This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:
Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.
See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
PhpMyAdmin is a web-based frontend used to easily administer MySQL databases in a visually friendly way. You can set up this software to manage the data on your VPS remotely without shell access.
Although phpMyAdmin is useful, it can also be insecure if not configured correctly. This guide will cover how to install phpMyAdmin on a LAMP (Linux, Apache, MySQL, and PHP5) stack on an Ubuntu 12.04 machine using SSL and access restrictions.
This guide assumes that you have root access to an Ubuntu 12.04 server, and that you have already configured LAMP. Follow this guide to install Apache, MySQL, and PHP on Ubuntu 12.04 if you haven't already set this up.
Log into your server and continue when ready.
Ubuntu 12.04 includes phpMyAdmin in its default repositories. Install using this command:
sudo apt-get install phpmyadmin
Select "Apache2" as the server to configure during installation. Select "Yes" to allow the phpMyAdmin database to be configured automatically.
Enter the password you set up for the root MySQL user during installation, and then assign a password for the phpMyAdmin process to use to log in.
Tell Apache to source the phpMyAdmin configuration in order to allow access to the application.
Edit the main Apache configuration file with root privileges:
sudo nano /etc/apache2/apache2.conf
Scroll to the bottom of the file and type the following directive to make Apache read the phpMyAdmin specific configuration file:
Include /etc/phpmyadmin/apache.conf
Restart the server for the changes to take affect:
sudo service apache2 restart
You may get a message that reads:
[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias. apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
These are just warnings and can be safely ignored.
The first step in securing phpMyAdmin is to set up .htaccess restrictions. This will require a password login prior to accessing the phpMyAdmin interface.
First, configure phpMyAdmin apache configuration to allow the use of .htaccess files. Open the phpMyAdmin apache configuration file with root privileges:
sudo nano /etc/phpmyadmin/apache.conf
Under the line that reads "DirectoryIndex index.php", insert a line that reads "AllowOverride All":
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
. . .
Save and close the file.
Now, create a phpMyAdmin-specific .htaccess file:
sudo nano /usr/share/phpmyadmin/.htaccess
Insert the following text into the file:
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Save and close the file.
This change makes our site look in "/etc/phpmyadmin/.htpasswd" for a list of valid login credentials.
We can create that file and a login account with the following command. Substitute the username you would like to use:
sudo htpasswd -c /etc/phpmyadmin/.htpasswd user_name
You will be asked to choose a password for the new user.
Now, restart Apache to enable the access restrictions:
sudo service apache2 restart
We are going to be passing sensitive data between the web interface and the server, so we need to set up SSL in order to make sure our data is not sent in plain text.
First, tell Apache to enable SSL support and restart the server to implement the change with the following commands:
sudo a2enmod ssl sudo service apache2 restart
Create a directory to store our SSL certificates, and then create a key and cert with the following commands:
sudo mkdir /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
This will create a certificate that will be valid for 365 days. You will be asked a number of questions. Fill them out as best as you can.
The question that you must answer correctly is the "Common Name". Use your domain name or Server IP Address for this field.
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:NYC Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc Organizational Unit Name (eg, section) []:Dept of Merriment Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:webmaster@awesomeinc.com
Now that you have created an SSL certificate, you need to tell Apache to use SSL. Open the default virtual host config file with root privileges:
sudo nano /etc/apache2/sites-available/default
Begin by changing the "<VirtualHost *:80>" declaration to "<VirtualHost *:443>", which is the default SSL port.
After that change, add a "ServerName" section within the VirtualHost definition that specifies the domain name or IP address you used when creating your SSL certificate, followed by ":443":
<VirtualHost *:443> ServerAdmin webmaster@localhost ServerName example.com:443 . . .
Before closing the file, add the following lines just prior to the "</VirtualHost>" closing tag:
SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Save and close the file.
We now have to tell phpMyAdmin that SSL must be used whenever a connection is made.
We will do this within a phpMyAdmin configuration file. Open the file with root privileges for editing:
sudo nano /etc/phpmyadmin/config.inc.php
Scroll to the bottom of the file and add the following line:
$cfg['ForceSSL'] = true;
This is the only line needed to require SSL for phpMyAdmin.
Save and close the file.
If it is not already enabled, enable the site with the following command:
sudo a2ensite default
Restart the Apache service to implement the changes:
sudo service apache2 restart
To access the phpMyAdmin interface, navigate to your domain name or server IP address followed by "/phpmyadmin" with your browser:
example.com/phpmyadmin
You will be asked for the username and password you set up with the .htaccess file.
You will then probably see a screen complaining about the SSL certificate not being trusted.
This is expected because we created the SSL certificate ourselves and did not go through an SSL certification authority. This is fine for our purposes.
Click "proceed" or "continue" to move on. You will be asked for the .htaccess password again since we are now trying to access the site through SSL.
You will now be presented with the phpMyAdmin login page where you can enter your credentials you set up during installation.
Username: root
Password: your_phpmyadmin_password
You will now be dropped into the main phpMyConfig administration page:
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
I found also that adding
SSLRequireSSL
param in/usr/share/phpmyadmin/.htaccess
file enforce phpMyAdmin SSL/https connexion. See below:Attempt to connect to phpMyAdmin via http will fail and display this error message: Forbidden You don’t have permission to access /phpmyadmin/ on this server.
Hello,
I have Ubuntu 14.04 on my server and in order to get though the step ‘Configure Apache to Use SSL Certificates’ I used this command line ‘/etc/apache2/sites-available/000-default.conf’ instead of ‘sudo nano /etc/apache2/sites-available/default’ as it was suggested by the answers below.
But when I come to the following step ‘Enabling SSL Changes’ and I execute this command line: ‘sudo a2ensite default’
The terminal displayed me an errer telling that :
perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = “UTF-8”, LANG = “en_US.UTF-8” are supported and installed on your system. perl: warning: Falling back to the standard locale (“C”). ERROR: Site default does not exist!
I tried also : sudo a2ensite 00-default.conf but same results
admin@xxxxxx-hosting:~$ sudo a2ensite 00-default.conf perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = “UTF-8”, LANG = “en_US.UTF-8” are supported and installed on your system. perl: warning: Falling back to the standard locale (“C”). ERROR: Site 00-default does not exist!
This the final step and I would really appreciate an help :)
thank you in advance !
Bests,
Tayfun
I don’t have a FQDN yet, so I’m using IP address, but when I attempt to access phpmyadmin it just times out. Got the same
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1
error others are getting.This comment has been deleted
I’ve been trying to do this for a few days now. Every time I try to access any of the site in https it times out. I am reading it is related to the fact I am using virtual hosts and that it needs to verify something first which takes too long and then it times out. In my log there is the following:
Would really appreciate the help.
Conf files can be found here:
http://pastebin.com/cDnRXYHg
I follow the tutorial until this step sudo htpasswd -c /etc/phpmyadmin/.htpasswd newuser
An error sudo: htpasswd: command not found was displayed. I quit the installation of phpmyadmin at the beginning, maybe this is the reason. How do I remove phpmyadmin so that I can reinstall it? Thank you.
Hello, im using ubuntu 14.10 on apache2 server, any similar tutorial instead of ubuntu 12.04? im stuck after this command sudo nano /etc/apache2/sites-available/default there no such thing to edit in this file, just blank page.
Well update that, i found similar file here sudo nano /etc/apache2/sites-available/default-ssl.conf. Hope it help other who have same problem with me on ubuntu 14.10.
Hello, I followed this tutorial and everything worked. But after a while I installed a ssl certificate, other than self-signed and can not access phpmyadmin with root or password.
What can I do?
@barakakinyori: Please pastebin all of your virtualhost files.
I have an error that says
[warn] NameVirtualHost *:80 has no VirtualHosts
How can i solve it