Difference between revisions of "PhpMyAdmin"

From ArchWiki
Jump to: navigation, search
(Setup database user: Clean-up instructions and rw text)
(Troubleshooting: This is already described)
Line 235: Line 235:
Refresh PhpMyAdmin to apply changes.
Refresh PhpMyAdmin to apply changes.
== Troubleshooting ==
=== Fixing open_basedir warning ===
If you see the following Warning when entering the homepage of PhpMyAdmin:
Warning in ./libraries/Config.class.php#1147
file_exists(): open_basedir restriction in effect. File(./config.inc.php) is not within the allowed path(s): (/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/)
It means that phpmyadmin was not able to find where the {{ic|config.inc.php}} file is located.
In order to fix that, you need to indicate the path in {{ic|/etc/php/php.ini}} of the {{ic|phpmyadmin}} directory containing the file, which should be {{ic|/etc/webapps}}, putting it at the end of the paths separated with a {{ic|:}} in the {{ic|open_basedir}} variable:
output=open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/''':/etc/webapps/'''
Once you have done that, [[restart]] {{ic|httpd.service}}.
Now refresh the page, and you should no longer have the warning.

Revision as of 11:33, 9 May 2018

phpMyAdmin is a web-based tool to help manage MySQL databases using an Apache/PHP frontend.


Install the phpmyadmin package.



Make sure the PHP mysql extension(s) have been enabled.

Optionally you can enable extension=bz2 and extension=zip for compression support.

Note: If open_basedir has been set, make sure to include /etc/webapps to open_basedir in /etc/php/php.ini.


Set up Apache to use PHP as outlined in the Apache HTTP Server#PHP article.

Create the Apache configuration file:

Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"
<Directory "/usr/share/webapps/phpMyAdmin">
    DirectoryIndex index.php
    AllowOverride All
    Options FollowSymlinks
    Require all granted

And include it in /etc/httpd/conf/httpd.conf:

# phpMyAdmin configuration
Include conf/extra/phpmyadmin.conf
Note: By default, everyone who can reach the Apache Web Server can see the phpMyAdmin login page under this URL. To change this, edit /etc/httpd/conf/extra/phpmyadmin.conf to your liking. For example, if you only want to be able to access it from the same machine, replace Require all granted by Require local. Beware that this will disallow connecting to PhpMyAdmin on a remote server. If you still want to access PhpMyAdmin on a remote server securely, you might want to consider setting up a Secure Shell#Encrypted SOCKS tunnel.


Configuring Lighttpd is similar to Apache. Make sure Lighttpd is setup to serve PHP files (see Lighttpd).

Make an alias for phpmyadmin in your Lighttpd config.

 alias.url = ( "/phpmyadmin" => "/usr/share/webapps/phpMyAdmin/")

Then enable mod_alias, mod_fastcgi and mod_cgi in your config ( server.modules section )

Restart Lighttpd and go to [1].


Make sure to set up nginx#FastCGI.

Using a domain

Setup a Nginx site entry, e.g.:

server {
   server_name pma.internal;
   listen 443 ssl http2;
   root /usr/share/webapps/phpMyAdmin;
   access_log off;
   error_log off;
   ssl_certificate ssl/server.crt;
   ssl_certificate_key ssl/server.key;
   index index.php;
   include conf.d/*.conf;

   # set max upload size
   client_max_body_size 512M;
   fastcgi_buffers 64 4K;

   location / {
     try_files $uri $uri/ =404;

   error_page 404 /index.php;

   location ~ \.php$ {
     try_files $uri $document_root$fastcgi_script_name =404;

     fastcgi_split_path_info ^(.+\.php)(/.*)$;
     fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
     fastcgi_index index.php;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     include fastcgi_params;

     fastcgi_param HTTP_PROXY "";
     fastcgi_param HTTPS on;
     fastcgi_request_buffering off;

Include into server block

This will allow access to PhpMyAdmin as in https://domain.tld/phpMyAdmin:

location /phpMyAdmin {
   server_name domain.tld;
   listen 443 ssl http2;
   root /srv/http/domain.tld;
   index index.php;  
   location / {
      try_files $uri $uri/ =404;

   # Deny static files
   location ~ ^/phpMyAdmin/(README|LICENSE|ChangeLog|DCO)$ {
      deny all;

   # Deny .md files
   location ~ ^/phpMyAdmin/(.+\.md)$ {
      deny all;

   # Deny setup directories
   location ~ ^/phpMyAdmin/(doc|sql|setup)/ {
      deny all;

   #FastCGI config for phpMyAdmin
   location ~ /phpMyAdmin/(.+\.php)$ {
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
      fastcgi_index  index.php;
      include        fastcgi.conf;


The main configuration file is located at /etc/webapps/phpmyadmin/config.inc.php.

If the MySQL server is not on localhost, append the following line:

$cfg['Servers'][$i]['host'] = 'localhost';

Using setup script

To allow the usage of the phpMyAdmin setup script (e.g. http://localhost/phpmyadmin/setup), make sure {{ic| /usr/share/webapps/phpMyAdmin is writable for the http user:

# mkdir /usr/share/webapps/phpMyAdmin/config
# chown http:http /usr/share/webapps/phpMyAdmin/config
# chmod 750 /usr/share/webapps/phpMyAdmin/config

Add blowfish_secret passphrase

It is required to enter an unique string (32 characters are recommended) to fully use the blowfish algorithm used by phpMyAmdin, thus preventing the message ERROR: The configuration file now needs a secret passphrase (blowfish_secret):

$cfg['blowfish_secret'] = 'O8R4x5mRjcBdoVQhzUjc42Gaa8KnwNHr';

Enabling Configuration Storage

Extra options such as table linking, change tracking, PDF creation, and bookmarking queries are disabled by default, displaying The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. on the homepage.

Note: This example assumes you want to use the default username pma as the controluser, and pmapass as the controlpass.

In /etc/webapps/phpmyadmin/config.inc.php, uncomment (remove the leading "//"s on) these two lines, and change them to your desired credentials:

$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'pmapass';

Uncomment the following lines:

/* Storage database and tables */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
Setup database

Two options are available to create the required tables:

  • Import /usr/share/webapps/phpMyAdmin/sql/create_tables.sql by using PhpMyAdmin.
  • Execute mysql -u root -p < /usr/share/webapps/phpMyAdmin/sql/create_tables.sql in the command line.
Setup database user

To apply the required permissions for controluser, execute the following query:

Note: Make sure to replace all instances of pma and pmapass to the values set in config.inc.php. If you are setting this up for a remote database, then you must also change localhost to the proper host.
GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';
    Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
    Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
    File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
    Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
    Execute_priv, Repl_slave_priv, Repl_client_priv
    ) ON mysql.user TO 'pma'@'localhost';
GRANT SELECT ON mysql.db TO 'pma'@'localhost';
GRANT SELECT ON mysql.host TO 'pma'@'localhost';
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
    ON mysql.tables_priv TO 'pma'@'localhost';

In order use the bookmark and relation features, set the following permissions:

GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';

Re-login to ensure the new features are activated.

Enabling templates catching

Create the tmp directory:

# mkdir /usr/share/webapps/phpMyAdmin/tmp

Set read/write permissions for the http user:

# chmod 750 /usr/share/webapps/phpMyAdmin/tmp
# chown http:http /usr/share/webapps/phpMyAdmin/tmp

Refresh PhpMyAdmin to apply changes.