1 How To Install and Secure phpmyadmin on Ubuntu Tagged In: Ubuntu, My Sql, Apache, Php About phpmyadmin phpmyadmin is an free web software to work with MySQL on the web it provides a convenient visual front end to the MySQL capabilities. Setup The steps in this tutorial require the user to have root privileges on your virtual private server. You can see how to set that up here in steps 3 and 4. Before working with phpmyadmin you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here. Once you have the user and required software, you can start installing phpmyadmin on your VPS! Install phpmyadmin The easiest way to install phpmyadmin is through apt-get: sudo apt-get install phpmyadmin During the installation, phpmyadmin will walk you through a basic configuration. Once the process starts up, follow these steps: Select Apache2 for the server Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common Enter your MySQL password when prompted Enter the password that you want to use to log into phpmyadmin After the installation has completed, add phpmyadmin to the apache configuration.
2 sudo nano /etc/apache2/apache2.conf Add the phpmyadmin config to the file. Include /etc/phpmyadmin/apache.conf Restart apache: sudo service apache2 restart You can then access phpmyadmin by going to youripaddress/phpmyadmin. The screen should look like this Security Unfortunately older versions of phpmyadmin have had serious security vulnerabilities including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpmyadmin. Set Up the.htaccess File To set this up start off by allowing the.htaccess file to work within the phpmyadmin directory. You can accomplish this in the phpmyadmin configuration file: sudo nano /etc/phpmyadmin/apache.conf Under the directory section, add the line AllowOverride All under Directory Index, making the section look like this: <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All [...] Configure the.htaccess file With the.htaccess file allowed, we can proceed to set up a native user whose login would be required to even access the phpmyadmin login page. Start by creating the.htaccess page in the phpmyadmin directory: sudo nano /usr/share/phpmyadmin/.htaccess Follow up by setting up the user authorization within.htaccess file. Copy and paste the following text in: AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/passwords/.htpasswd Require valid-user Below you ll see a quick explanation of each line
3 AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed. AuthName: This is text that will be displayed at the password prompt. You can put anything here. AuthUserFile: This line designates the server path to the password file (which we will create in the next step.) Require valid-user: This line tells the.htaccess file that only users defined in the password file can access the phpmyadmin login screen. Create the htpasswd file Now we will go ahead and create the valid user information. Start by creating a htpasswd file. Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser. Although you can name the password file whatever you prefer, the convention is to name it.htpasswd. sudo htpasswd -c /path/to/passwords/.htpasswd username A prompt will ask you to provide and confirm your password. Once the username and passwords pair are saved you can see that the password is encrypted in the file. FInish up by restarting apache: sudo service apache2 restart Accessing phpmyadmin phpmyadmin will now be much more secure since only authorized users will be able to reach the login page. Accessing youripaddress/phpmyadmin should display a screen like this. Fill it in with the username and password that you generated. After you login you can access phpmyadmin with the MySQL username and password. Related Articles By Etel Sverdlov How To Manually Install Oracle Java on a Debian or Ubuntu VPS How To Use Vundle to Manage Vim Plugins on a Linux VPS How To Use DM-Crypt to Create an Encrypted Volume on an Ubuntu VPS How To Set Up a Remote Database to Optimize Site Performance with MySQL
4 How To Download Software and Content onto your Linux VPS How To Install and Use Zope 2 and PostgreSQL on Ubuntu How To Configure Chroot Environments for Testing on an Ubuntu VPS How To Use DVTM and Dtach as a Terminal Window Manager on an Ubuntu VPS Share this Tutorial Try this tutorial on an SSD cloud server. Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more? YCryjhXPFEKBDv articles Create an account or login: Get Started! 152 Comments Write Tutorial Rob Jatho over 1 year Just a few comments for anyone who might be struggling: Configure the.htaccess file: AuthUserFile /path/to/passwords needs to be: AuthUserFile /path/to/passwords/.htpasswd Create the htpasswd file: sudo htpasswd -c /path/to/passwords/.htpasswd username Accessing phpmyadmin: Before this will work, you need to restart the server again sudo service apache2 restart Etel over 1 year
5 Thank you for the comment and clarification. I have changed a few of the commands to make it clearer above. Rob Jatho over 1 year Thanks for the quick update. Really great docs on the community and great service. Keep up the good work. Etel Sverdlov over 1 year Thank you! Daniel over 1 year Hi, i think this step: "After the installation has completed, add phpmyadmin to the apache configuration in /etc/apache2/apache2.conf Include /etc/phpmyadmin/apache.conf" should have this command: sudoedit /etc/apache2/apache2.conf Etel Sverdlov over 1 year Thanks for your comment! I have updated the article to explicitly include a step on editing the apache configuration.
6 fariazz over 1 year how do I configure it in nginx? fariazz over 1 year Never mind, switched to apache. Moisey over 1 year In Nginx you would have to set it up to parse PHP as by default Nginx is just a webserver which doesn't have the ability to process PHP. azraiyan over 1 year after I use this "sudo htpasswd -c /path/to/passwords/.htpasswd username" I got this message "cannot create file /path/to/passwords/.htpasswd". I thought I followed the steps. azraiyan over 1 year nevermind figured out myself but I got internal server error after I created the.htpasswd file
7 Etel Sverdlov over 1 year Make sure that the path to your.htpasswd file in the.htacess file matches the actual location. Eg. if you have the.htpasswd saved in /var/www (best practice says that it should be saved outside of your document root), make sure that the.htaccess file line points to it: AuthUserFile /var/www/.htpasswd inbox.francesco over 1 year Thanks for this but I get the following error whe I try to login in phpmyadmin: phpmyadmin - Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly. How can I fix this? Thanks Etel Sverdlov over 1 year I would check the Apache error log as well as the php error log (which may not already be enabled). Furthermore, you can find more information on correcting this error here: Arjan Dasselaar about 1 year Adding "Include /etc/phpmyadmin/apache.conf" leads to the following error: "[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias." when restarting Apache. Commenting it out again resolves this issue.
8 Arjan Dasselaar about 1 year According to this adding the include line should not be necessary, at least not in Ubuntu 9.04 (and presumably it also works fine in Ubuntu 12.04). kedarpanjiyar about 1 year I had installed phpmyadmin in ubuntu while installing I only entered the password for mysql.now when I am trying to get in phpmyadmin i am being asked for username and password.i don't know which username to provide anyone please help me..asap Etel Sverdlov about 1 year Try the username "root" austin about 1 year Hello! Whenever I go to my ip/phpmyadmin and login, I get a message. "Internal Server Error 500" Can someone please help me? voidnothings about 1 year I have the same problem as austin, after doing the extra security steps I have a 500 error. Anyone who can explain? Thanks!
9 squiz0 about 1 year What would i need to modify after following this tutorial: Thanks rafa.alcantara about 1 year SOLVED: Error 500 Hi, I had the same problem, 500 error. After watch my Apache log: sudo tail -f /var/log/apache2/error.log The last line said: "Could not open password file: /etc/apache2/~/.htpasswd THAT WAS THE PROBLEM. I used a relative path to my home from.htaccess, so I fix this, clear cache browser and EVERYTHING WAS RIGHT. I hope this help you. Rafa hello about 1 year just change default phpmyadmin url cd /etc/phpmyadmin/ sudo nano apache.conf Change Alias Alias /phpmyadmin /usr/share/phpmyadmin to Alias /secureadmin /usr/share/phpmyadmin service apache2 restart go to Jobs a goodun' djdubuque about 1 year Mine will not work.
10 djdubuque about 1 year [Sun Feb 24 07:35: ] [notice] Apache/ (Ubuntu) PHP/ ubuntu1.1 configured -- resuming normal operations [Sun Feb 24 10:16: ] [error] [client ] File does not exist: /var/www/manager Samuel Jacques about 1 year Also get this : "cannot create file /path/to/passwords/.htpasswd". while following exactly your steps Etel Sverdlov about 1 year Hi Sam, Please be sure to specify an actual location for the.htpasswd file. /path/to/passwords is not an actual path, just an indicator of what should go there. Edward Richmond about 1 year Hey folks, I've managed to get phpmyadmin running, but when I login, it gives an internal error page. Is this a common issue? Any ideas what I could check? Ed Rifki Aria Gumelar about 1 year
11 Hi, I'm very noob and I tried to create.htpasswd to /usr/passwds/.htpasswd but when I access phpmyadmin it show me "500 Internal Server Error", Can you help me? at least give me an example of the correct path to create.htpasswd file. Thanks Graham Freeman about 1 year Just want to say thanks for a great How To jacobpressures about 1 year Thanks guys for this information. its helpful but i'm still having a problem. As Arjan said: Adding "Include /etc/phpmyadmin/apache.conf" leads to the following error: "[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias." when restarting Apache. His comment helped to understand the problem but does not solve it for me. I'm getting the same warning but commenting out does not fix the problem. I added that include because my page would not display. Adding that line made my page display. However, i had to forbid all overrides in the /conf.d/security file for all the file system directories. So then my page stopped showing and giving me the error Arjan was getting. This is the code i was required to add to my /conf.d/security file. Its actually already there but commented out. AllowOverride None Order Deny,Allow Deny from all jacobpressures about 1 year Directory / AllowOverride None Order Deny,Allow Deny from all /Directory
12 jacobpressures about 1 year Oh I'm also using Ubuntu jacobpressures about 1 year Ok sorry for all of this. I back tracked and i was able to get rid of the include. tvw about 1 year Hi, this is not at all secure!!! It is not a good idea to use phpmyadmin at all on a server, which is accessible through the internet. There is only one exception from this rule: you have a shared hosting plan and your provider does not allow you to login to the server via ssh to manage your database. But even there I would remove it after the database is setup. Since digitalocean gives you the opportunity to setup your own server which you control yourself, it is time to drop phpmyadmin from your toolbox. MySQL gives you all the tools you need to manage your database. If you use phpmyadmin, in case of a misconfiguration of your webserver, which generally might not be such a big problem, with phpmyadmin the entire database is wide open to any attacker. On many servers, the database is almost everything or something like the core of the web applications the server runs which need to be protected. And attacking phpmyadmin is on top of the list of every script kiddie on this planet. This is a permanent security hole, that cannot be underestimated, it might be the worst what could happen to your server, esp. when you consider, how rarely you will use this tool on the long run and how little the benefit you get from it on a server. Second: If you still want to use phpmyadmin, which is not a good idea, you MUST use SSL and disallow access to phpmyadmin via plain http. Otherwise the password protection works like locked garden gate while everybody could easily jump over the fence. So I suggest to add a warning about the use of phpmyadmin to this article and that SSL is a requirement and that phpmyadmin is setup only in the SSL-section of the web server configuration. That is the least, you should do. Regards Thomas PS: In case someone got me wrong: there is nothing wrong
13 with phpmyadmin itself from my point of view. It is just generally not a good idea to turn powerful administrational tools to the outside world. They are then accessible and attackable 365x24 while you might use them only for a couple of hours in the year, if at all, when the server does it job for years. So they are much more a service for hackers than they are for the administrator of the servers. jezpeters 12 months "Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser." This is the only sticky point in this otherwise great tutorial. How do I know what directories are available? What would be the best one to use once I worked out how to list them? Maybe a suggested location would be an idea. tbailey months Hi, I recently wrote a pretty in depth guide for installing phpmyadmin in Ubuntu. Dunno if I can share it here or not but here goes. If you have any issues just send me a message. Mohd Rafie 12 months I seems to have a problem with restarting my Apache: Syntax error on line 8 of /etc/phpmyadmin/apache.conf: allow and deny must be followed by 'from' Action 'configtest' failed. What I add at the /etc/phpmyadmin/apache.conf is as follows... Options FollowSymLinks DirectoryIndex index.php Allow Override All [...] Any suggestions?
14 Kamal Nasser 12 Rafie: You should have "AllowOverride" instead of "Allow Override". Restart/reload Apache and it should be fixed. marcbruch 11 months HEy i get no access to phpmyadmin. Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache/ (Ubuntu) Server at Port 80 can you help me? i started this setup the second time after destroy Kamal Nasser 11 It means there is an error, check your logs - it's mostly a php error. tiago.pcodelico 11 months When I try to save a /etc/apache2/apache2.conf, this error display: Error writing /etc/apache2/apache2.conf: No such file or directory How can I fix it?
15 Kamal Nasser 11 Did you run nano as root (via sudo)? rezabyte 11 months While installing phpmyadmin at the step "Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common" I choose no mistakenly. How to recover this error now? thanks! Kamal Nasser 11 you can reconfigure phpmyadmin by running the following command: sudo dpkg-reconfigure phpmyadmin rajeev months Syntax error on line 9 of /etc/phpmyadmin/apache.conf: Invalid command '[...]', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information....fail! Kamal Nasser 10 months
16 @rajeev1204 don't just blindly copy-paste the instructions, it's not what you should do. The section clearly states "Under the directory section, add the line AllowOverride All under Directory Index, making the section look like this:". The [...] shouldn't be there, you have to only add AllowOverride All under DirectoryIndex. Nothing else. rajeev months Thanks for replying so fast Kamal, iam almost done configuring everything, just have to add ns records now. Still learning though. So basically [...] just means continuation of the file? Kamal Nasser 10 months Yes rajeev1204, that is correct. duffleboi months after going through the settings, when I visit ipaddress/phpmyadmin it will download a file and not the phpmyadmin page. How can I go about this? Kamal Nasser 10 Try installing libapache2-mod-php and restarting Apache. Does that fix it?
17 catweasled 10 months Hello,...after doing this security update, descriped on the top, apach2 is asking me for a Password on every virtual site. Even if there is no.htpasswd. If apache2 hits any.htaccess file it generates a Passwort dialog. I dont no how to stop it. Please help! Kamal Nasser 10 The "Configure the.htaccess file" step sets up HTTP authentication, revert the changes you made there and it should stop asking for a username/password. catweasled 10 months...thanks, I think I fixed it. :-) I've put one of this.htaccess file in my piwik main folder and then every tracking code calls this.htaccess file. This results in an username/password dialog. Marcelo de Queiroz 10 months Dear Sirs I m trying to set up the user authorization within.htaccess file, but I can t type quotes ou make copy/paste in the console VNC connection This happens in MacBook and Windows desktop How can I do it? Thanks
18 Kamal Nasser 10 The web console is meant for emergency out-of-band access. You should log in to your droplet via SSH: Marcelo de Queiroz 10 months Thanks Kamal! liquidblasted 10 months Hi I followed this tutorial and all was fine, but since a couple of days I can't enter in phpmyadmin - I pass.htaccess with login & password, I see phpmyadmin's login window, I enter login and password - but after that I get a link like: token=blablabla(lotoflettersandnumbers) and an error: This webpage is not available Error 102 (net::err_connection_refused): The server refused the connection. All configs was unchanged and still the same as in tutorial, and I can't access from different machines from different providers. Can anyone suggest any ideas why it is so? liquidblasted 10 months I figured it out - it was because of Varnish installing.
19 baslon 10 months Guys, Fantastic resource! One of the clearest explanations I have found that can we understood by a novice like me. Thanks! geekmau5 10 months I've completely installed phpmyadmin on Ubuntu, but it gives me the error: "We were able to connect to the database server (which means your username and password is okay) but not able to select the wordpress database.[...]" How can I fix it? geekmau5 10 months In the prev post I was talking about Wordpress, sorry. My problem is phpmyadmin. He give mi the error: "You don't have any permission" but I want to create tables. How can I do? Kamal Nasser 10 does your user have proper permissions to access the wordpress database? Did you follow an article on installing wordpress? If so, please link it in your comment. stephensnote 9 months
20 If I use the pushbutton "cancel" enough times the htaccess page still lets the unauthorized user view the phpmyadmin page. Any suggestion as to what I might have missed? Kamal Nasser 9 It might be cached, try clearing your cache and browsing to phpmyadmin again, or try another browser. cheeho_97 9 months I had follow the step but when i want to create the htpasswd file. I pops out "htpasswd: cannot create file /path/to/passwords/.htpasswd" Kamal Nasser 9 Please see Etel's comment above (Posted December 26th, :43). cheeho_97 9 months Thanks! I never knew that it is that easy! Thanks Kamal! Kamal Nasser 9 months
21 Awesome :] felix.johnson 9 months the username, should it be replaced with the name I want it to be? Kamal Nasser 9 months Yes felix.johnson 9 months how do I know the path to my password? Kamal Nasser 9 months Please see Etel's comment above (Posted December 26th, :43). felix.johnson 9 months should I just specify a path?
22 felix.johnson 9 months just like that? felix.johnson 9 months shouldn`t it be a path that exist? Kamal Nasser 9 months No, specify a path that exists. For example, /var/www/.htpasswd felix.johnson 9 months thnx, but how do I see the paths that actually exist? felix.johnson 9 months or should I just put in the path u wrote there :)
23 felix.johnson 9 months thnx, now it worked felix.johnson 9 months nice tut emilio_b months Sorry, I do not understand were to place this line: Include /etc/phpmyadmin/apache.conf I have the server working, but I can not access to Cpanel (it ask for username and password) and I can not access to phpmyadmin Kamal Nasser 8 Do you have cpanel installed on your droplet? emilio_b months Yes Kamal, I have Cpanel installed.
24 Kamal Nasser 8 You shouldn't follow this article if you're using cpanel. It simply won't work -- neither will any of the other articles. Plus, this article for Ubuntu. cpanel does not support Ubuntu so I assume you're on CentOS, so this article won't work. cpanel already installs phpmyadmin for you, why not use that? phellipe.andrade 8 months I had follow the step but when i want to create the htpasswd file. I pops out "htpasswd: cannot create file /path/to/passwords/.htpasswd" How can I solve that? Kamal Nasser 8 Replace /path/to/passwords with a path that actually exists, e.g. /var/www zincster05 8 months Awesome!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! THanks
25 rohimkudus 8 months wow great... work perfect Giri 8 months Hello Digitalocean, Change "/path/to/passwords" font color to red. Kamal Nasser 8 Done. :] billmarel 8 months During my effort to install phpmyadmin, the only question asked was about disk space usage. I got these errors: Err precise-updates/main php5-gd amd ubuntu Not Found [IP: ] Get:4 precise/universe phpmyadmin all 4: [5,343 kb] Err precisesecurity/main php5-gd amd ubuntu Not Found [IP: ] Fetched 6,161 kb in 2s (2,743 kb/s) Failed to fetch Not Found [IP: ] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? How should I proceed from here?
26 Kamal Nasser 8 Read the error -- what does it say? Misha Vinokur 8 months Hi everyone I seem to be getting this error during the install process Access denied for user (using?? password: YES) Kamal Nasser 8 Are you entering the correct password for root when it prompts you for it? 8 months Etel, Are you a user of DO or Staff? gurkanskaya 7 You could try an other mirror, like Run the next command to replace all occurrences of with sudo sed -i /etc/apt/sources.list Next, proceed with an update: sudo apt-get update
27 Followed by an upgrade or install: sudo apt-get upgrade sudo apt-get install [package-name] I did try and now working tusharthakur123 7 months I can get what to replace in this command: sudo htpasswd -c /path/to/passwords/.htpasswd username red part? Barry Briggs 7 months Got this almost working but after logging into the Apache security dialogue I was seeing phpmyadmin throw 500 errors. After a bit of Googling it seems you have to grant the web service user permissions to view the new.htaccess file and the whole web user folder. Running these 2 commands fixed that for me: sudo chmod -R 755 /usr/share/phpmyadmin/.htaccess sudo chmod -R 755 /home/username Kamal Nasser 7 Yes, replace it with the username you want to login as. benmaffin 7 months Awesome - thanks for the article.
28 jhay 7 months I'm stuck on the step that says: "add phpmyadmin to the apache configuration" What exactly do I put into the conf file? Also, when i ran the sudo apt-get install phpmyadmin, it did not take me through the installation process step by step where I could setup the username and password, enter the SQL password, it just installed phpmyadmin which I could navigate to just fine. But I can't login because I don't know what user name and password to provide. Kamal Nasser 7 I'm stuck on the step that says: "add phpmyadmin to the apache configuration" What exactly do I put into the conf file? The 3 commands that follow that sentence walk you through adding phpmyadmin to the apache config. Also, when i ran the sudo apt-get install phpmyadmin, it did not take me through the installation process step by step where I could setup the username and password, enter the SQL password, it just installed phpmyadmin which I could navigate to just fine. But I can't login because I don't know what user name and password to provide. Did you install it on a fresh new droplet or did you have mysql installed previously? mythemesdepot 7 months I'm heaving the same problem as jhay i've installed phpmyadmin but it's not taking me to any setup process on fresh droplet, what do i do now? pablovv months
29 Im having this issue: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request., can anyone please, help, but I dont need an answer like this one from rafa.alcantara : THAT WAS THE PROBLEM. I used a relative path to my home from.htaccess, so I fix this " -> what the $%# did you fix?? ", clear cache browser and EVERYTHING WAS RIGHT. barakakinyori 6 months I have got the following error while restarting apache2 to access phpmyadmin interface [warn] NameVirtualHost *:80 has no VirtualHosts And the VirtualHosts I have changed to := ServerAdmin ServerName baraka.com:443 Can you help me solve this problem please eirik.rm 6 months If anybody has problem with the htpasswd, it might not be installed: apt-get install apache2-utils For more information about the htpasswd: cmsllince 6 months Thanks..it was helpful. Configure the.htaccess file: AuthUserFile /path/to/passwords needs to be: AuthUserFile /path/to/passwords/.htpasswd Create the htpasswd file: sudo htpasswd -c /path/to/passwords/.htpasswd username billing 6 months
30 I configured PHP as instructed above. I change the "/path/to/passwords/" the directory that I wanted it to be in. However, if I try to access ip/phpmyadmin and log in, I get the following error??? ======================== Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. =================== Any ideas? Kamal Nasser 6 Please pastebin /usr/share/phpmyadmin/.htaccess's contents. jodytunnicliff 6 months Worked Great. Thank You!! m4rk89 6 months Great tutorial. I haven't read all the comments (there are many and I stopped reading half-way), but just in case nobody mentions it and because it is not mentioned in the tutorial: When you are going to create the htpasswd file, make sure to manually create the folders in case they don't exist already. For example, if you are going to do "sudo htpasswd -c /var/passwords/.htpasswd username", you will first have to create the folder "passwords" in the "var" directory. And since you need superuser privileges to create a folder in this case, open a console and type "sudo nautilus". This will allow you to navigate the file system with superuser credentials. Thank you for the great content!
31 Dan Bohea 5 months Where the article reads: AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/passwords/.htpasswd Require valid-user "/path/to/passwords/.htpasswd" should be formatted in red. The guide says to just paste this whole chunk of text into nano without indicating that you need to customise a line. Kamal Nasser 5 Thanks, fixed :] admin 5 months Then, configure fail2ban to enable apache jail to prevent from Bruteforcing the apache authentication. [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 3 ignaciosala 5 months This tutorial is great!!! My only concern is security. Is it possible to move the location of "host/phpmyadmin" to somthing like "host/test/phpmyadmin". Any suggestions or ideas? Thanks Kamal Nasser 5 months
32 @ignaciosala: You can rename "/phpmyadmin" to something else by editing the Alias directive in /etc/apache2/conf.d/phpmyadmin.conf. Renée Sharelle 5 months I want to move phpmyadmin to a subdomain (using virtual hosts) like mysql.mydomain.com. Is this possible? How would I go about it? irfantony 4 months Hi, After done with Set Up the.htaccess File, I have a new username and a password but I can't login to phpmyadmin unless I use root and MySQL's password. I did try several times to sudo htpasswd -c /path/to/passwords/.htpasswd username with a new password but still can't login with "username" and "password" Is it vulnerable if I use "root" to login? wewingames223 4 months I had the same problem, however I figured out that I had no read/write permissions in the original directory for the.htpasswd file, and I changed /path/to/passwords/ to another directory to where I had all permissions on the file. smanish330 4 months
33 typing "Include /etc/phpmyadmin/apache.conf" after completion the phpmyadmin installation it shows -bash: Include: command not found. why this is happened Kamal Nasser 4 That's not a command. You need to add it to /etc/apache2/apache2.conf. SaM months The permissions for that.htaccess file should be 755 if you're having trouble like error 500 "Could not open password file: /etc/apache2/~/.htpasswd That's what worked for me, hope this helps someone, the tutorial could be better themeanspolo 4 months How do I disallow access to phpmyadmin via plain http? Kamal Nasser 4 Edit /usr/share/phpmyadmin/.htaccess and add this in:
34 mageofit 3 months I've had an error "htpasswd command not found". I fixed it by installing the apache2-utils package like so: sudo apt-get install apache2-utils P.S. Thank you very much for great tutorials. It helps a lot mkzia056 3 months hello, i am facing the problem in creating.htpasswd file. showing error internal server error 500. help me out. thanks. kashif zia Kamal Nasser 3 Check apache's error logs: tail /var/log/apache2/error.log What do you see? maztertech 3 months Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: dbconfig-common fontconfig-config libfontconfig1 libgd2-xpm libjpeg-turbo8 libjpeg8 libt1-5 libxpm4 php5-gd ttf-dejavu-core Suggested packages: libgd-tools The following NEW packages will be installed: dbconfig-common fontconfig-config libfontconfig1 libgd2- xpm libjpeg-turbo8 libjpeg8 libt1-5 libxpm4 php5-gd phpmyadmin ttfdejavu-core 0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded. Need to get 155 kb/8,065 kb of archives. After this operation, 22.6 MB of additional disk space will be used. Do you want
35 to continue [Y/n]? y Err preciseupdates/main libjpeg-turbo8 i svn733-0ubuntu Not Found [IP: ] Err precise-updates/main php5-gd i ubuntu Not Found [IP: ] Err precisesecurity/main php5-gd i ubuntu Not Found [IP: ] Failed to fetch bjpegturbo8_ svn733-0ubuntu4.1_i386.deb 404 Not Found [IP: ] Failed to fetch 0-1ubuntu3.6_i386.deb 404 Not Found [IP: ] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-mis Kamal Nasser 3 Read the error: E: Unable to fetch some archives, maybe run apt-get update or try with --fix-mis luanpersini 3 months Hello, just some hints about a few things: Let everyone know that the shall exist to install phpmyadmin. I got an error cause i changed that following a tutorial to secure Mysql databases, so i had to unistal phpmyadmin and change the login back to root to keep going. This step is not clear enought, had me to look over a lot of comments: Add the phpmyadmin config to the file. Include /etc/phpmyadmin/apache.conf Could be writen like: Add the phpmyadmin by including the folowing line in the apache2.conf Include /etc/phpmyadmin/apache.conf Also, you could make a list of comands to remove/reconfigure phpmyadmin + the sudo apt-get update so we dont need to search trought all those coments. And Kamal, not everyone is an expert on linux and english is not the main language of many people, so writting things like: Read the error -- what does it say?) wont help.
36 geofurtado 3 months Thanks much... this works great. vinicius 3 months nice, thanks a lot! ollie 3 months Brilliant article, thanks! I was getting a 404 on myhost.com/phpmyadmin then I realised I edited 'apach2' not 'apache2'. The empty file should have been a give away - doh! Derek McKercher 3 months Hi, When I am going to create the htpasswd file using this command: sudo htpasswd -c /var/www/.htpasswd root it's giving me this error: sudo: htpasswd: command not found any help regarding this? Kamal Nasser 3 Run sudo apt-get install apache2-utils
37 dreamerhyde 2 months If you guys have "internal server error" or "Internal Server Error 500" Probably because you have closed some necessary modules cause these problems. Try to use this command to open necessary modules: a2enmod auth_basic authn_file authz_user w38g0ru 2 months How to make sub domain for phpmyadmin directory? (e.g. phpmyadmin.example.tld instead of example.tld/phpmyadmin) dehawkinz about 1 month OK, this might seem like a odd question I am installing phpmyadmin onto a local computer to act as a front-end to manage a mysql database, it will not be accessible to anyone other than my family. Do I still need to go through the "Security" steps? My sentiment is, it is working, why risk breaking it if I don't need to add extra options, and there seem to have been a lot of problems with the security section judging by the comments :) massimobrazil about 1 month You guys are RockStars, SHOULD Change your name to 'Rockstars'
38 massimobrazil about 1 month The instructions here are almost Bullet-Proof. Thank you so very much for taking so much care in writing such Fantastic Technical Documents- I am not new to writing Technical Documents nor in Criticizing them- All your documentations are % Perfect. You have done a meticulous job and it shows, I can not thank you enough. germanab7 about 1 month Kamal: I can't find any articles or tutorials like before. I'm having trouble finding articles or questions, These are two diffrentes things, maybe I'm wrong. digitalocean is awsome but dont understnd why change so much Tks Kamal Nasser about 1 Thanks for the feedback. The new community site is still in beta, but we're working hard on ironing out any bugs we encounter and are considering every bit of feedback provided by the community -- after all, it's built FOR the community. :] Search should be fixed soon. kaxley0618 about 1 month I'm having an issue that when I get to creating the htpasswd (the step before the apache restart) that says: htpasswd: cannot create file /path/to/passwords/.htpasswd. I'll go through the tutorial again and see if this still comes up.
39 kenpachi about 1 month I am having an issue with "sudo htpasswd -c /path/to/passwords/.htpasswd username" it said "cannot create file /path/to/passwords/.htpasswd" any clear idea on the solution? Thanks jmcornejo00 28 days In case I needed to, how would I reset the htpasswd? Kamal Nasser 27 Simply run the htpasswd command again. You might want to clear the file beforehand. Kamal Nasser 27 You have to replace /path/to/passwords with a path that actually exists, such as /etc/apache2/passwords (you can create that directory by running mkdir /etc/apache2/passwords). tenjinspen 4 days After executing this step "sudo htpasswd -c /path/to/passwords/.htpasswd username I got the following error:
40 "htpasswd: cannot create file /path/to/passwords/.htpasswd Any idea how to resolve this? Andrew SB 4 In the command you need to replace the that part that says "/path/to/passwords/" with an actual location on your file system. You could do something like: sudo mkdir /etc/apache2/passwords sudo htpasswd -c /etc/apache2/passwords/.htpasswd username narobycaronte about 3 hours Hey people, I have a question here... I installed Apache and MariaDB instead of MySQL The thing is that I can't install phpmyadmin it says package not found but when I tried Apache and MySQL it worked fine. I also noticed that apt-cache search php5- had way much less options than with MySQL Any reason why that happened narobycaronte about 2 hours I tried to install Apache and MariaDB and when I tried to install phpmyadmin it says it can't find the package During the installation I noticed that it couldn't install php5-mcrypt 'cause it couldn't find the package, the php5- cache with MariaDB had way much less option than with MySQL and it can't find that phpmyadmin package? Does anyone know why?