Tutorial

How To Set Up SSL Certificates With PhpMyAdmin On An Ubuntu 12.04 VPS

Published on July 30, 2013
How To Set Up SSL Certificates With PhpMyAdmin On An Ubuntu 12.04 VPS

Status: Deprecated

This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.

See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.

Introduction

PhpMyAdmin is a web-based frontend used to easily administer MySQL databases in a visually friendly way. You can set up this software to manage the data on your VPS remotely without shell access.

Although phpMyAdmin is useful, it can also be insecure if not configured correctly. This guide will cover how to install phpMyAdmin on a LAMP (Linux, Apache, MySQL, and PHP5) stack on an Ubuntu 12.04 machine using SSL and access restrictions.

Initial Setup

This guide assumes that you have root access to an Ubuntu 12.04 server, and that you have already configured LAMP. Follow this guide to install Apache, MySQL, and PHP on Ubuntu 12.04 if you haven't already set this up.

Log into your server and continue when ready.

How to Set up PhpMyAdmin on Ubuntu

Ubuntu 12.04 includes phpMyAdmin in its default repositories. Install using this command:

sudo apt-get install phpmyadmin

Select "Apache2" as the server to configure during installation. Select "Yes" to allow the phpMyAdmin database to be configured automatically.

Enter the password you set up for the root MySQL user during installation, and then assign a password for the phpMyAdmin process to use to log in.

Configure Apache to Load PhpMyAdmin

Tell Apache to source the phpMyAdmin configuration in order to allow access to the application.

Edit the main Apache configuration file with root privileges:

sudo nano /etc/apache2/apache2.conf

Scroll to the bottom of the file and type the following directive to make Apache read the phpMyAdmin specific configuration file:

Include /etc/phpmyadmin/apache.conf

Restart the server for the changes to take affect:

sudo service apache2 restart

You may get a message that reads:

[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias.
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

These are just warnings and can be safely ignored.

How to Set Up .htaccess for PhpMyAdmin

The first step in securing phpMyAdmin is to set up .htaccess restrictions. This will require a password login prior to accessing the phpMyAdmin interface.

First, configure phpMyAdmin apache configuration to allow the use of .htaccess files. Open the phpMyAdmin apache configuration file with root privileges:

sudo nano /etc/phpmyadmin/apache.conf

Under the line that reads "DirectoryIndex index.php", insert a line that reads "AllowOverride All":

<Directory /usr/share/phpmyadmin>
	Options FollowSymLinks
	DirectoryIndex index.php
	AllowOverride All
	. . .

Save and close the file.

Now, create a phpMyAdmin-specific .htaccess file:

sudo nano /usr/share/phpmyadmin/.htaccess

Insert the following text into the file:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Save and close the file.

This change makes our site look in "/etc/phpmyadmin/.htpasswd" for a list of valid login credentials.

We can create that file and a login account with the following command. Substitute the username you would like to use:

sudo htpasswd -c /etc/phpmyadmin/.htpasswd user_name

You will be asked to choose a password for the new user.

Now, restart Apache to enable the access restrictions:

sudo service apache2 restart

How to Set Up SSL with PhpMyAdmin

We are going to be passing sensitive data between the web interface and the server, so we need to set up SSL in order to make sure our data is not sent in plain text.

First, tell Apache to enable SSL support and restart the server to implement the change with the following commands:

sudo a2enmod ssl
sudo service apache2 restart

Create a directory to store our SSL certificates, and then create a key and cert with the following commands:

sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

This will create a certificate that will be valid for 365 days. You will be asked a number of questions. Fill them out as best as you can.

The question that you must answer correctly is the "Common Name". Use your domain name or Server IP Address for this field.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com                  
Email Address []:webmaster@awesomeinc.com

Configure Apache to Use SSL Certificates

Now that you have created an SSL certificate, you need to tell Apache to use SSL.  Open the default virtual host config file with root privileges:
sudo nano /etc/apache2/sites-available/default

Begin by changing the "<VirtualHost *:80>" declaration to "<VirtualHost *:443>", which is the default SSL port.

After that change, add a "ServerName" section within the VirtualHost definition that specifies the domain name or IP address you used when creating your SSL certificate, followed by ":443":

<VirtualHost *:443>
	ServerAdmin webmaster@localhost
	ServerName example.com:443
	. . .

Before closing the file, add the following lines just prior to the "</VirtualHost>" closing tag:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Save and close the file.

Force SSL Within PhpMyAdmin

We now have to tell phpMyAdmin that SSL must be used whenever a connection is made.

We will do this within a phpMyAdmin configuration file. Open the file with root privileges for editing:

sudo nano /etc/phpmyadmin/config.inc.php

Scroll to the bottom of the file and add the following line:

$cfg['ForceSSL'] = true;

This is the only line needed to require SSL for phpMyAdmin.

Save and close the file.

Enabling SSL Changes

If it is not already enabled, enable the site with the following command:

sudo a2ensite default

Restart the Apache service to implement the changes:

sudo service apache2 restart

Viewing the Results

To access the phpMyAdmin interface, navigate to your domain name or server IP address followed by "/phpmyadmin" with your browser:

example.com/phpmyadmin

You will be asked for the username and password you set up with the .htaccess file.

PhpMyAdmin htaccess login page

You will then probably see a screen complaining about the SSL certificate not being trusted.

PhpMyAdmin Invalid SSL certificate page

This is expected because we created the SSL certificate ourselves and did not go through an SSL certification authority. This is fine for our purposes.

Click "proceed" or "continue" to move on. You will be asked for the .htaccess password again since we are now trying to access the site through SSL.

You will now be presented with the phpMyAdmin login page where you can enter your credentials you set up during installation.

Username: root
Password: your_phpmyadmin_password
PhpMyAdmin Login screen

You will now be dropped into the main phpMyConfig administration page:

PhpMyAdmin Main configuration page
By Justin Ellingwood

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

I found also that adding SSLRequireSSL param in /usr/share/phpmyadmin/.htaccess file enforce phpMyAdmin SSL/https connexion. See below:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/apache2/.phpmyadmin.htpasswd
Require valid-user
SSLRequireSSL

Attempt to connect to phpMyAdmin via http will fail and display this error message: Forbidden You don’t have permission to access /phpmyadmin/ on this server.

Hello,

I have Ubuntu 14.04 on my server and in order to get though the step ‘Configure Apache to Use SSL Certificates’ I used this command line ‘/etc/apache2/sites-available/000-default.conf’ instead of ‘sudo nano /etc/apache2/sites-available/default’ as it was suggested by the answers below.

But when I come to the following step ‘Enabling SSL Changes’ and I execute this command line: ‘sudo a2ensite default’

The terminal displayed me an errer telling that :


perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = “UTF-8”, LANG = “en_US.UTF-8” are supported and installed on your system. perl: warning: Falling back to the standard locale (“C”). ERROR: Site default does not exist!

I tried also : sudo a2ensite 00-default.conf but same results


admin@xxxxxx-hosting:~$ sudo a2ensite 00-default.conf perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = “UTF-8”, LANG = “en_US.UTF-8” are supported and installed on your system. perl: warning: Falling back to the standard locale (“C”). ERROR: Site 00-default does not exist!

This the final step and I would really appreciate an help :)

thank you in advance !

Bests,

Tayfun

I don’t have a FQDN yet, so I’m using IP address, but when I attempt to access phpmyadmin it just times out. Got the same Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 error others are getting.

This comment has been deleted

    I’ve been trying to do this for a few days now. Every time I try to access any of the site in https it times out. I am reading it is related to the fact I am using virtual hosts and that it needs to verify something first which takes too long and then it times out. In my log there is the following:

    [Sun Feb 01 19:02:36.050369 2015] [ssl:warn] [pid 13025] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun Feb 01 19:02:36.050896 2015] [ssl:warn] [pid 13025] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun Feb 01 19:02:36.051334 2015] [ssl:warn] [pid 13025] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun Feb 01 19:02:36.051543 2015] [ssl:warn] [pid 13025] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
    [Sun Feb 01 19:02:36.051710 2015] [mpm_prefork:notice] [pid 13025] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.5 OpenSSL/1.0.1f configured -- resuming normal operations
    [Sun Feb 01 19:02:36.051729 2015] [core:notice] [pid 13025] AH00094: Command line: '/usr/sbin/apache2'
    
    

    Would really appreciate the help.

    Conf files can be found here:

    http://pastebin.com/cDnRXYHg

    I follow the tutorial until this step sudo htpasswd -c /etc/phpmyadmin/.htpasswd newuser

    An error sudo: htpasswd: command not found was displayed. I quit the installation of phpmyadmin at the beginning, maybe this is the reason. How do I remove phpmyadmin so that I can reinstall it? Thank you.

    Hello, im using ubuntu 14.10 on apache2 server, any similar tutorial instead of ubuntu 12.04? im stuck after this command sudo nano /etc/apache2/sites-available/default there no such thing to edit in this file, just blank page.

    Well update that, i found similar file here sudo nano /etc/apache2/sites-available/default-ssl.conf. Hope it help other who have same problem with me on ubuntu 14.10.

    Hello, I followed this tutorial and everything worked. But after a while I installed a ssl certificate, other than self-signed and can not access phpmyadmin with root or password.

    What can I do?

    Kamal Nasser
    DigitalOcean Employee
    DigitalOcean Employee badge
    October 22, 2013

    @barakakinyori: Please pastebin all of your virtualhost files.

    I have an error that says

    [warn] NameVirtualHost *:80 has no VirtualHosts

    How can i solve it

    Try DigitalOcean for free

    Click below to sign up and get $200 of credit to try our products over 60 days!

    Sign up

    Join the Tech Talk
    Success! Thank you! Please check your email for further details.

    Please complete your information!

    Become a contributor for community

    Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

    DigitalOcean Documentation

    Full documentation for every DigitalOcean product.

    Resources for startups and SMBs

    The Wave has everything you need to know about building a business, from raising funding to marketing your product.

    Get our newsletter

    Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

    New accounts only. By submitting your email you agree to our Privacy Policy

    The developer cloud

    Scale up as you grow — whether you're running one virtual machine or ten thousand.

    Get started for free

    Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

    *This promotional offer applies to new accounts only.