How to Install phpMyAdmin with Nginx (LEMP) on Ubuntu 18.04 LTS

This tutorial will be showing you how to install phpMyAdmin with Nginx, MariaDB and PHP7.2 (LEMP) on Ubuntu 18.04. phpMyAdmin is a free and open-source web-based database management tool written in PHP. It provides a graphical web interface for users to manage MySQL or MariaDB database. You will also learn how to enable two-factor authentication on phpMyAdmin.

Prerequisites

To follow this tutorial, you need to have an Ubuntu 18.04 OS running on your local computer or on a remote server. If you are looking for a VPS (Virtual Private Server), then you can click this special link to get $100 free credit on DigitalOcean. (For new users only). If you are already a DigitalOcean user, then you can click this special link to get $50 free credit on Vultr (for new users only).

It is assumed that you have already installed LEMP stack on Ubuntu 18.04. If not, please check out the following tutorial.

With that out of the way, let’s get started with installing phpMyAdmin.

Step 1: Download and Install phpMyAdmin

phpMyAdmin is included in Ubuntu 18.04 software repository, so we can easily install it with the following command.

sudo apt update
sudo apt install phpmyadmin

During the installation, it will prompt you to select a web server to configure. Nginx isn’t in the list, so press the Tab key and hit OK to skip this step.

install-phpmyadmin-ubuntu 18.04

Next, select Yes to create a new database and let dbconfig-common to configure it.

phpmyadmin nginx ubuntu 18.04

This will also create a new database user named phpmyadmin. Give this user a password.

phpmyadmin-password-lemp-ubuntu 18.04

Once done, a new database named phpmyadmin is created and the database user phpmyadmin has necessary privileges to manage this database. If you are curious as I am, you can log into MariaDB and check what privileges phpmyadmin user has been granted.

You can use the following command to log into MariaDB server.

sudo mysql -u root

Then check the privileges.

show grants for phpmyadmin@localhost;

Output:

phpmyadmin database configuration

As you can see, user phpmyadmin has all privileges on database phpmyadmin. Now you can exit by executing:

exit;

Step 2: Create Nginx Server Block

To be able to access the phpMyAdmin web interface, we need to create a Nginx server block by running the following command.

sudo nano /etc/nginx/conf.d/phpmyadmin.conf

We will configure it so that we can access phpMyAdmin via a sub-domain. Paste the following text into the file. Replace pma.example.com with your actual sub-domain and don’t forget to create an A record for it.

server {
  listen 80;
  listen [::]:80;
  server_name pma.example.com;
  root /usr/share/phpmyadmin/;
  index index.php index.html index.htm index.nginx-debian.html;

  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }

  location ~ /\.ht {
    deny all;
  }
}

Your phpMyAdmin files are in /usr/share/phpmyadmin/ directory. Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now you should be able to access phpMyAdmin web interface via

pma.example.com

phpmyadmin ubuntu 18.04

Note that phpMyAdmin will not work in recent versions of Firefox. You can use Google Chrome to visit phpMyAdmin web interface. Before entering user credentials in the login form, let’s enable HTTPS.

Step 3: Installing TLS Certificate

To secure the phpMyadmin web interface, we can install a free Let’s Encrypt TLS certificate. Install the Let’s Encrypt client from Ubuntu 18.04 software repository like below:

sudo apt install certbot python3-certbot-nginx

Python3-certbot-nginx is the Nginx plugin for Certbot. Now run the following command to obtain and install TLS certificate.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --must-staple -d pma.example.com --email your-email-address

Explanation:

  • –nginx: Use the Nginx authenticator and installer
  • –agree-tos: Agree to Let’s Encrypt terms of service
  • –redirect: Add 301 redirect.
  • –hsts: Add the Strict-Transport-Security header to every HTTP response.
  • –staple-ocsp: Enables OCSP Stapling.
  • –must-staple: Adds the OCSP Must Staple extension to the certificate.
  • -d flag is followed by a list of domain names, separated by comma. You can add up to 100 domain names.
  • –email: Email used for registration and recovery contact.

You will be asked if you want to receive emails from EFF(Electronic Frontier Foundation). After choosing Y or N, your TLS certificate will be automatically obtained and configured for you, which is indicated by the message below.

phpmyadmin https ubuntu 18.04

Test Your TLS Certificate

Go to ssllabs.com to test your TLS certificate and configuration. You should get A+ because HSTS is enabled.

secure phpmyadmin with https

Troubleshoot Login Error

If you login with MariaDB root account, you may see the following error.

 #1698 - Access denied for user 'root '@'localhost'

and

mysqli_real_connect(): (HY000/1698): Access denied for user 'root '@'localhost'

If you login with user phpmyadmin, you won’t see the above error. However, user phpmyadmin can only be used to administer the phpmyadmin database. The cause of the error is that by default MariDB root user is authenticated via the unix_socket plugin, instead of using the mysql_native_password plugin. To get around this issue, we can create another admin user and grant all privileges to the new admin user.

Log into MariaDB server from the command line.

sudo mariadb -u root

Create an admin user with password authentication.

create user admin@localhost identified by 'your-chosen-password';

Grant all privileges on all databases.

grant all privileges on *.* to admin@localhost with grant option;

Flush privileges and exit;

flush privileges;

exit;

Now you can log into phpMyAmin with the admin account and manage all databases.

Using a Different Port

Using a different port instead of default port 443 can be advantageous because you can close that port when you are not using phpMyAdmin to prevent hacking activity, or you can specify which IP addresses are allowed to access that port. It’s very simple to configure. Simply open the server block file.

sudo nano /etc/nginx/conf.d/phpmyadmin.conf

Find the following two lines:

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot

Change 443 to a different port, for example, 8443.

listen [::]:8443 ssl ipv6only=on; # managed by Certbot
listen 8443 ssl; # managed by Certbot

You can also add http2 to them like below to enable HTTP/2 protocol.

listen [::]:8443 ssl http2 ipv6only=on; # managed by Certbot
listen 8443 ssl http2; # managed by Certbot

Save and close the file. Then test Nginx configurations.

sudo nginx -t

If the test is successful, reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Now you can access phpMyAdmin via:

https://pma.example.com:8443

phpmyadmin nginx

Install Latest Stable Version of phpMyAdmin

Ubuntu 18.04 repository ships with PHP7.2 and phpMyAdmin 4.6.6. You can check your phpMyAdmin version in the browser title bar.

check phpMyAdmin version

However, PHP7.2 is supported by phpMyAdmin since version 4.7.4. When you use phpMyAdmin 4.6.6 with PHP7.2, you will see the following warning message.

parameter must be an array or an object that implements countable

parameter must be an array or an object that implements countable

To fix the compatibility problem, we can install phpMyAdmin 4.8, which is the latest stable version as of this writing. Download it by using wget.

wget https://files.phpmyadmin.net/phpMyAdmin/4.8.0.1/phpMyAdmin-4.8.0.1-all-languages.zip

Then extract it.

sudo apt install unzip

unzip phpMyAdmin-4.8.0.1-all-languages.zip

Back up original phpMyAdmin files.

sudo mv /usr/share/phpmyadmin /usr/share/phpmyadmin-original

Move phpMyadmin 4.8 to /usr/share/phpmyadmin/ directory.

sudo mv phpMyAdmin-4.8.0.1-all-languages /usr/share/phpmyadmin

Edit the vendor config file.

sudo nano /usr/share/phpmyadmin/libraries/vendor_config.php

Find the following line.

define('CONFIG_DIR', '');

Change it to

define('CONFIG_DIR', '/etc/phpmyadmin/');

Save and close the file. Then create the tmp folder to store cache files.

sudo mkdir /usr/share/phpmyadmin/tmp

Change user ownership and group ownership to www-data.

sudo chown www-data:www-data /usr/share/phpmyadmin/tmp

Now you can use phpMyAdmin 4.8 without reloading or restarting Nginx.

ubuntu 18.04 phpmyadmin 4.8

Enable Two-Factor Authentication

You can also harden phpMyAdmin by enabling two-factor authentication, which is a feature added in version 4.8. To enable it, log into phpMyAdmin. Then go to Settings -> Two-factor authentication and select Authentication application (2FA).

phpmyadmin two factor authentication

After clicking the Configure two-factor authentication button, you will be presented with a QR code, which you need to scan with a two-factor authentication app on your phone.

configure two factor authentication phpmyadmin

Google Authenticator is a popular 2FA app, but I recommend FreeOTP, which is an open-source 2FA app developed by Red Hat. Once you enter the authentication code generated by your 2FA app, two-factor authentication is enabled. If you now log out and log back in, you need to enter the authentication code in addition to username and password.

secure phpmyadmin

Certificate Auto Renewal

To automatically renew Let’s Encrypt certificate, simply edit root user’s crontab file.

sudo crontab -e

Then add the following line at the bottom.

@daily certbot renew --quiet && systemctl reload nginx

--quiet flag will suppress standard output. If you want to receive standard error, then add the following line at the beginning of crontab file.

MAILTO=your-email-address

Reloading Nginx is needed for it for present the new certificate to clients.

I hope this tutorial helped you install phpMyAdmin with Nginx on Ubuntu 18.04 LTS. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care.

Rate this tutorial
[Total: 7 Average: 5]

17 Responses to “How to Install phpMyAdmin with Nginx (LEMP) on Ubuntu 18.04 LTS

  • ed peterson
    5 years ago

    all good until

    pma.example.com

    This site can’t be reached

    192.168.1.24 refused to connect.

    it’s a firewall issue? I don’t know how the firewall can/should be set,

    I don’t understand what the problem is, any help would be appreciated.. thanks.

    • Xiao Guo-An (Admin)
      5 years ago

      If it’s a firewall issue, try

      sudo apt install ufw
      sudo ufw allow http
      sudo ufw allow https
      sudo ufw enable
    • Xiao Guo-An (Admin)
      5 years ago

      Note that if you are using Amazon EC2, or Google Cloud Platform, you need to set firewall rules in the web-based control panel.

  • Jiri Knotek
    5 years ago

    Is “sudo mv phpMyAdmin-4.8.0.1-all-languages /usr/share/phpmyadmin” correct?

    • Xiao Guo-An (Admin)
      5 years ago

      Yes, it is correct. The folder phpMyAdmin-4.8.0.1-all-languages will be moved to /usr/share/ and renamed to phpmyadmin

  • Jiří Knotek
    5 years ago

    Thank You for answer. I am linux beginner. I already understand.

  • CheffieCT
    5 years ago

    Excellent article for setting up phpmyadmin. I have followed this to the T and it is working 100%. I need this to work before re-install my nextcloud server at home. The only question I have is that… DO I REALLY have to install phpmyadmin as I dont really know how to use it? I have completed to the certbot part which it is all working.

    • Xiao Guo-An (Admin)
      5 years ago

      phpMyAdmin is for people who don’t want to manage MySQL/MariaDB database from command line. You can follow my NextCloud tutorial without using phpMyAdmin.

  • HenryTheTech
    5 years ago

    When I punch in the IP of my server It connects to NGINX and not phpmyadmin, if using https I get “The site cant be reached” and I am using Chrome.

    everything installed fine and sudo nginx -t is successful

  • HenryTheTech
    5 years ago

    Here’s the answer to my own question. Apparently Ubuntu 18.04 local domain resolution is broken.

    sudo vim /etc/systemd/resolved.conf
    and uncomment and edit Domains:

    [Resolve]

    Domains=yourdomain.local

    https://askubuntu.com/questions/1068131/ubuntu-18-04-local-domain-dns-lookup-not-working

  • HenryTheTech
    5 years ago

    Sorry, here is the full explanation to fix faulty local DNS resolution in Ubuntu 18:04

    For me working way for Ubuntu 18.04 is:
    Edit avahi conf:

     sudo vim /etc/avahi/avahi-daemon.conf 

    and change .local to .alocal :

     [server] domain-name=.alocal 

    then, open resolved.conf:

     sudo vim /etc/systemd/resolved.conf 

    and uncomment and edit Domains:

     [Resolve] ... Domains=yourdomain.local ... 

    and finally restart services:

     sudo service systemd-resolved restart  
     sudo service avahi-daemon restart 
  • Thank you very very very much! This is the most detailed and easy to follow guide I have found! You helped me a lot! Wish you all the best!!!

  • Thank you for the excellent tutorials! Everything goes well for me up until Step 2 where I try to create an Nginx server block. When I insert my subdomain into the mix, I am unable to reach it. However, when I insert my local IP address everything works. This wouldn’t bother me except for not being able to use Lets Encrypt. Do I need to use the “pma.” prefix?

    • Xiao Guoan (Admin)
      4 years ago

      If you install phpMyAdmin on your local computer, you can use an IP address instead of domain name.

      If you have multiple Nginx server blocks, you can use a fictitious domain name/subdomain instead of IP address, or Nginx will use the default server block.

      You can create a local DNS records in /etc/hosts file on your computer for the fictitious domain name, so your computer can know the IP address.

  • Well done Tuto

  • Johnny Benton
    3 years ago

    Hi Xiao,
    The following lines and SSL path are missing from phpmyadmin.conf file:

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here