![]() ![]() To change phpMyAdmin’s interface URL, we will rename this symbolic link.įirst, let’s navigate to the Nginx document root directory and list the files it contains to get a better sense of the change we’ll make: With our phpMyAdmin installation, we’ve created a symbolic link pointing to /usr/share/phpmyadmin, where the actual application files are located. Changing the interface’s URL from /phpmyadmin to something non-standard will make it much harder for automated scripts to find your phpMyAdmin installation and attempt brute-force attacks. Bots will scan for common paths, like phpmyadmin, pma, admin, mysql and such. One of the most basic ways to protect your phpMyAdmin installation is by making it harder to find. Step 2 - Changing phpMyAdmin’s Default Location In the following sections of this guide, we’ll see a few different ways in which we can make our phpMyAdmin installation more secure. Because of phpMyAdmin’s popularity, and the large amounts of data it may provide access to, installations like these are common targets for attacks. However, by installing a web interface, we’ve exposed our MySQL database server to the outside world. Your phpMyAdmin installation should be completely functional at this point. We’ll see how to disable root login in a subsequent step of this guide. Note: Logging into phpMyAdmin as the root MySQL user is discouraged because it represents a significant security risk. If you need help creating MySQL users, check this guide on How To Manage an SQL Database. To access the interface, go to your server’s domain name or public IP address followed by /phpmyadmin in your web browser: server_domain_or_IP/phpmyadminĪs mentioned before, phpMyAdmin handles authentication using MySQL credentials, which means you should use the same username and password you would normally use to connect to the database via console or via an API. Your phpMyAdmin installation is now operational. sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin.For the Nginx web server to find and serve the phpMyAdmin files correctly, we’ll need to create a symbolic link from the installation files to Nginx’s document root directory: You can also leave it blank and let phpMyAdmin randomly create a password. You will be asked to define a new password for the phpmyadmin MySQL user. This will set up the internal database and administrative user for phpMyAdmin. Next, you’ll be prompted whether to use dbconfig-common for configuring the application database. Press tab and then OK to advance to the next step. Because we are using Nginx as a web server, we shouldn’t make a choice here. Let’s start by updating the server’s package index with:ĭuring the installation process, you will be prompted to choose the web server (either Apache or Lighttpd) to configure. We’re going to use the default Ubuntu repositories to achieve this goal. ![]() The first thing we need to do is install phpMyAdmin on the LEMP server. Once you have met these prerequisites, you can go ahead with the rest of the guide. Warning: If you don’t have an SSL/TLS certificate installed on the server and you still want to proceed, please consider enforcing access via SSH Tunnels as explained in Step 5 of this guide. If you do not have an existing domain configured with a valid certificate, you can follow this guide on securing Nginx with Let’s Encrypt on Ubuntu 18.04. Access to this server as a non-root user with sudo privileges.īecause phpMyAdmin handles authentication using MySQL credentials, it is strongly advisable to install an SSL/TLS certificate to enable encrypted traffic between server and client. ![]() If you haven’t set up your server yet, you can follow the guide on installing a LEMP stack on Ubuntu 18.04.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |