Install and Secure PhpMyAdmin on CentOS 7/6 or Red Hat

By Posted on

Install and Secure PhpMyAdmin on CentOS 7/6 or Red Hat

Install PhpMyAdmin on CentOS 7/6 or Red Hat RHEL

Introduction

Many users need a database management system like MySQL but may not be comfortable using only the MySQL command-line client. PhpMyAdmin provides a web interface for interacting with MySQL. This guide will cover installing and securing PhpMyAdmin on a CentOS system, allowing you to manage your databases safely. The focus is on a secure installation of Install and Secure PhpMyAdmin on CentOS 7/6 or Red Hat.

Basic requirements

Before you begin, ensure you have the following:

  • A CentOS 7/6 or Red Hat Enterprise Linux (RHEL) server.
  • A LAMP (Linux, Apache, MySQL, PHP) stack is installed and configured.
  • Root or sudo privileges on the server.
  • A domain name configured with an SSL/TLS certificate for secure access (recommended). If you don’t have one, follow a guide like securing Apache with Let’s Encrypt on Ubuntu. It is very important to consider security when dealing with Install and Secure PhpMyAdmin on CentOS 7/6 or Red Hat.

Finally, be aware of the essential security considerations when using software like PhpMyAdmin:

  • It is a web interface to your database, exposing it to potential vulnerabilities.
  • Default configurations can be insecure.
  • It’s a popular target for attackers.

For these reasons, and because PhpMyAdmin is a widely deployed PHP application routinely targeted for attack, never run it on remote computers through a plain HTTP connection. If you don’t already have a domain established with an SSL/TLS certificate, secure Apache with Let’s Encrypt on Ubuntu.

Once you’ve completed these steps, you’re prepared to start this guide for Install and Secure PhpMyAdmin on CentOS 7/6 or Red Hat.

Step 1: PhpMyAdmin Installation

First, install PhpMyAdmin from the distro’s default repository.

$ sudo yum install epel-release

This command enables the Extra Packages for Enterprise Linux (EPEL) repository, which contains PhpMyAdmin.

$ sudo yum install phpmyadmin

The installation procedure places the phpMyAdmin Apache configuration file in the /etc/httpd/conf.d/ directory, where it is immediately read.

Restart Apache:

$ sudo systemctl restart httpd.service

With that, your phpMyAdmin installation is complete. In your web browser, navigate to your server’s domain name or public IP address followed by /phpMyAdmin:

http://server_IP/phpMyAdmin

Log in to the interface as root or using another username and password.

Step 2: Secure your phpMyAdmin Instance

At this point, the phpMyAdmin instance installed on your server should be fully functional. However, you’ve exposed your MySQL system to the outside world by adding a web interface.

Changing the Application’s Access URL

$ sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

Toward the top of the file, you will see two lines that look like this:

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

These two lines are your aliases, meaning that whenever you access your site’s domain name or IP address, followed by either /phpMyAdmin or /phpmyadmin, you will be sent the content at /usr/share/phpMyAdmin.

To apply the desired modifications, delete or comment out the existing lines and replace them with your own:

# Alias /phpMyAdmin /usr/share/phpMyAdmin
# Alias /phpmyadmin /usr/share/phpMyAdmin
Alias <mark>/secretpage</mark> /usr/share/phpMyAdmin

To implement the changes, restart the web service:

$ sudo systemctl restart httpd.service

If you go back to the former location of your phpMyAdmin installation, you will get the 404 error.

Your phpMyAdmin interface, on the other hand, will be available at the new site we chose:

http://server_IP/secretpage

Setting up an Authentication to the Web Server :

The next feature we want for our installation was an authentication prompt that a user would have to pass before they could access the phpMyAdmin login screen.

Open your config file and add AllowOverride All in <Directory /usr/share/phpmyadmin>

CentOS: /etc/httpd/conf.d/phpMyAdmin.conf

<Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php
    AllowOverride All
    . . .

And Restart Apache

Now that you’ve enabled the use of .htaccess files for your application, you’ll need to make one to create security rules in place.

Create the file in PhpMyAdmin folder:

$ sudo nano /usr/share/phpmyadmin/.htaccess

Add the following lines:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Save and close the file when you’re finished.

You chose /etc/phpmyadmin/.htpasswd as the location for your password file. You can now use the htpasswd software to create this file and assign it an initial user:

$ sudo htpasswd -c /etc/phpmyadmin/.htpasswd username

then enter and confirm a password for the user you are creating.

If you wish to add another user, use the following syntax without the -c flag:

$ sudo htpasswd /etc/phpmyadmin/.htpasswd newuser

Then restart Apache to enable .htaccess authentication.

When you enter your phpMyAdmin subdirectory, you will be prompted for the newly established account name and password:

http://server_IP/secretpage

Conclusion

PhpMyAdmin should now be installed and ready to use on your server. You may use this interface to create databases, users, and tables, as well as execute standard operations such as deleting and altering structures and data. The steps outlined above ensure a secure Install and Secure PhpMyAdmin on CentOS 7/6 or Red Hat.

Alternative Solutions for Securing PhpMyAdmin

While the above method provides a basic level of security, there are alternative approaches that can enhance the security of your PhpMyAdmin installation further. Here are two alternatives:

1. Using Firewall Rules to Restrict Access

Instead of relying solely on Apache configurations and .htaccess files, you can use the server’s firewall to restrict access to PhpMyAdmin to specific IP addresses or networks. This adds an extra layer of security by limiting the exposure of PhpMyAdmin to only authorized users.

Explanation:

A firewall acts as a barrier between your server and the outside world. By configuring firewall rules, you can specify which IP addresses are allowed to access PhpMyAdmin. This is particularly useful if you only need to access PhpMyAdmin from a specific location, such as your office network.

Implementation using firewalld (CentOS 7/RHEL 7 and later):

  1. Identify allowed IP addresses: Determine the IP addresses or networks that should have access to PhpMyAdmin.

  2. Create a firewall rule: Use the firewall-cmd command to create a rule that allows access to the Apache port (usually 80 and 443) from the specified IP addresses. Assuming secretpage is being served over port 443 (HTTPS), the following command allows access from a single IP address 192.168.1.100:

    sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port port="443" protocol="tcp" accept'

    To allow access from an entire network (e.g., 192.168.1.0/24):

    sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="443" protocol="tcp" accept'

  3. Remove default access: Remove the default public access to ports 80 and 443 if they are open. This will ensure that only the specified IP addresses can access PhpMyAdmin through the firewall. (Be careful, this might impact other sites)

  4. Reload the firewall: Apply the changes by reloading the firewall.

    sudo firewall-cmd --reload

  5. Verify the rules: Check if the rules are correctly configured.

    sudo firewall-cmd --list-all

Benefits:

  • Stronger security by limiting access to authorized sources.
  • Reduced attack surface by blocking unauthorized access attempts.
  • Centralized firewall management for consistent security policies.

2. Using a VPN for Secure Access

Another approach is to use a Virtual Private Network (VPN) to create a secure tunnel between your computer and the server. This encrypts all traffic between your device and the server, protecting your PhpMyAdmin login credentials and data from eavesdropping.

Explanation:

A VPN creates an encrypted connection between your device and a VPN server. All traffic passing through this connection is protected from interception. By connecting to a VPN server located on the same network as your CentOS server, you can securely access PhpMyAdmin without exposing it to the public internet.

Implementation:

  1. Set up a VPN server: Choose a VPN server software such as OpenVPN, WireGuard, or Pritunl and install it on your CentOS server or another server on the same network.

  2. Configure VPN clients: Install a VPN client on your computer or device and configure it to connect to the VPN server.

  3. Access PhpMyAdmin through the VPN: Once the VPN connection is established, you can access PhpMyAdmin using the server’s internal IP address or hostname. Since all traffic is encrypted and tunneled, your PhpMyAdmin access is now secure.

Example using OpenVPN (simplified):

  • Install OpenVPN on your server (consult the OpenVPN documentation for detailed instructions).

  • Generate client configuration files for each user.

  • Install the OpenVPN client on the user’s machine and import the configuration file.

Now, when the user connects to the OpenVPN server, they can access PhpMyAdmin using the server’s internal IP address, for example http://192.168.1.10/secretpage or https://192.168.1.10/secretpage.

Benefits:

  • Strong encryption of all traffic between your device and the server.
  • Protection from eavesdropping and man-in-the-middle attacks.
  • Secure access to PhpMyAdmin from any location.

These alternative solutions, combined with the steps outlined in the original article, can significantly enhance the security of your PhpMyAdmin installation and protect your database from unauthorized access. Remember to choose the solution that best fits your specific needs and security requirements.

Related posts: