To be able to administer a MySQL Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. Another option is to make use of MySQL Workbench. However, this isn’t the preferred solution, since this would require firewall rules to be defined to allow only certain remote connections to our database server. We can also make use of phpMyAdmin, allowing us access to the database server through a web interface.
Installing phpMyAdmin
To install phpMyAdmin, we execute the following command in a “root” shell.
apt-get install phpmyadmin
During the installation, we are prompted whether a web server should be configured and if the database should be configured making use of dbconfig-common
.
If we selected to configure apache2
, a virtual path /phpmyadmin
will be added to the primary web site.
Configuring phpMyAdmin
To configure phpMyAdmin, we will host it on a secure virtual host on Apache.
Virtual Host settings
The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert
and the private key in /etc/ssl/CA/private/sitename.key.nopass
. Authentication will also be required using a htpasswd
file in /etc/apache2/security/htpasswd.sitename
.
To create this htpasswd
file, we execute the following command in a “root” shell.
htpasswd -c /etc/apache2/security/htpasswd.sitename admin
We will then be prompted to enter a password for the user admin
, and using these credentials we will be able to access the phpMyAdmin web interface.
Virtual Host Configuration
<VirtualHost 192.168.100.14:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost 192.168.100.14:443> ServerName sitename ServerAdmin webmaster@domain SSLEngine On SSLCertificateFile /etc/ssl/CA/certs/sitename.cert SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass DocumentRoot /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ </IfModule> <IfModule mod_authn_file.c> AuthType Basic AuthName "MySQL Administration" AuthUserFile /etc/apache2/security/htpasswd.sitename </IfModule> Require valid-user </Directory> <Directory /usr/share/phpmyadmin/setup> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> ErrorLog ${APACHE_LOG_DIR}/sitename/error.log CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined </VirtualHost>
Enabling the Virtual Host
To enable the virtual host, we execute the following command in a “root” shell.
a2ensite sitename
To reload the configuration, we execute the following command in a “root” shell.
service apache2 reload