Skip to content

Instantly share code, notes, and snippets.

@harryfinn

harryfinn/installing-phpmyadmin-on-subdomain.md

Last active October 16, 2024 03:43
Show Gist options
  • Save harryfinn/829bba2a9ad8c8a471b07016165ef82d to your computer and use it in GitHub Desktop.
Save harryfinn/829bba2a9ad8c8a471b07016165ef82d to your computer and use it in GitHub Desktop.
Download ZIP
How to install PHPMyAdmin on a subdomain
Raw
installing-phpmyadmin-on-subdomain.md

Installing PHPMyAdmin on a subdomain

I was recently tasked with adding PHPMyAdmin to one of our LAMP servers for a 3rd party with little/no ssh knowledge to use in order to access the MySQL database(s). This gist documents how I configured PHPMyAdmin on the LAMP server on a subdomain with an SSL.

Prerequisites

Before following this guide, it is assumed that you already have a LAMP server up and running, if not perhaps try following this guide to setup a server.

Please also ensure that you have setup your subdomain record (CNAME/A record depending on domain configuration) and pointed it at your server, making sure that it has propagated and responds to a ping or lookup test.

Installation

Switch to the root user or a sudo user depending on your setup.

apt-get install phpmyadmin php-mbstring php-gettext
phpenmod mcrypt mbstring
service apache2 restart

The above will start the installation process for PHPMyAdmin along with a couple of associated php modules.

During the installation, you will be asked if you want to use dbconfig-common to setup a database, select yes here. You will also be asked to set a password for this database (the PHPMyAdmin database for the application), ensure you take note of this password if you do not already have any other mysql users and/or database setup.

PHPMyAdmin will now be accessible via your primary domain at /phpmyadmin or at least it should be, there are a couple of caveats with this. For example when running on a WordPress enabled site, the RewriteEngine in the WordPress .htaccess will likely block access to /phpmyadmin as it will be looking for page with a slug of phpmyadmin.

This is another good reason for configuring PHPMyAdmin on a subdomain as it removes the need to tweak any of the rewrite rules.

Configuration

Apache

First, we need to setup an apache site (vhost) that can handle the subdomain routing to the PHPMyAdmin installation. Create a new file in your /etc/apache2/sites-available/ directory i.e. database.yourdomain.com.conf and add the following setup:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName database.yourdomain.com
    DocumentRoot /usr/share/phpmyadmin

    ErrorLog ${APACHE_LOG_DIR}/phpmyadmin-error.log
    CustomLog ${APACHE_LOG_DIR}/phpmyadmin-access.log combined

    ModPagespeed Off
    
    #Redirect permanent / https://database.yourdomain.com
    
</VirtualHost>

Note that if you are not using the Google Pagespeed Module on your server you can remove the ModPagespeed Off rule.

Also make sure to leave the Redirect permanent rule commented for now, we'll come back to this later.

Once this is done, you can activate your new site config:

a2ensite database.yourdomain.com.conf
service apache2 reload

You will now be able to visit database.yourdomain.com and see the PHPMyAdmin login screen. You could leave this setup alone now if you wanted but bare in mind that this is now an active gateway to your MySQL database. Whilst we have masked the PHPMyAdmin installation behind a subdomain making it difficult for someone to just guess the url i.e. /phpmyadmin, it would be better if it was at least running with an SSL over HTTPS, so we'll set that up below.

Note: We could also add an htaccess login to this subdomain to further increase security to the database admin, however, depending on your use-case, the SSL configuration on a subdomain may well suffice.

SSL Configuration

We'll use Letsencrypt as our SSL provider, see this gist for instuctions on how to install the SSL.

Before you run the SSL registration command, as documented in the gist above, ensure you have amended the webroot-path to the PHPMyAdmin install:

certbot certonly --webroot --webroot-path /usr/share/phpmyadmin --renew-by-default -d database.yourdomainhere.com

Once this has been installed, you can now return to your Apache vhost file to add the SSL config, again as documented in the gist above, ensuring you change the document path to /usr/share/phpmyadmin. You can at this stage also uncomment the Redirect permanent line in your vhost config.

Before you restart/reload apache with the ssl changes, we need to enforce SSL mode for PHPMyAdmin, follow the commands below to complete the setup:

Add $cfg['ForceSSL'] = true; to the bottom of /etc/phpmyadmin/config.inc.php then restart apache service apache2 restart

You will now see that when navigating to database.yourdomain.com, it will redirect to https with a valid Letsencrypt SSL powering it and once logged into PHPMyAdmin, all actions are now performed over HTTPS.

@fkara09
Copy link

fkara09 commented Aug 12, 2022

I encountered a problem in setting up the SSL for phpmyadmin. When I add the Permanent Redirect, it sends me back to the home page of my website and indicates that the site is not secure

@apio-sys
Copy link

Great tutorial. Works great like that. Maybe good to add that the /phpmyadmin on your default domain should not work anymore since no longer needed really (and also for security purposes). In which case you might add to properly remove that with

a2disconf phpmyadmin.conf

Or alter what you want inside /etc/apache2/conf-available in the corresponding file (some like to rename it to something "secret", prefer to remove it alltogether).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment