clearer above.

  • Gravatar Rob Jatho over 1 year

    Thanks for the quick update. Really great docs on the community and great service. Keep up the good work.

  • Gravatar Etel Sverdlov over 1 year

    Thank you!

  • Gravatar Daniel over 1 year

    Hi, i think this step: "After the installation has completed, add phpmyadmin to the apache configuration in “/etc/apache2/apache2.conf” Include /etc/phpmyadmin/apache.conf" should have this command: sudoedit /etc/apache2/apache2.conf

  • Gravatar Etel Sverdlov over 1 year

    Thanks for your comment! I have updated the article to explicitly include a step on editing the apache configuration.

  • Gravatar fariazz over 1 year

    how do I configure it in nginx?

  • Gravatar fariazz over 1 year

    Never mind, switched to apache.

  • Gravatar Moisey over 1 year

    In Nginx you would have to set it up to parse PHP as by default Nginx is just a webserver which doesn't have the ability to process PHP.

  • Gravatar azraiyan over 1 year

    after I use this "sudo htpasswd -c /path/to/passwords/.htpasswd username" I got this message "cannot create file /path/to/passwords/.htpasswd". I thought I followed the steps.

  • Gravatar azraiyan over 1 year

    nevermind figured out myself but I got internal server error after I created the .htpasswd file

  • Gravatar Etel Sverdlov over 1 year

    Make sure that the path to your .htpasswd file in the .htacess file matches the actual location. Eg. if you have the .htpasswd saved in /var/www (best practice says that it should be saved outside of your document root), make sure that the .htaccess file line points to it: AuthUserFile /var/www/.htpasswd

  • Gravatar inbox.francesco over 1 year

    Thanks for this but I get the following error whe I try to login in phpmyadmin: phpMyAdmin - Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly. How can I fix this? Thanks

  • Gravatar Etel Sverdlov over 1 year

    I would check the Apache error log as well as the php error log (which may not already be enabled). Furthermore, you can find more information on correcting this error here: http://www.electrictoolbox.com/phpmyadmin-cannot-start-session-without-errors/

  • Gravatar Arjan Dasselaar about 1 year

    Adding "Include /etc/phpmyadmin/apache.conf" leads to the following error: "[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias." when restarting Apache. Commenting it out again resolves this issue.

  • Gravatar Arjan Dasselaar about 1 year

    According to this https://help.ubuntu.com/community/phpMyAdmin adding the include line should not be necessary, at least not in Ubuntu 9.04 (and presumably it also works fine in Ubuntu 12.04).

  • Gravatar kedarpanjiyar about 1 year

    I had installed phpmyadmin in ubuntu 12.04.while installing I only entered the password for mysql .now when I am trying to get in phpmyadmin i am being asked for username and password.I don't know which username to provide anyone please help me..ASAP

  • Gravatar Etel Sverdlov about 1 year

    Try the username "root"

  • Gravatar austin about 1 year

    Hello! Whenever I go to my ip/phpmyadmin and login, I get a message. "Internal Server Error 500" Can someone please help me?

  • Gravatar voidnothings about 1 year

    I have the same problem as austin, after doing the extra security steps I have a 500 error. Anyone who can explain? Thanks!

  • Gravatar squiz0 about 1 year

    What would i need to modify after following this tutorial: https://www.digitalocean.com/community/articles/how-to-configure-nginx-as-a-front-end-proxy-for-apache ? Thanks

  • Gravatar rafa.alcantara about 1 year

    SOLVED: Error 500 Hi, I had the same problem, 500 error. After watch my Apache log: sudo tail -f /var/log/apache2/error.log The last line said: "Could not open password file: /etc/apache2/~/.htpasswd THAT WAS THE PROBLEM. I used a relative path to my home from .htaccess, so I fix this, clear cache browser and EVERYTHING WAS RIGHT. I hope this help you. Rafa

  • Gravatar hello about 1 year

    just change default phpmyadmin url cd /etc/phpmyadmin/ sudo nano apache.conf Change Alias Alias /phpmyadmin /usr/share/phpmyadmin to Alias /secureadmin /usr/share/phpmyadmin service apache2 restart go to http://www.mysite.com/secureadmin Jobs a goodun'

  • Gravatar djdubuque about 1 year

    Mine will not work.

  • Gravatar djdubuque about 1 year

    [Sun Feb 24 07:35:02 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.6-1ubuntu1.1 configured -- resuming normal operations [Sun Feb 24 10:16:13 2013] [error] [client 183.249.0.81] File does not exist: /var/www/manager

  • Gravatar Samuel Jacques about 1 year

    Also get this : "cannot create file /path/to/passwords/.htpasswd". while following exactly your steps

  • Gravatar Etel Sverdlov about 1 year

    Hi Sam, Please be sure to specify an actual location for the .htpasswd file. /path/to/passwords is not an actual path, just an indicator of what should go there.

  • Gravatar Edward Richmond about 1 year

    Hey folks, I've managed to get phpmyadmin running, but when I login, it gives an internal error page. Is this a common issue? Any ideas what I could check? Ed

  • Gravatar Rifki Aria Gumelar about 1 year

    Hi, I'm very noob and I tried to create .htpasswd to /usr/passwds/.htpasswd but when I access phpmyadmin it show me "500 Internal Server Error", Can you help me? at least give me an example of the correct path to create .htpasswd file. Thanks

  • Gravatar Graham Freeman about 1 year

    Just want to say thanks for a great How To

  • Gravatar jacobpressures about 1 year

    Thanks guys for this information. its helpful but i'm still having a problem. As Arjan said: Adding "Include /etc/phpmyadmin/apache.conf" leads to the following error: "[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias." when restarting Apache. His comment helped to understand the problem but does not solve it for me. I'm getting the same warning but commenting out does not fix the problem. I added that include because my page would not display. Adding that line made my page display. However, i had to forbid all overrides in the /conf.d/security file for all the file system directories. So then my page stopped showing and giving me the error Arjan was getting. This is the code i was required to add to my /conf.d/security file. Its actually already there but commented out. AllowOverride None Order Deny,Allow Deny from all

  • Gravatar jacobpressures about 1 year

    Directory / AllowOverride None Order Deny,Allow Deny from all /Directory

  • Gravatar jacobpressures about 1 year

    Oh I'm also using Ubuntu 12.04

  • Gravatar jacobpressures about 1 year

    Ok sorry for all of this. I back tracked and i was able to get rid of the include.

  • Gravatar tvw about 1 year

    Hi, this is not at all secure!!! It is not a good idea to use phpmyadmin at all on a server, which is accessible through the internet. There is only one exception from this rule: you have a shared hosting plan and your provider does not allow you to login to the server via ssh to manage your database. But even there I would remove it after the database is setup. Since digitalocean gives you the opportunity to setup your own server which you control yourself, it is time to drop phpmyadmin from your toolbox. MySQL gives you all the tools you need to manage your database. If you use phpmyadmin, in case of a misconfiguration of your webserver, which generally might not be such a big problem, with phpmyadmin the entire database is wide open to any attacker. On many servers, the database is almost everything or something like the core of the web applications the server runs which need to be protected. And attacking phpmyadmin is on top of the list of every script kiddie on this planet. This is a permanent security hole, that cannot be underestimated, it might be the worst what could happen to your server, esp. when you consider, how rarely you will use this tool on the long run and how little the benefit you get from it on a server. Second: If you still want to use phpmyadmin, which is not a good idea, you MUST use SSL and disallow access to phpmyadmin via plain http. Otherwise the password protection works like locked garden gate while everybody could easily jump over the fence. So I suggest to add a warning about the use of phpmyadmin to this article and that SSL is a requirement and that phpmyadmin is setup only in the SSL-section of the web server configuration. That is the least, you should do. Regards Thomas PS: In case someone got me wrong: there is nothing wrong with phpmyadmin itself from my point of view. It is just generally not a good idea to turn powerful administrational tools to the outside world. They are then accessible and attackable 365x24 while you might use them only for a couple of hours in the year, if at all, when the server does it job for years. So they are much more a service for hackers than they are for the administrator of the servers.

  • Gravatar jezpeters 12 months

    "Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser." This is the only sticky point in this otherwise great tutorial. How do I know what directories are available? What would be the best one to use once I worked out how to list them? Maybe a suggested location would be an idea.

  • Gravatar tbailey0316 12 months

    Hi, I recently wrote a pretty in depth guide for installing phpMyAdmin in Ubuntu. Dunno if I can share it here or not but here goes. http://draalin.com/installing-phpmyadmin-in-ubuntu/ If you have any issues just send me a message.

  • Gravatar Mohd Rafie 12 months

    I seems to have a problem with restarting my Apache: Syntax error on line 8 of /etc/phpmyadmin/apache.conf: allow and deny must be followed by 'from' Action 'configtest' failed. What I add at the /etc/phpmyadmin/apache.conf is as follows... Options FollowSymLinks DirectoryIndex index.php Allow Override All [...] Any suggestions?

  • Gravatar Kamal Nasser 12 months

    @Mohd Rafie: You should have "AllowOverride" instead of "Allow Override". Restart/reload Apache and it should be fixed.

  • Gravatar marcbruch 11 months

    HEy i get no access to phpmyadmin. Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache/2.2.22 (Ubuntu) Server at 198.199.100.248 Port 80 can you help me ? i started this setup the second time after destroy

  • Gravatar Kamal Nasser 11 months

    @marcbruch It means there is an error, check your logs - it's mostly a php error.

  • Gravatar tiago.pcodelico 11 months

    When I try to save a /etc/apache2/apache2.conf, this error display: Error writing /etc/apache2/apache2.conf: No such file or directory How can I fix it?

  • Gravatar Kamal Nasser 11 months

    @tiago.pcodelico Did you run nano as root (via sudo)?

  • Gravatar rezabyte 11 months

    While installing phpmyadmin at the step "Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common" I choose no mistakenly. How to recover this error now? thanks!

  • Gravatar Kamal Nasser 11 months

    @reza.cybersolutions you can reconfigure phpmyadmin by running the following command: sudo dpkg-reconfigure phpmyadmin

  • Gravatar rajeev1204 10 months

    Syntax error on line 9 of /etc/phpmyadmin/apache.conf: Invalid command '[...]', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. ...fail!

  • Gravatar Kamal Nasser 10 months

    @rajeev1204 don't just blindly copy-paste the instructions, it's not what you should do. The section clearly states "Under the directory section, add the line “AllowOverride All” under “Directory Index”, making the section look like this:". The [...] shouldn't be there, you have to only add AllowOverride All under DirectoryIndex. Nothing else.

  • Gravatar rajeev1204 10 months

    Thanks for replying so fast Kamal, iam almost done configuring everything, just have to add ns records now. Still learning though. So basically [...] just means continuation of the file?

  • Gravatar Kamal Nasser 10 months

    Yes rajeev1204, that is correct.

  • Gravatar duffleboi911 10 months

    after going through the settings, when I visit ipaddress/phpmyadmin it will download a file and not the phpmyadmin page. How can I go about this?

  • Gravatar Kamal Nasser 10 months

    @duffleboi911 Try installing libapache2-mod-php and restarting Apache. Does that fix it?

  • Gravatar catweasled 10 months

    Hello, ...after doing this security update, descriped on the top, apach2 is asking me for a Password on every virtual site. Even if there is no .htpasswd. If apache2 hits any .htaccess file it generates a Passwort dialog. I dont no how to stop it. Please help!

  • Gravatar Kamal Nasser 10 months

    @catweasled: The "Configure the .htaccess file" step sets up HTTP authentication, revert the changes you made there and it should stop asking for a username/password.

  • Gravatar catweasled 10 months

    ...thanks, I think I fixed it. :-) I've put one of this .htaccess file in my piwik main folder and then every tracking code calls this .htaccess file. This results in an username/password dialog.

  • Gravatar Marcelo de Queiroz 10 months

    Dear Sirs I’m trying to set up the user authorization within .htaccess file, but I can’t type quotes ou make copy/paste in the console VNC connection This happens in MacBook and Windows desktop How can I do it? Thanks

  • Gravatar Kamal Nasser 10 months

    @marcelo: The web console is meant for emergency out-of-band access. You should log in to your droplet via SSH: https://www.digitalocean.com/community/articles/how-to-log-into-your-droplet-with-putty-for-windows-users

  • Gravatar Marcelo de Queiroz 10 months

    Thanks Kamal!

  • Gravatar liquidblasted 10 months

    Hi I followed this tutorial and all was fine, but since a couple of days I can't enter in phpMyAdmin - I pass .htaccess with login & password, I see phpmyadmin's login window, I enter login and password - but after that I get a link like: http://my_domain:8080/phpmyadmin/index.php?token=blablabla(lotoflettersandnumbers) and an error: This webpage is not available Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection. All configs was unchanged and still the same as in tutorial, and I can't access from different machines from different providers. Can anyone suggest any ideas why it is so?

  • Gravatar liquidblasted 10 months

    I figured it out - it was because of Varnish installing.

  • Gravatar baslon 10 months

    Guys, Fantastic resource! One of the clearest explanations I have found that can we understood by a novice like me. Thanks!

  • Gravatar geekmau5 10 months

    I've completely installed phpMyAdmin on Ubuntu, but it gives me the error: "We were able to connect to the database server (which means your username and password is okay) but not able to select the wordpress database.[...]" How can I fix it?

  • Gravatar geekmau5 10 months

    In the prev post I was talking about Wordpress, sorry. My problem is phpMyAdmin. He give mi the error: "You don't have any permission" but I want to create tables. How can I do?

  • Gravatar Kamal Nasser 10 months

    @geekmau5 does your user have proper permissions to access the wordpress database? Did you follow an article on installing wordpress? If so, please link it in your comment.

  • Gravatar stephensnote 9 months

    If I use the pushbutton "cancel" enough times the htaccess page still lets the unauthorized user view the phpmyadmin page. Any suggestion as to what I might have missed?

  • Gravatar Kamal Nasser 9 months

    @stephensnote: It might be cached, try clearing your cache and browsing to phpmyadmin again, or try another browser.

  • Gravatar cheeho_97 9 months

    I had follow the step but when i want to create the htpasswd file. I pops out "htpasswd: cannot create file /path/to/passwords/.htpasswd"

  • Gravatar Kamal Nasser 9 months

    @cheeho_97: Please see Etel's comment above (Posted December 26th, 2012 15:43).

  • Gravatar cheeho_97 9 months

    Thanks! I never knew that it is that easy! Thanks Kamal!

  • Gravatar Kamal Nasser 9 months

    Awesome :]

  • Gravatar felix.johnson 8 months

    the username, should it be replaced with the name I want it to be?

  • Gravatar Kamal Nasser 8 months

    Yes

  • Gravatar felix.johnson 8 months

    how do I know the path to my password?

  • Gravatar Kamal Nasser 8 months

    Please see Etel's comment above (Posted December 26th, 2012 15:43).

  • Gravatar felix.johnson 8 months

    should I just specify a path?

  • Gravatar felix.johnson 8 months

    just like that?

  • Gravatar felix.johnson 8 months

    shouldn`t it be a path that exist?

  • Gravatar Kamal Nasser 8 months

    No, specify a path that exists. For example, /var/www/.htpasswd

  • Gravatar felix.johnson 8 months

    thnx, but how do I see the paths that actually exist?

  • Gravatar felix.johnson 8 months

    or should I just put in the path u wrote there :)

  • Gravatar felix.johnson 8 months

    thnx, now it worked

  • Gravatar felix.johnson 8 months

    nice tut

  • Gravatar emilio_b2002 8 months

    Sorry, I do not understand were to place this line: Include /etc/phpmyadmin/apache.conf I have the server working, but I can not access to Cpanel (it ask for username and password) and I can not access to phpmyadmin

  • Gravatar Kamal Nasser 8 months

    @emilio_b2002: Do you have cPanel installed on your droplet?

  • Gravatar emilio_b2002 8 months

    Yes Kamal, I have Cpanel installed.

  • Gravatar Kamal Nasser 8 months

    @emilio_b2002: You shouldn't follow this article if you're using cPanel. It simply won't work -- neither will any of the other articles. Plus, this article for Ubuntu. cPanel does not support Ubuntu so I assume you're on CentOS, so this article won't work. cPanel already installs phpmyadmin for you, why not use that?

  • Gravatar phellipe.andrade 8 months

    I had follow the step but when i want to create the htpasswd file. I pops out "htpasswd: cannot create file /path/to/passwords/.htpasswd" How can I solve that?

  • Gravatar Kamal Nasser 8 months

    @phellipe.andrade: Replace

    /path/to/passwords
    with a path that actually exists, e.g.
    /var/www

  • Gravatar zincster05 8 months

    Awesome!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! THanks

  • Gravatar rohimkudus 8 months

    wow great .... work perfect

  • Gravatar Giri 8 months

    Hello Digitalocean, Change "/path/to/passwords" font color to red.

  • Gravatar Kamal Nasser 8 months

    @Giri: Done. :]

  • Gravatar billmarel 8 months

    During my effort to install phpmyadmin, the only question asked was about disk space usage. I got these errors: Err http://archive.ubuntu.com/ubuntu/ precise-updates/main php5-gd amd64 5.3.10-1ubuntu3.6 404 Not Found [IP: 91.189.91.15 80] Get:4 http://archive.ubuntu.com/ubuntu/ precise/universe phpmyadmin all 4:3.4.10.1-1 [5,343 kB] Err http://security.ubuntu.com/ubuntu/ precise-security/main php5-gd amd64 5.3.10-1ubuntu3.6 404 Not Found [IP: 91.189.92.202 80] Fetched 6,161 kB in 2s (2,743 kB/s) Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.3.10-1ubuntu3.6_amd64.deb 404 Not Found [IP: 91.189.92.202 80] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? How should I proceed from here?

  • Gravatar Kamal Nasser 8 months

    @billmarel: Read the error -- what does it say?

  • Gravatar Misha Vinokur 8 months

    Hi everyone I seem to be getting this error during the install process Access denied for user 'root'@'localhost' (using ? ? password: YES)

  • Gravatar Kamal Nasser 8 months

    @mvinokur: Are you entering the correct password for root when it prompts you for it?

  • Gravatar [email protected] 8 months

    Etel , Are you a user of DO or Staff ?

  • Gravatar gurkanskaya 7 months

    @billmarel You could try an other mirror, like http://archive.ubuntu.com/. Run the next command to replace all occurrences of http://in.archive.ubuntu.com/ with http://archive.ubuntu.com/: sudo sed 's@http://in\.archive\.ubuntu\.com/@http://archive.ubuntu.com/@' -i /etc/apt/sources.list Next, proceed with an update: sudo apt-get update Followed by an upgrade or install: sudo apt-get upgrade sudo apt-get install [package-name] I did try and now working

  • Gravatar tusharthakur123 7 months

    I can get what to replace in this command: sudo htpasswd -c /path/to/passwords/.htpasswd username red part?

  • Gravatar Barry Briggs 7 months

    Got this almost working but after logging into the Apache security dialogue I was seeing phpMyAdmin throw 500 errors. After a bit of Googling it seems you have to grant the web service user permissions to view the new .htaccess file and the whole web user folder. Running these 2 commands fixed that for me: sudo chmod -R 755 /usr/share/phpmyadmin/.htaccess sudo chmod -R 755 /home/username

  • Gravatar Kamal Nasser 7 months

    @tusharthakur123: Yes, replace it with the username you want to login as.

  • Gravatar benmaffin 7 months

    Awesome - thanks for the article.

  • Gravatar jhay 7 months

    I'm stuck on the step that says: "add phpmyadmin to the apache configuration" What exactly do I put into the conf file? Also, when i ran the sudo apt-get install phpmyadmin, it did not take me through the installation process step by step where I could setup the username and password, enter the SQL password, it just installed phpmyadmin which I could navigate to just fine. But I can't login because I don't know what user name and password to provide.

  • Gravatar Kamal Nasser 7 months

    @jhay: I'm stuck on the step that says: "add phpmyadmin to the apache configuration" What exactly do I put into the conf file? The 3 commands that follow that sentence walk you through adding phpmyadmin to the apache config. Also, when i ran the sudo apt-get install phpmyadmin, it did not take me through the installation process step by step where I could setup the username and password, enter the SQL password, it just installed phpmyadmin which I could navigate to just fine. But I can't login because I don't know what user name and password to provide. Did you install it on a fresh new droplet or did you have mysql installed previously?

  • Gravatar mythemesdepot 7 months

    I'm heaving the same problem as jhay i've installed phpmyadmin but it's not taking me to any setup process on fresh droplet, what do i do now ?

  • Gravatar pablovv2012 7 months

    Im having this issue: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. , can anyone please, help, but I dont need an answer like this one from rafa.alcantara : THAT WAS THE PROBLEM. I used a relative path to my home from .htaccess, so I fix this " -> what the $%# did you fix?? ", clear cache browser and EVERYTHING WAS RIGHT.

  • Gravatar barakakinyori 6 months

    I have got the following error while restarting apache2 to access phpMyAdmin interface [warn] NameVirtualHost *:80 has no VirtualHosts And the VirtualHosts I have changed to := ServerAdmin webmaster@localhost ServerName baraka.com:443 Can you help me solve this problem please

  • Gravatar eirik.rm 6 months

    If anybody has problem with the htpasswd, it might not be installed: apt-get install apache2-utils For more information about the htpasswd: http://weavervsworld.com/docs/other/passprotect.html

  • Gravatar cmsllince 6 months

    Thanks..it was helpful. Configure the .htaccess file: AuthUserFile /path/to/passwords needs to be: AuthUserFile /path/to/passwords/.htpasswd Create the htpasswd file: sudo htpasswd -c /path/to/passwords/.htpasswd username

  • Gravatar billing 6 months

    I configured PHP as instructed above. I change the "/path/to/passwords/" the directory that I wanted it to be in. However, if I try to access ip/phpmyadmin and log in, I get the following error??? ======================== Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. =================== Any ideas?

  • Gravatar Kamal Nasser 6 months

    @billing: Please pastebin /usr/share/phpmyadmin/.htaccess's contents.

  • Gravatar jodytunnicliff 6 months

    Worked Great. Thank You!!

  • Gravatar m4rk89 5 months

    Great tutorial. I haven't read all the comments (there are many and I stopped reading half-way), but just in case nobody mentions it and because it is not mentioned in the tutorial: When you are going to create the htpasswd file, make sure to manually create the folders in case they don't exist already. For example, if you are going to do "sudo htpasswd -c /var/passwords/.htpasswd username", you will first have to create the folder "passwords" in the "var" directory. And since you need superuser privileges to create a folder in this case, open a console and type "sudo nautilus". This will allow you to navigate the file system with superuser credentials. Thank you for the great content!

  • Gravatar Dan Bohea 5 months

    Where the article reads: AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/passwords/.htpasswd Require valid-user "/path/to/passwords/.htpasswd" should be formatted in red. The guide says to just paste this whole chunk of text into nano without indicating that you need to customise a line.

  • Gravatar Kamal Nasser 5 months

    @Dan: Thanks, fixed :]

  • Gravatar admin 5 months

    Then, configure fail2ban to enable apache jail to prevent from Brute-forcing the apache authentication . [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 3

  • Gravatar ignaciosala 5 months

    This tutorial is great!!! My only concern is security. Is it possible to move the location of "host/phpmyadmin" to somthing like "host/test/phpmyadmin". Any suggestions or ideas? Thanks

  • Gravatar Kamal Nasser 5 months

    @ignaciosala: You can rename "/phpmyadmin" to something else by editing the Alias directive in /etc/apache2/conf.d/phpmyadmin.conf.

  • Gravatar Renée Sharelle 4 months

    I want to move phpmyadmin to a subdomain (using virtual hosts) like mysql.mydomain.com. Is this possible? How would I go about it?

  • Gravatar irfantony 4 months

    Hi, After done with Set Up the .htaccess File, I have a new username and a password but I can't login to phpmyadmin unless I use root and MySQL's password. I did try several times to sudo htpasswd -c /path/to/passwords/.htpasswd username with a new password but still can't login with "username" and "password" Is it vulnerable if I use "root" to login?

  • Gravatar wewingames223 4 months

    I had the same problem, however I figured out that I had no read/write permissions in the original directory for the .htpasswd file, and I changed /path/to/passwords/ to another directory to where I had all permissions on the file.

  • Gravatar smanish330 4 months

    typing "Include /etc/phpmyadmin/apache.conf" after completion the phpmyadmin installation it shows -bash: Include: command not found. why this is happened

  • Gravatar Kamal Nasser 4 months

    @smanish330: That's not a command. You need to add it to /etc/apache2/apache2.conf.

  • Gravatar SaM5246 4 months

    The permissions for that .htaccess file should be 755 if you're having trouble like error 500 "Could not open password file: /etc/apache2/~/.htpasswd That's what worked for me, hope this helps someone, the tutorial could be better

  • Gravatar themeanspolo 4 months

    How do I disallow access to phpmyadmin via plain http?

  • Gravatar Kamal Nasser 4 months

    @themeanspolo: Edit /usr/share/phpmyadmin/.htaccess and add this in: http://stackoverflow.com/a/10489949/3018432.

  • Gravatar mageofit 3 months

    I've had an error "htpasswd command not found". I fixed it by installing the apache2-utils package like so: sudo apt-get install apache2-utils P.S. Thank you very much for great tutorials. It helps a lot

  • Gravatar mkzia056 3 months

    hello, i am facing the problem in creating .htpasswd file. showing error internal server error 500. help me out. thanks. kashif zia

  • Gravatar Kamal Nasser 3 months

    @mkzia056: Check apache's error logs:

    tail /var/log/apache2/error.log
    What do you see?

  • Gravatar maztertech 3 months

    Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg-turbo8 libjpeg8 libt1-5 libxpm4 php5-gd ttf-dejavu-core Suggested packages: libgd-tools The following NEW packages will be installed: dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg-turbo8 libjpeg8 libt1-5 libxpm4 php5-gd phpmyadmin ttf-dejavu-core 0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded. Need to get 155 kB/8,065 kB of archives. After this operation, 22.6 MB of additional disk space will be used. Do you want to continue [Y/n]? y Err http://archive.ubuntu.com/ubuntu/ precise-updates/main libjpeg-turbo8 i386 1 .1.90+svn733-0ubuntu4.1 404 Not Found [IP: 91.189.91.14 80] Err http://archive.ubuntu.com/ubuntu/ precise-updates/main php5-gd i386 5.3.10-1 ubuntu3.6 404 Not Found [IP: 91.189.91.14 80] Err http://security.ubuntu.com/ubuntu/ precise-security/main php5-gd i386 5.3.10 -1ubuntu3.6 404 Not Found [IP: 91.189.91.14 80] Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/libj/libjpeg-turbo/li bjpeg-turbo8_1.1.90+svn733-0ubuntu4.1_i386.deb 404 Not Found [IP: 91.189.91.14 80] Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.3.1 0-1ubuntu3.6_i386.deb 404 Not Found [IP: 91.189.91.14 80] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-mis

  • Gravatar Kamal Nasser 3 months

    @maztertech: Read the error:

    E: Unable to fetch some archives, maybe run apt-get update or try with --fix-mis

  • Gravatar luanpersini 3 months

    Hello, just some hints about a few things: Let everyone know that the root@localhost shall exist to install phpmyadmin. I got an error cause i changed that following a tutorial to secure Mysql databases, so i had to unistal phpmyadmin and change the login back to root to keep going. This step is not clear enought, had me to look over a lot of comments: Add the phpmyadmin config to the file. Include /etc/phpmyadmin/apache.conf Could be writen like: Add the phpmyadmin by including the folowing line in the apache2.conf Include /etc/phpmyadmin/apache.conf ------------------------- Also, you could make a list of comands to remove/reconfigure phpmyadmin + the sudo apt-get update so we dont need to search trought all those coments. And Kamal, not everyone is an expert on linux and english is not the main language of many people, so writting things like: (@billmarel: Read the error -- what does it say?) wont help.

  • Gravatar geofurtado 3 months

    Thanks much ... this works great.

  • Gravatar vinicius 3 months

    nice, thanks a lot!

  • Gravatar ollie 3 months

    Brilliant article, thanks! I was getting a 404 on myhost.com/phpmyadmin then I realised I edited 'apach2' not 'apache2'. The empty file should have been a give away - doh!

  • Gravatar Derek McKercher 3 months

    Hi, When I am going to create the htpasswd file using this command: sudo htpasswd -c /var/www/.htpasswd root it's giving me this error: sudo: htpasswd: command not found any help regarding this?

  • Gravatar Kamal Nasser 3 months

    @Derek: Run

    sudo apt-get install apache2-utils

  • Gravatar dreamerhyde 2 months

    If you guys have "internal server error" or "Internal Server Error 500" Probably because you have closed some necessary modules cause these problems. Try to use this command to open necessary modules:

    a2enmod auth_basic authn_file authz_user

  • Gravatar w38g0ru 2 months

    How to make sub domain for phpmyadmin directory ? (e.g. phpmyadmin.example.tld instead of example.tld/phpmyadmin)

  • Gravatar dehawkinz about 1 month

    OK, this might seem like a odd question I am installing phpmyadmin onto a local computer to act as a front-end to manage a mySQL database, it will not be accessible to anyone other than my family. Do I still need to go through the "Security" steps? My sentiment is, it is working, why risk breaking it if I don't need to add extra options, and there seem to have been a lot of problems with the security section judging by the comments :)

  • Gravatar massimobrazil about 1 month

    You guys are RockStars, SHOULD Change your name to 'Rockstars'

  • Gravatar massimobrazil about 1 month

    The instructions here are almost Bullet-Proof. Thank you so very much for taking so much care in writing such Fantastic Technical Documents- I am not new to writing Technical Documents nor in Criticizing them- All your documentations are 99.9999% Perfect. You have done a meticulous job and it shows, I can not thank you enough.

  • Gravatar germanab7 about 1 month

    Kamal: I can't find any articles or tutorials like before. I'm having trouble finding articles or questions, These are two diffrentes things, maybe I'm wrong. digitalocean is awsome but dont understnd why change so much Tks

  • Gravatar Kamal Nasser about 1 month

    @germanab7: Thanks for the feedback. The new community site is still in beta, but we're working hard on ironing out any bugs we encounter and are considering every bit of feedback provided by the community -- after all, it's built FOR the community. :] Search should be fixed soon.

  • Gravatar kaxley0618 about 1 month

    I'm having an issue that when I get to creating the htpasswd (the step before the apache restart) that says: htpasswd: cannot create file /path/to/passwords/.htpasswd. I'll go through the tutorial again and see if this still comes up.

  • Gravatar kenpachi 29 days

    I am having an issue with "sudo htpasswd -c /path/to/passwords/.htpasswd username" it said "cannot create file /path/to/passwords/.htpasswd" any clear idea on the solution? Thanks

  • Gravatar jmcornejo00 26 days

    In case I needed to, how would I reset the htpasswd ?

  • Gravatar Kamal Nasser 26 days

    @jmcornejo00: Simply run the htpasswd command again. You might want to clear the file beforehand.

  • Gravatar Kamal Nasser 26 days

    @kenpachi: You have to replace /path/to/passwords with a path that actually exists, such as /etc/apache2/passwords (you can create that directory by running mkdir /etc/apache2/passwords).

  • Gravatar tenjinspen 2 days

    After executing this step "sudo htpasswd -c /path/to/passwords/.htpasswd username” I got the following error: "htpasswd: cannot create file /path/to/passwords/.htpasswd” Any idea how to resolve this?

  • Gravatar Andrew SB 2 days

    @tenjinspen In the command you need to replace the that part that says "/path/to/passwords/" with an actual location on your file system. You could do something like: sudo mkdir /etc/apache2/passwords sudo htpasswd -c /etc/apache2/passwords/.htpasswd username

Leave a Comment

Create an account or login:
Ajax-loader