fr_flag en_flag

Install and configure PhpMyAdmin on CentOS

If you use mysql on your server, chances are you also want to use PhpMyAdmin.

Install phpMyAdmin

Once you have installed and configure mysql-server, install the custom EPEL repository to get PhpMyAdmin.

#use the -y argument to answer YES automatically
yum -y install mysql-server

#set your password for the mysql root account
service mysqld start
mysqladmin -u root password 'r00tp4ssw0rd'
#you could also run the secure installation assistant
/usr/bin/mysql_secure_installation

#add the EPEL repository
rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarc...
#import the public key to make sure future retrieval from epel are genuine
rpm –import https://fedoraproject.org/static/0608B895.txt
yum install phpmyadmin

Allow access to phpMyAdmin

You will need to edit PhpMyAdmin configuration file in order to connect from another IP than localhost (which is 127.0.0.1). So open up /etc/phpMyAdmin/config.inc.php to change the default Apache configuration for PhpMyAdmin

vim /etc/phpMyAdmin/config.inc.php

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
     Order Deny,Allow
     Allow from all
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
    Order Deny,Allow
    Allow from all
</Directory>

Don't forget to firewall off your tcp port 3306, if you use iptables, you can do it like this :

iptables -I INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT

At this point, you should succeed to connect to phpMyAdmin.

Secure phpMyAdmin

Limit access to your IP

If you have a static IP, it would be safer to limit connexions only from it, by replacing Alow from all by these lines:

     #instead of Allow from all, put this
     Order Deny,Allow
     Deny from All
     Allow from "your IP goes here"

Require SSL

Now if you allowed any IP to connect the server PhpMyAdmin directory, it is safer to force SSL connexion, this way your password won't be sent in clear when we login thus it prevents your account to be comprised. You must have mod ssl enable on your Apache server

yum -y install mod_ssl
service mysqld restart
vim /etc/phpMyAdmin/config.inc.php

#add a configuration line at the bottom of the file
$cfg['ForceSSL'] = true;

If you try to connect phpMyAdmin now, it's likely to fail in case your firewall is configured without a rule accepting SSL. You can add the following iptables

iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT

Next time you login on phpMyAdmin, you will be asked to accept the unsigned certificate of your server, which is normal since your certificate is self-signed and you don't have a signing authority.

Change the alias

Some bots scan web-servers to bruteforce them, save yourself some trouble and hide your phpMyAdmin panel by changing it's url alias. Open the configuration file and change the alias to something unpredictable :

Alias /aNewSecretLocation /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
...

Enable cookie

Instead of making an http request each time you connect to phpMyAdmin, you can encrypt your password inside a cookie. Edit the configuration file (when using vim, locate the line with auth_type by typing "/"+"auth_type") :

# /etc/httpd/conf.d/phpMyAdmin.conf is an alias for
#the /etc/phpMyAdmin/config.inc.php we edited earlier
vim /etc/httpd/conf.d/phpMyAdmin.conf

#replace http by cookie
$cfg['Servers'][$i]['auth_type'] = 'cookie' ;

#enter a secret phrase,
#you don't need to remember it.
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

There you go ;=)

------------------------------------------------------------------------------------

Need to run a FTP server ? Check this article.

English
Type: 
Share/Save

Comments

The allow access section should actually be referring to vi /etc/httpd/conf.d/phpMyAdmin.conf
Not /etc/phpMyAdmin/config.inc.php
/etc/phpMyAdmin/config.inc.php has the server config arrays such as enable compression, etc.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.