fbpx

The Perfect Web Server – Part 4

In Part 3 of The Perfect Web Server, we secured our WordPress site with a Let’s Encrypt SSL certificate and also enabled HTTP/2.

In this part, we will see how to install phpmyadmin and secure it to allow connections from our IP alone. phpmyadmin is commonly used as a tool for database administration.

Use the apt package manager to install phpmyadmin.

sudo apt update
sudo apt install phpmyadmin

You need to configure a database for phpmyadmin to work correctly. So generate and enter a strong password when prompted for it. It will give you an error saying that the password does not meet the complexity requirements. Select Abort to cancel the install. This is because we installed the Validata Password component of the MySQL server. So we need to temporarily disable the Validate Password component and re-enable it after setting the password for phymyadmin.

sudo mysql
---
mysql> UNINSTALL COMPONENT "file://component_validate_password";

Next, try installing phpmyadmin. This time, it should succeed.

sudo apt install phpmyadmin

Now, enable the Validate Password component to keep checking for strong passwords during MySQL user creation.

sudo mysql
---
mysql> INSTALL COMPONENT "file://component_validate_password";

Now we need a way to access phpmyadmin. If you would like to access it as a URL path, like http://wpbeta.cloudpixels.in/dbadmin

Add a symlink to the phpmyadmin location and try to access the above link. (Modify the commands to suit your site)

sudo ln -s /usr/share/phpmyadmin/ /var/www/wpbeta/dbadmin

Note that phpmyadmin is insecure as it allows root login and is open to the world. To restrict access to your IP address alone, add the following to your nginx config file within the server block (above the other location blocks) after replacing the IP with your real IP.

    location ^~ /dbadmin.*$ {
        allow 127.0.0.1;
        deny all;
    }

Disallow root login to phpmyadmin – create the file and add the content given below. You may change the blowfish secret to another random string.

sudo nano /etc/phpmyadmin/conf.d/pma_secure.php
---
<?php

# PhpMyAdmin Settings
# This should be set to a random string of at least 32 chars
$cfg['blowfish_secret'] = '3!#[email protected](+=_4?),5XP_:U%%8\34sdfSdg43yH#{o';

$i=0;
$i++;

$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['AllowRoot'] = false;

?>

A quick point about phpmyadmin – If you really want an admin user for phpmyadmin, you may create one like so:

sudo mysql
---
mysql> create user 'admin'@'localhost' identified by 'yY1rW8eW6wO3zH7d';
mysql> grant all on *.* to 'admin'@'localhost' with grant option;
mysql> flush privileges;

Leave a Reply