phpMyAdmin is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services. In this guide, we are going to install phpMyAdmin with Apache on CentOS 7.

An important prerequisite before using this guide is to install a LAMP (Linux, Apache, MariaDB, and PHP) stack on your CentOS 7 server. The LAMP stack is the platform which will be used to serve our phpMyAdmin interface (MariaDB is also the database management software that we are wishing to manage). If you do not yet have a LAMP installation on your server, click here to read our tutorial on installing LAMP on CentOS 7.

Step 1: Add EPEL repo:
We need to add the EPEL repo (Extra Packages for Enterprise Linux) to our server before proceeding with installation has it contains many additional packages, including the phpMyAdmin package we are looking for. To install, type the command below:

sudo yum install epel-release

Step 2: Install phpMyAdmin:
Type the command below to install the phpMyAdmin package using the yum packaging system followed by y to continue:

sudo yum install phpmyadmin

After successfully installing, you should get a similar result as shown below:

The installation includes an Apache configuration file that has been placed in its appropriate directory. We need to modify this config file for our installation to work perfectly for our needs.

Open the phpMyAdmin.conf in the /etc/httpd file in the text editor(nano in this guide) to make a few modifications:

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Currently, the setup in the configuration file is configured to deny access to any connection not being made from the server itself. Since we are assessing our server remotely (via ssh), we need to modify some lines to specify the IP address of your home connection.

The first location is the <Directory /usr/share/phpMyAdmin/> section as shown below:

Change any lines that read Require ip 127.0.0.1 or Allow from 127.0.0.1 to refer to your home connection's IP address.

Note: If you need help finding your home connection's IP, click here to check.

The second location is the <Directory /usr/share/phpMyAdmin/setup/> section as shown below:

Also, change any lines that read Require ip 127.0.0.1 or Allow from 127.0.0.1 to refer to your home connection's IP address.

Note: Your home connections' IP address differs from the IP address of your VPS.

After making the configurations, restart the Apache web server by typing:

sudo systemctl restart httpd.service

To access the interface, visit your public IP address or server's domain name followed by /phpMyAdmin, in your web browser:

http://server_domain_or_IP/phpMyAdmin 

Log into the phpmyadmin interface using the root username and the administrative password you set up during the MySQL installation. After logging in, the user interface looks like the screenshot below:

SECURING YOUR PHPMYADMIN INSTANCE

Securing your phpmyadmin is important in order to prevent unauthorized access. An easy way to do this is to change the location of the interface from /phpMyAdmin to something else to prevent automated bot brute-force attempts.

Open the configuration file using the command below:

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

The two lines below are the default aliases that serve us content from the /usr/share/phpMyAdmin location if we access our site's domain name or IP address, followed by either /phpMyAdmin or /phpmyadmin.

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

We are going to disable these default aliases due to the high rate at which they are targeted by bots and malicious users. For security purposes, we should decide on our own alias having these two rules in mind:

  • It shouldn't indicate the purpose of the URL location.
  • It should be easy to remember but not easy to guess.

In this guide, we are going to use /somethingelse.

To apply our changes, we are going to comment out the existing lines (you can remove them enirely) and add our own:

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin
Alias /somethingelse /usr/share/phpMyAdmin

Save and close the file then proceed to restart httpd with the command below:

sudo systemctl restart httpd.service

If you visit the previous location of your phpMyAdmin installation, you will get a 404 error:

http://server_domain_or_IP/phpMyAdmin

http://server_domain_or_IP/nothingtosee

You can also secure phpMyAdmin placing a gateway in front of the entire application by using Apache's built-in .htaccess authentication and authorization functionalities.

Firstly, we will need to enable the use of .htaccess file overrides by editing our Apache configuration file. Open the phpmyadmin.conf with the command below:

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf 

Add AllowOverride All to the bottom of the <Directory /usr/share/phpmyadmin> section of the configuration file as shown below:

Save the file before closing then proceed to restart Apache with the command:

sudo systemctl restart apache2

After enabling .htaccess use, we need to create the file to fully implement security by typing the command below:

sudo nano /usr/share/phpmyadmin/.htaccess

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

You can read more on htaccess here.

Type the command below to add the password to the htaccess file:

sudo htpasswd -c /etc/httpd/pma_pass username

To add additional users to authenticate, type the same command again but this time without the -c flag, and with a new username:

sudo htpasswd /etc/httpd/pma_pass seconduser

With this, whenever you access phpMyAdmin on your domain, you will be prompted for the additional account name and password that you just configured as shown below:
With this, whenever you access phpMyAdmin on your domain, you will be prompted for the additional account name and password that you just configured as shown below:

After typing the Apache authentication password, you'll be redirected to the original phpMyAdmin authentication page to enter your other credentials.