How To Install and Secure phpMyAdmin on AlmaLinux 9

phpMyAdmin is a free and open-source web-based database management tool written in PHP. It provides a convenient interface for managing MySQL or MariaDB databases. This guide will walk you through the steps to install and secure phpMyAdmin on AlmaLinux 9.

Prerequisites

• A server running AlmaLinux 9.
• A user with sudo privileges.
• LAMP stack (Linux, Apache, MySQL/MariaDB, PHP) installed and configured.

Step 1: Update Your System

Before starting, ensure your system is up-to-date:

sudo dnf update -y
sudo dnf upgrade -y

Step 2: Install EPEL Repository

phpMyAdmin is not available in the default AlmaLinux repositories. Therefore, you need to install the EPEL (Extra Packages for Enterprise Linux) repository:

sudo dnf install epel-release -y

Step 3: Install phpMyAdmin

Once the EPEL repository is enabled, you can install phpMyAdmin using the following command:

sudo dnf install phpmyadmin -y

Step 4: Configure Apache for phpMyAdmin

By default, the phpMyAdmin configuration file is located in /etc/httpd/conf.d/phpMyAdmin.conf. Open this file to configure Apache:

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Within this file, you'll find the following directives restricting access to localhost:

<Directory /usr/share/phpMyAdmin/>
    AddDefaultCharset UTF-8
    <RequireAny>
        Require ip 127.0.0.1
        Require ip ::1
    </RequireAny>
</Directory>

If you want to access phpMyAdmin from a different IP address, add the IP address as follows:

<RequireAny>
    Require ip 127.0.0.1
    Require ip ::1
    Require ip your_server_ip
</RequireAny>

Save and close the file.

Step 5: Restart Apache

After configuring Apache, restart the service to apply the changes:

sudo systemctl restart httpd

Step 6: Secure phpMyAdmin

6.1 Configure Firewall

Ensure that your firewall allows HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

6.2 Secure phpMyAdmin Access with Apache Authentication

You can add an extra layer of security by setting up Apache authentication. First, create a password file using the htpasswd utility:

sudo dnf install httpd-tools -y
sudo htpasswd -c /etc/phpMyAdmin/.htpasswd your_username

Next, open the phpMyAdmin configuration file:

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Add the following lines within the <Directory /usr/share/phpMyAdmin/> directive:

<Directory /usr/share/phpMyAdmin/>
    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /etc/phpMyAdmin/.htpasswd
    Require valid-user
</Directory>

Save and close the file, then restart Apache:

sudo systemctl restart httpd

6.3 Enable HTTPS

It is highly recommended to access phpMyAdmin over HTTPS to encrypt the traffic between the server and clients. You can use Let’s Encrypt to obtain a free SSL certificate. First, install Certbot:

sudo dnf install certbot python3-certbot-apache -y

Then, obtain and install the certificate:

sudo certbot --apache

Follow the prompts to complete the installation.

Step 7: Access phpMyAdmin

You can now access phpMyAdmin by navigating to http://your_server_ip/phpmyadmin in your web browser. You will be prompted for the Apache authentication credentials followed by the phpMyAdmin login screen.

Conclusion

You've successfully installed and secured phpMyAdmin on AlmaLinux 9. You now have a powerful tool for managing your MySQL or MariaDB databases through a web interface. Remember to keep your server and software updated to maintain security.