Skip to main content

Deploying phpMyAdmin on the LEMP Stack on Ubuntu Linux

Hands-On Lab

 

Photo of Tom Dean

Tom Dean

Linux Training Architect II

Length

01:00:00

Difficulty

Intermediate

Before we can start building our world-changing website or application on LEMP, we have to lay the foundation for the stack. In this hands-on lab, we will walk through deploying phpMyAdmin on Ubuntu Linux.

When the lab is complete, we will have a running phpMyAdmin installation on Ubuntu Linux.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Deploying phpMyAdmin on the LEMP Stack on Ubuntu Linux

Introduction

Before we can start building our world-changing website or application on LEMP, we have to lay the foundation for the stack. In this hands-on lab, we will walk through deploying phpMyAdmin on Ubuntu Linux.

When the lab is complete, we will have a running phpMyAdmin installation on Ubuntu Linux.

The Scenario

Big State College (BSC) is a Large Ten Conference school in a Midwestern state. BSC is looking to deploy a centralized web hosting service using the LEMP stack.

As the engineers tasked with executing this project, we will be deploying and configuring phpMyAdmin on an Ubuntu Linux server, for managing the new MariaDB environment. Let's begin!

Logging In

Use the credentials provided on the hands-on lab overview page, and log in as cloud_user. We'll want root privileges for the whole lab, so let's run this as soon as we're logged in:

sudo su -

Validate That the NGINX Server Is Installed, Enabled, and Running

Check the status of the NGINX service, which should already be installed:

systemctl status nginx

The service should be enabled and running.

Verify that we can load the default NGINX web page using curl:

By Public IP:

curl http://`cat /tmp/public_ip.txt`

By Public DNS:

curl http://`cat /tmp/public_dns.txt`

Validate That the php7.2-fpm Service Is Installed, Enabled, and Running

Validate that the php7.2-fpm service is running, using systemctl:

systemctl status php7.2-fpm.service

The service should be enabled and running.

Validate and Secure MariaDB

Check the status of the MariaDB server using systemctl:

systemctl status mariadb

The server should be enabled and running.

This is a default install, so we're going to secure it by running the mysql_secure_installation script:

mysql_secure_installation

Answer Yes to set a root password (and set it to 123456), Yes to remove anonymous users, Yes to disallow remote root logins, Yes to remove the test database, and Yes to reload the privilege tables now.

Our MariaDB installation is now configured and secured.

Install phpMyAdmin

Install phpMyAdmin from the Ubuntu software repository using apt-get:

apt-get -y install phpmyadmin

This will launch a configuration dialog.

We're going to configure phpMyAdmin with NGINX. At the first prompt (to configure a web server) don't choose either option (Apache or lighttpd). Just press the Tab key to get down to OK, and hit Enter.

Select Yes to create a new database using dbconfig-common.

We will need to provide a password for the new phpmyadmin user. Use 123456. Once this is done, installation and configuration is complete.

Configure NGINX to Work with phpMyAdmin

Enable phpMyAdmin Configuration

The lab server has been created with a pre-configured server block. Let's validate the NGINX server configuration:

nginx -t

If that all checks out, we can look at the virtual host configurations:

cd /etc/nginx/conf.d
ls -la

We'll see two virtual host configurations, one for the default site, and a template for phpMyAdmin.

We need to enable the configuration for phpMyAdmin:

mv phpmyadmin.conf.template phpmyadmin.conf

Now we should validate the NGINX configuration again:

nginx -t

Reload NGINX

Let's take a look at the phpMyAdmin configuration:

more phpmyadmin.conf

We can see a few key things about the configuration:

  • The server supports HTTP connections.
  • The server name is configured as the EC2 instance's DNS name.
  • The document root location is /usr/share/phpmyadmin/.
  • The logs for this virtual host are going to their own log files, separate from the logs for the main server.
  • PHP is configured for this virtual host.

PHP is configured to communicate over a UNIX socket (/run/php/php7.2-fpm.sock).

Now, let's reload the NGINX service to pick up the phpmyadmin virtual host configuration. We've already validated the NGINX configuration (above), so we're good to go with a reload:

systemctl reload nginx
systemctl status nginx

It should show active (running) in the output.

Verify that the phpMyAdmin site is available using the curl command:

curl -H "http://`cat /tmp/public_dns.txt`" http://`cat /tmp/public_dns.txt`

If everything is working as it should, we will see a lot of code.

Test HTTP Connection to phpMyAdmin

Verify that we can connect to phpMyAdmin using a web browser. We can get the Public DNS for the lab server in /home/cloud_user/server_info.txt. Connect to http://OUR_PUBLIC_DNS

Connections to the default NGINX web server instance can be made via the Public IP. This is also in /home/cloud_user/server_info.txt. Connect to http://OUR_PUBLIC_IP

Validate the phpMyAdmin SSL Certificate

Before we configure the phpMyAdmin site to use SSL/TLS, we want to verify that the SSL certificate is good:

cd /etc/nginx/ssl/phpMyAdmin

Run an ls -la once we're in there, to see the certificates we've got. Then we can verify that the X509 certificate was correctly generated using the openssl verify command:

openssl verify -CAfile ca-cert.pem server-cert.pem

We should see: server-cert.pem: OK.

Check the Properties of the phpMyAdmin SSL Certificate

We can display information about the CA and server SSL certificate information using openssl x509:

openssl x509 -in ca-cert.pem -noout -text
openssl x509 -in server-cert.pem -noout -text

Note that the CN entries are different. This is important. If the CN is the same for the CA and the server certificate, we will get an error and SSL will fail.

Secure phpMyAdmin with SSL

Edit the phpmyadmin.conf file:

vi /etc/nginx/conf.d/phpmyadmin.conf

Change the listen lines from port 80 to 443 and add ssl after 443. Those two lines should look like this when we're finished:

listen 443 ssl;
listen [::]:443 ssl;

Add the following lines after this section (but before the access_log and error_log lines):

ssl_certificate /etc/nginx/ssl/phpMyAdmin/server-cert.pem;
ssl_certificate_key /etc/nginx/ssl/phpMyAdmin/server-key.pem;

Save and exit.

Load the New NGINX Configuration for phpMyAdmin

Before we reload NGINX to pick up the new configuration, validate it:

nginx -t

If everything checks out, we can reload:

systemctl reload nginx

As long as there are no errors, then our SSL configuration is now active.

Log into the phpMyAdmin Site

Verify that we can connect to phpMyAdmin using HTTPS with a web browser. We can get the Public DNS for the lab server in /home/cloud_user/server_info.txt. Connect to https://OUR_PUBLIC_DNS

We will get a certficate error (because we're using a self-signed certificate). Accept the certificate and proceed.

Log into phpMyAdmin with the username phpmyadmin and password 123456. This puts us in the phpMyAdmin Home page.

Conclusion

We're finished. We've gotten NGINX set up with phpMyAdmin, and we incorporated SSL. Congratulations!