PhpMyAdmin is a php web application which let us manage a MariaDB/MySQL database from an intuitive graphical interface. The application is not provided in the RHEL 8 / CentOS 8 official repositories, and is usually installed from third party sources like EPEL. Epel-8 is, however, not yet available, so in this tutorial we will see how to fetch the upstream phpMyAdmin code and install it on our system “manually”.
In this tutorial you will learn:
- How to download and install phpMyAdmin from source
- How to verify the downloaded archive
- How to access the phpMyAdmin configuration wizard
Software Requirements and Conventions Used
Category | Requirements, Conventions or Software Version Used |
---|---|
System | RHEL 8 / CentOS 8 |
Software | A working Lamp stack. |
Other | Permission to run command with root privileges. |
Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Introducing phpmyadmin
PhpMyAdmin is a free and open source software developed in PHP under the GPL2
license. Its purpose it’s to allow managing one or more MariaDB/MySQL servers from a nice and intuitive web interface. The software allows us to perform the most common database operations and let us also run SQL instructions directly. In this tutorial I will assume the existence of an already configured and working LAMP
. If you want to know more about setting up such an environment, you can consult this our article on how to configure LAMP stack on RHEL 8 / CentOS 8 Linux system.
Installation
Many linux distributions have phpMyAdmin packaged in their repositories; Red Hat Enterprise Linux, however does not. The application, is usually installed from third party sources, like epel
. Since at the moment of writing the epel-8
repository is not yet available, we will see how to install phpMyadmin manually.
Downloading the archive
The first step is to download the archive containing the phpMyAdmin files from the phpMyAdmin downloads page. Here we can choose between the version of phpmyadmin packaged with all the available languages and the one which includes only English. We also have the chance to select our favorite archive format. We want to download also the .asc
file and the file containing the hash sum of the archive, to verify the package authenticity and integrity. In this tutorial we will use the english-only version, provided in the tar.xz
format.
When working from the command line interface, we can download the files by using curl
:
$ curl --remote-name-all \ https://files.phpmyadmin.net/phpMyAdmin/4.8.5/phpMyAdmin-4.8.5-english.tar.xz \ https://files.phpmyadmin.net/phpMyAdmin/4.8.5/phpMyAdmin-4.8.5-english.tar.xz.asc \ https://files.phpmyadmin.net/phpMyAdmin/4.8.5/phpMyAdmin-4.8.5-english.tar.xz.sha256
Archive verification
We now have all we need to verify our archive. The first thing we want to do is to verify its signature. It should match 3D06 A59E CE73 0EB7 1B51 1C17 CE75 2F17 8259 BD92
, which is the PGP
fingerprint of Isaac Bennetch, the phpMyAdmin release manager at this time. To verify the signature we first need to import its public key. We can download the key, together with the ones of other phpMyAdmin developers, from the phpMyAdmin server:
curl -O https://files.phpmyadmin.net/phpmyadmin.keyring
To import the key we run:
$ gpg --import phpmyadmin.keyring gpg: key 9C27B31342B7511D: public key "Michal Čihař <michal@cihar.com>" imported gpg: key FEFC65D181AF644A: public key "Marc Delisle <marc@infomarc.info>" imported gpg: key CE752F178259BD92: public key "Isaac Bennetch <bennetch@gmail.com>" imported gpg: key DA68AB39218AB947: public key "phpMyAdmin Security Team <security@phpmyadmin.net>" imported gpg: Total number processed: 4 gpg: imported: 4 </security@phpmyadmin.net></bennetch@gmail.com></marc@infomarc.info></michal@cihar.com>
Finally, to verify the package signature we run:
$ gpg --verify phpMyAdmin-4.8.5-english.tar.xz.asc gpg: assuming signed data in 'phpMyAdmin-4.8.5-english.tar.xz' gpg: Signature made Fri 25 Jan 2019 10:07:15 PM EST gpg: using RSA key 3D06A59ECE730EB71B511C17CE752F178259BD92 gpg: Good signature from "Isaac Bennetch <bennetch@gmail.com>" [unknown] gpg: aka "Isaac Bennetch <isaac@bennetch.org>" [unknown] gpg: gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3D06 A59E CE73 0EB7 1B51 1C17 CE75 2F17 8259 BD92 </isaac@bennetch.org></bennetch@gmail.com>
As you can see, the signature is reported as good, however gpg still complains because there is no way to verify that the signature belongs to the owner. In cases like this we can rely on the web of trust, said in brief, on the fact that the key has been signed by other gpg users we trust. As reported in the phpMyAdmin documentation, for example, we can see the path from the Linus Torvalds key to the key of Isaac Bennetch on this this page. Once we verified that the signature is good, we can also check that the hash sum of the archive is the same of the one reported in the file we downloaded:
$ sha256sum -c phpMyAdmin-4.8.5-english.tar.xz.sha256 phpMyAdmin-4.8.5-english.tar.xz: OK
Archive extraction
The next step is to extract the content of the archive. Where to extract it is our choice: the fastest way to have phpMyAdmin up and running is to extract the content of the archive in our web server document root, which in this case, is /var/www/html
.
Alternatively we may want to place the files into another directory on our local filesystem, like, for example, /usr/share
, which is the one used when phpMyAdmin is installed via a package (for this reason, be careful if using this directory, since if you decide to install the phpMyAdmin rpm when available, this could mess things up). In this case we should also add a new virtualhost configuration file into /etc/httpd/conf.d. Here is the content of the one usually provided:
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin <Directory /usr/share/phpMyAdmin/> AddDefaultCharset UTF-8 <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require ip 127.0.0.1 Require ip ::1 </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> <Directory /usr/share/phpMyAdmin/setup/> <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require ip 127.0.0.1 Require ip ::1 </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> # These directories do not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries/> Order Deny,Allow Deny from All Allow from None </Directory> <Directory /usr/share/phpMyAdmin/setup/lib/> Order Deny,Allow Deny from All Allow from None </Directory> <Directory /usr/share/phpMyAdmin/setup/frames/> Order Deny,Allow Deny from All Allow from None </Directory>
We can adapt the configuration above to suit our needs, and we should change the paths to the ones we plan to use on our system. One very important thing to notice is the Alias
directive: this is what makes possible to store documents in the local filesystem other than under the DocumentRoot. In this case, for example, accessing http://<ServerName-or-ip>/phpMyAdmin
, will actually access the files placed in /usr/share/phpMyAdmin
. The other directives just apply security measures. For example the Require ip 127.0.0.1
or Require ip ::1
ones are used to allow access only from localhost.
In this tutorial, for the sake of simplicity we will install phpMyAdmin in the web server document root. First we unpack the content of the archive:
$ sudo tar -C /var/www/html -xvpJf phpMyAdmin-4.8.5-english.tar.xz
Then we rename the destination directory from phpMyAdmin-4.8.5-english to simply “phpmyadmin”:
$ sudo mv /var/www/html/phpMyAdmin-4.8.5-english /var/www/html/phpmyadmin
At this point it should be already possible to reach phpMyAdmin by navigating to “http://localhost/phpmyadmin” from the same machine we installed phpMyAdmin on, or by using its complete id or a virtual host server name (eg: http://192.168.122.50/phpmyadmin), if accessing from another machine and the configuration allows that:
PhpMyAdmin configuration
Before we start to use phpMyAdmin, we should configure it. In recent versions of the software it is possible to run a wizard that will guide us in the procedure and will generate a configuration file. In case we have an already existent configuration, we can simply copy our config.inc.php
file in the root of phpmyadmin. PhpMyAdmin also provides a configuration example we can read to have an idea of the available options in the config.sample.inc.php
file. If configuring the file manually, remember to set the cfg['blowfish_secret']
. You should provide a random generated passphrase that should be at least 32 characters long: it will be used internally by the AES algorithm to encrypt the login password saved in cookies when using the “cookie” auth type.
For a more in-depth knowledge of the available options and their meaning, we can also read the phpMyAdmin documentation (conveniently, in the setup wizard interface, each option has a link to its dedicated section in the docs, which is accessible by clicking on the related blue “info” button.
To launch the setup wizard, we navigate to http://localhost/phpmyadmin/setup
:
To configure the main server just click on the “new server” button; to add other servers just repeat the procedure (you will have the chance to select the server when logging in). To modify other global settings just use the options on the left bar. Go ahead and setup phpMyAdmin as you desire. Once you finish, click on the “download” button on the main page, and download the generated file: it must be copied manually in the root of the phpMyAdmin directory.
Now that phpMyAdmin is installed and configured, all we have to do to use it, is to go to the main page and login with the right credentials!
Conclusions
PhpMyAdmin is not provided in the default Red Hat Enterprise Linux 8 repositories, and since epel is not yet ready at the time of writing, we saw how can we install the web application “from source”, in few easy steps. Please be aware that if not configured correctly phpMyAdmin represents a security weakness. Always use ssl, and be sure you know what you are doing if installing it on a production machine.