How To Install and Secure phpMyAdmin on Ubuntu

Step 1: Install ppa:ondrej/php

1
sudo add-apt-repository ppa:ondrej/php

Step 2: Install PHP-FPM

1
2
sudo apt update && sudo apt upgrade -y
sudo apt -y install php7.4 php7.4-fpm

Step 3: Configure PHP-FPM

1
2
3
sudo cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.bak
sudo sed -i 's/;listen.mode = 0660/listen.mode = 0660/g' /etc/php/7.4/fpm/pool.d/www.conf
sudo sed -i 's/;security.limit_extensions = .php .php3 .php4 .php5 .php7/security.limit_extensions = .php .php3 .php4 .php5 .php7/g' /etc/php/7.4/fpm/pool.d/www.conf

Step 4: Starting PHP-FPM

1
2
3
sudo systemctl start php7.4-fpm
sudo systemctl enable php7.4-fpm
sudo systemctl status php7.4-fpm

Step 5: Install PHP-Modules

1
sudo apt install php7.4-[extname]

Example:

1
2
3
sudo apt install php7.4-mysqli
sudo apt install php7.4-mbstring
sudo apt install php7.4-xml

Step 6: Download phpMyAdmin

Go to site https://www.phpmyadmin.net/ and download the last version of phpMyAdmin, extract to a folder and upload to /var/www/

Step 7: Configure nginx to load phpMyAdmin site

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
server {
    listen [::]:80;
    listen 80;
    server_name mydb.maixuanviet.com;
    return 301 https://mydb.maixuanviet.com$request_uri;
}
 
server {
    listen [::]:443 ssl;
    listen 443 ssl;
     
    server_name mydb.maixuanviet.com;
    ssl_certificate /etc/letsencrypt/live/mydb.maixuanviet.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydb.maixuanviet.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  
    root /var/www/phpmyadmin;
    index index.php index.html index.htm;  
     
    location / {
      if (!-e $request_filename){
        rewrite ^(.*)$ /index.php last;
      }
    }
     
    location ~ ^/(doc|sql|setup)/ {
        deny all;
    }
     
    location ~ /\.ht {
        deny all;
    }
 
    location ~ .php$ {
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_intercept_errors on;
        fastcgi_read_timeout 300;
         
        include fastcgi_params;
        #include snippets/fastcgi-php.conf;
         
        if (-f $request_filename)
        {
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }
    }
}

Done! Good luck to you!